Windows 2003 member server with Windows 2000 Domain Controller

  • Thread starter Thread starter Citimouse
  • Start date Start date
C

Citimouse

Hi All,

If anyone is having a Windows 2003 member server with a Windows 2000 Domain
Controller, will you please help me?

I have 2 Windows 2003 servers with a Windows 2000 Domain Controller. In both
Windows 2003 server, both registered the same event as mentioned below.

Application Log

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 12/30/2003
Time: 10:09:31 AM
User: NT AUTHORITY\SYSTEM
Computer: AVIANO
Description:
Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ).
Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


System Log

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/4/2004
Time: 5:33:15 AM
User: N/A
Computer: AVIANO
Description:
This computer was not able to set up a secure session with a domain
controller in domain AAF due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your
domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up
the secure session to the primary domain controller emulator in the
specified domain. Otherwise, this computer sets up the secure session to any
domain controller in the specified domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0
^..À

It seems like the servers got dropped out of the domain and it cannot get
authenticated. We have an in-house application and when the server got
"disjoin" and when we tried to login to our application, it says access is
denied and an event is recorded as below,

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 30-Dec-03
Time: 2:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: OSAN
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: xxx
Domain: yyy
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HELP
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xx.xxx.xxx.xx
Source Port: 1496

I have done some research on the Internet and I have tried to follow some of
the suggestions like using the updated network driver, disable media
sensing, set the speed of the NIC to match the switch, install MS02-001 and
others but still of no help. I wonder does this has to do with the Domain
Controller. I have to rejoin the server to the domain at least twice a day.

My DC is still in SP2 for some reasons it cannot be upgraded beyond SP2.
Thank you very much in advance.
 
Look at the DNS configuration on the servers having the problems. They
should be using your internal AD DNS servers. To be sure, do nslookup on
each of them, verify that they show the right DNS server, then do a lookup
for your DCs and verify that the correct addresses are returned for the
query.

If you can, disjoin the compters from the domain and readd them. Reboot each
time you disjoin and rejoin.

Aside:
You said "My DC is still in SP2 for some reasons it cannot be upgraded
beyond SP2". Are the reasons technical or political? If they are technical,
they may be contributing to this problem you are reporting.

HTH
deji
 
Look at the DNS configuration on the servers having the problems. They
should be using your internal AD DNS servers. To be sure, do nslookup on
each of them, verify that they show the right DNS server, then do a lookup
for your DCs and verify that the correct addresses are returned for the
query.

If you can, disjoin the compters from the domain and readd them. Reboot each
time you disjoin and rejoin.

Aside:
You said "My DC is still in SP2 for some reasons it cannot be upgraded
beyond SP2". Are the reasons technical or political? If they are technical,
they may be contributing to this problem you are reporting.

HTH
deji
 
You really should have your W2K DC on SP4 with the ms03-039 patch installed.
Right now you're very vunerable for the Blast worm (if you're not already
infected!).

Regards,

Marina
 
You really should have your W2K DC on SP4 with the ms03-039 patch installed.
Right now you're very vunerable for the Blast worm (if you're not already
infected!).

Regards,

Marina
 
Yes. I knew that. But no matter how I try it, after the installaiton of SP4,
it just hang at the Windows 2000 screen. I would like to reinstall the whole
server but I do not have any spare hardware for it. I am just crossing my
fingers now.
 
Yes. I knew that. But no matter how I try it, after the installaiton of SP4,
it just hang at the Windows 2000 screen. I would like to reinstall the whole
server but I do not have any spare hardware for it. I am just crossing my
fingers now.
 
Take that Win2003 server and reload it with W2K, make it a DC, transfer your fsmo roles, demote the old DC, rebuild it
from the ground up because it PROBABLY is infected which may be causing your issues, patch it up (Before putting it on
the network), dcpromo it back, move the fsmo roles back, then restage your first server with W2K3 and retry your join.

BTW, you should never have a Domain of a single DC. What will end up happening is that it will fail and then you will be
back here asking how to put your domain back together again.

Finally, I don't think there was any need to post in all of the groups you posted in.
 
Take that Win2003 server and reload it with W2K, make it a DC, transfer your fsmo roles, demote the old DC, rebuild it
from the ground up because it PROBABLY is infected which may be causing your issues, patch it up (Before putting it on
the network), dcpromo it back, move the fsmo roles back, then restage your first server with W2K3 and retry your join.

BTW, you should never have a Domain of a single DC. What will end up happening is that it will fail and then you will be
back here asking how to put your domain back together again.

Finally, I don't think there was any need to post in all of the groups you posted in.
 
Just make sure you stop all third party services before you install SP4. At
least install SP3 and the ms03-039.

Regards,

Marina
 
Just make sure you stop all third party services before you install SP4. At
least install SP3 and the ms03-039.

Regards,

Marina
 
In
Citimouse said:
Hi All,

If anyone is having a Windows 2003 member server with a Windows 2000
Domain Controller, will you please help me?

I have 2 Windows 2003 servers with a Windows 2000 Domain Controller.
In both Windows 2003 server, both registered the same event as
mentioned below.

Application Log

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 12/30/2003
Time: 10:09:31 AM
User: NT AUTHORITY\SYSTEM
Computer: AVIANO
Description:
Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be
contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


System Log

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/4/2004
Time: 5:33:15 AM
User: N/A
Computer: AVIANO
Description:
This computer was not able to set up a secure session with a domain
controller in domain AAF due to the following:
There are currently no logon servers available to service the logon
request. This may lead to authentication problems. Make sure that
this computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator
in the specified domain. Otherwise, this computer sets up the secure
session to any domain controller in the specified domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0
^..À

It seems like the servers got dropped out of the domain and it cannot
get authenticated. We have an in-house application and when the
server got "disjoin" and when we tried to login to our application,
it says access is denied and an event is recorded as below,

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 30-Dec-03
Time: 2:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: OSAN
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: xxx
Domain: yyy
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HELP
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xx.xxx.xxx.xx
Source Port: 1496

I have done some research on the Internet and I have tried to follow
some of the suggestions like using the updated network driver,
disable media sensing, set the speed of the NIC to match the switch,
install MS02-001 and others but still of no help. I wonder does this
has to do with the Domain Controller. I have to rejoin the server to
the domain at least twice a day.

My DC is still in SP2 for some reasons it cannot be upgraded beyond
SP2. Thank you very much in advance.
Click to expand...

Wow, this got around to many unnecessary news groups. Wonder why the
multiple crosspost, such as the applications, registry or security groups?

My thing on this is pretty much agreeing with the other posters. Follow
whatever means you need to get the machine updated to the latest SP and
hotfixes for your own benefit.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Citimouse said:
Hi All,

If anyone is having a Windows 2003 member server with a Windows 2000
Domain Controller, will you please help me?

I have 2 Windows 2003 servers with a Windows 2000 Domain Controller.
In both Windows 2003 server, both registered the same event as
mentioned below.

Application Log

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 12/30/2003
Time: 10:09:31 AM
User: NT AUTHORITY\SYSTEM
Computer: AVIANO
Description:
Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be
contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


System Log

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/4/2004
Time: 5:33:15 AM
User: N/A
Computer: AVIANO
Description:
This computer was not able to set up a secure session with a domain
controller in domain AAF due to the following:
There are currently no logon servers available to service the logon
request. This may lead to authentication problems. Make sure that
this computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator
in the specified domain. Otherwise, this computer sets up the secure
session to any domain controller in the specified domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0
^..À

It seems like the servers got dropped out of the domain and it cannot
get authenticated. We have an in-house application and when the
server got "disjoin" and when we tried to login to our application,
it says access is denied and an event is recorded as below,

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 30-Dec-03
Time: 2:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: OSAN
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: xxx
Domain: yyy
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HELP
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xx.xxx.xxx.xx
Source Port: 1496

I have done some research on the Internet and I have tried to follow
some of the suggestions like using the updated network driver,
disable media sensing, set the speed of the NIC to match the switch,
install MS02-001 and others but still of no help. I wonder does this
has to do with the Domain Controller. I have to rejoin the server to
the domain at least twice a day.

My DC is still in SP2 for some reasons it cannot be upgraded beyond
SP2. Thank you very much in advance.
Click to expand...

Wow, this got around to many unnecessary news groups. Wonder why the
multiple crosspost, such as the applications, registry or security groups?

My thing on this is pretty much agreeing with the other posters. Follow
whatever means you need to get the machine updated to the latest SP and
hotfixes for your own benefit.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Citimouse <[email protected]> posted a question
Then Kevin replied below:
: Hi All,
:
: If anyone is having a Windows 2003 member server with a Windows 2000
: Domain Controller, will you please help me?
:
: I have 2 Windows 2003 servers with a Windows 2000 Domain Controller.
: In both Windows 2003 server, both registered the same event as
: mentioned below.
:
: Application Log
:
: Event Type: Error
: Event Source: Userenv
: Event Category: None
: Event ID: 1054
: Date: 12/30/2003
: Time: 10:09:31 AM
: User: NT AUTHORITY\SYSTEM
: Computer: AVIANO
: Description:
: Windows cannot obtain the domain controller name for your computer
: network. (The specified domain either does not exist or could not be
: contacted. ). Group Policy processing aborted.
:
: For more information, see Help and Support Center at
: http://go.microsoft.com/fwlink/events.asp.
:
:
: System Log
:
: Event Type: Error
: Event Source: NETLOGON
: Event Category: None
: Event ID: 5719
: Date: 1/4/2004
: Time: 5:33:15 AM
: User: N/A
: Computer: AVIANO
: Description:
: This computer was not able to set up a secure session with a domain
: controller in domain AAF due to the following:
: There are currently no logon servers available to service the logon
: request. This may lead to authentication problems. Make sure that
: this computer is connected to the network. If the problem persists,
: please contact your domain administrator.
:
: ADDITIONAL INFO
: If this computer is a domain controller for the specified domain, it
: sets up the secure session to the primary domain controller emulator
: in the specified domain. Otherwise, this computer sets up the secure
: session to any domain controller in the specified domain.
:
: For more information, see Help and Support Center at
: http://go.microsoft.com/fwlink/events.asp.
: Data:
: 0000: 5e 00 00 c0
: ^..À
:
: It seems like the servers got dropped out of the domain and it cannot
: get authenticated. We have an in-house application and when the
: server got "disjoin" and when we tried to login to our application,
: it says access is denied and an event is recorded as below,
:
: Event Type: Failure Audit
: Event Source: Security
: Event Category: Logon/Logoff
: Event ID: 537
: Date: 30-Dec-03
: Time: 2:58:53 PM
: User: NT AUTHORITY\SYSTEM
: Computer: OSAN
: Description:
: Logon Failure:
: Reason: An error occurred during logon
: User Name: xxx
: Domain: yyy
: Logon Type: 3
: Logon Process: NtLmSsp
: Authentication Package: NTLM
: Workstation Name: HELP
: Status code: 0xC000005E
: Substatus code: 0x0
: Caller User Name: -
: Caller Domain: -
: Caller Logon ID: -
: Caller Process ID: -
: Transited Services: -
: Source Network Address: xx.xxx.xxx.xx
: Source Port: 1496
:
: I have done some research on the Internet and I have tried to follow
: some of the suggestions like using the updated network driver,
: disable media sensing, set the speed of the NIC to match the switch,
: install MS02-001 and others but still of no help. I wonder does this
: has to do with the Domain Controller. I have to rejoin the server to
: the domain at least twice a day.
:
: My DC is still in SP2 for some reasons it cannot be upgraded beyond
: SP2. Thank you very much in advance.

Can you post an ipconfig /all for the DC and the actual AD Domain name in
ADU&C?
Things I need to verify are this is not a single label domain name,
disjointed namespace, that all machines are using the DC ONLY for DNS. and
if the DC is multihomed. Any of these will cause problems with AD.
 
In Citimouse <[email protected]> posted a question
Then Kevin replied below:
: Hi All,
:
: If anyone is having a Windows 2003 member server with a Windows 2000
: Domain Controller, will you please help me?
:
: I have 2 Windows 2003 servers with a Windows 2000 Domain Controller.
: In both Windows 2003 server, both registered the same event as
: mentioned below.
:
: Application Log
:
: Event Type: Error
: Event Source: Userenv
: Event Category: None
: Event ID: 1054
: Date: 12/30/2003
: Time: 10:09:31 AM
: User: NT AUTHORITY\SYSTEM
: Computer: AVIANO
: Description:
: Windows cannot obtain the domain controller name for your computer
: network. (The specified domain either does not exist or could not be
: contacted. ). Group Policy processing aborted.
:
: For more information, see Help and Support Center at
: http://go.microsoft.com/fwlink/events.asp.
:
:
: System Log
:
: Event Type: Error
: Event Source: NETLOGON
: Event Category: None
: Event ID: 5719
: Date: 1/4/2004
: Time: 5:33:15 AM
: User: N/A
: Computer: AVIANO
: Description:
: This computer was not able to set up a secure session with a domain
: controller in domain AAF due to the following:
: There are currently no logon servers available to service the logon
: request. This may lead to authentication problems. Make sure that
: this computer is connected to the network. If the problem persists,
: please contact your domain administrator.
:
: ADDITIONAL INFO
: If this computer is a domain controller for the specified domain, it
: sets up the secure session to the primary domain controller emulator
: in the specified domain. Otherwise, this computer sets up the secure
: session to any domain controller in the specified domain.
:
: For more information, see Help and Support Center at
: http://go.microsoft.com/fwlink/events.asp.
: Data:
: 0000: 5e 00 00 c0
: ^..À
:
: It seems like the servers got dropped out of the domain and it cannot
: get authenticated. We have an in-house application and when the
: server got "disjoin" and when we tried to login to our application,
: it says access is denied and an event is recorded as below,
:
: Event Type: Failure Audit
: Event Source: Security
: Event Category: Logon/Logoff
: Event ID: 537
: Date: 30-Dec-03
: Time: 2:58:53 PM
: User: NT AUTHORITY\SYSTEM
: Computer: OSAN
: Description:
: Logon Failure:
: Reason: An error occurred during logon
: User Name: xxx
: Domain: yyy
: Logon Type: 3
: Logon Process: NtLmSsp
: Authentication Package: NTLM
: Workstation Name: HELP
: Status code: 0xC000005E
: Substatus code: 0x0
: Caller User Name: -
: Caller Domain: -
: Caller Logon ID: -
: Caller Process ID: -
: Transited Services: -
: Source Network Address: xx.xxx.xxx.xx
: Source Port: 1496
:
: I have done some research on the Internet and I have tried to follow
: some of the suggestions like using the updated network driver,
: disable media sensing, set the speed of the NIC to match the switch,
: install MS02-001 and others but still of no help. I wonder does this
: has to do with the Domain Controller. I have to rejoin the server to
: the domain at least twice a day.
:
: My DC is still in SP2 for some reasons it cannot be upgraded beyond
: SP2. Thank you very much in advance.

Can you post an ipconfig /all for the DC and the actual AD Domain name in
ADU&C?
Things I need to verify are this is not a single label domain name,
disjointed namespace, that all machines are using the DC ONLY for DNS. and
if the DC is multihomed. Any of these will cause problems with AD.
 
microsoft.public.win2000.security news group, Ace Fekay [MVP]
Wow, this got around to many unnecessary news groups. Wonder why the
multiple crosspost, such as the applications, registry or security groups?
Click to expand...

As an FYI to all of the "MVPs" who have posted to this thread
complaining about the multiple cross-postings? Commenting on the
excessive x-posting while not fixing the follow-ups is no better or
worse than what the OP has done.

What is the point of saying, you've done something wrong and then simply
repeating the incorrect behaviour?

(f'ups to microsoft.public.test)
 
microsoft.public.win2000.security news group, Ace Fekay [MVP]
Wow, this got around to many unnecessary news groups. Wonder why the
multiple crosspost, such as the applications, registry or security groups?
Click to expand...

As an FYI to all of the "MVPs" who have posted to this thread
complaining about the multiple cross-postings? Commenting on the
excessive x-posting while not fixing the follow-ups is no better or
worse than what the OP has done.

What is the point of saying, you've done something wrong and then simply
repeating the incorrect behaviour?

(f'ups to microsoft.public.test)
 
In
Paul Adare said:
microsoft.public.win2000.security news group, Ace Fekay [MVP]


As an FYI to all of the "MVPs" who have posted to this thread
complaining about the multiple cross-postings? Commenting on the
excessive x-posting while not fixing the follow-ups is no better or
worse than what the OP has done.

What is the point of saying, you've done something wrong and then
simply repeating the incorrect behaviour?

(f'ups to microsoft.public.test)
Click to expand...

Hi Paul,

Hope all is well.

FYI, I would normally in our private forum set followups and such, because
most of those folks in the private arena are aware of net etiquette and how
to navigate the forums. Some of the public posters here don't necessarily
access it thru a newsreader, but rather one of the many public forums that
are tied in, as you well know, and are in some cases somewhat complicated
for some of the newbies to find.

So. not knowing if they know how to get to the group that followups were set
to, (I've seen questions by a few asking how-to get to that forum thru the
website they did get to here thru), I found it easier to just reply to the
post knowing at least they're able to find it and read it.

Just trying to help out in the least complicated method for the general
public. I hope you understand.

Wish you and your family a Happy New Year.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Paul Adare said:
microsoft.public.win2000.security news group, Ace Fekay [MVP]


As an FYI to all of the "MVPs" who have posted to this thread
complaining about the multiple cross-postings? Commenting on the
excessive x-posting while not fixing the follow-ups is no better or
worse than what the OP has done.

What is the point of saying, you've done something wrong and then
simply repeating the incorrect behaviour?

(f'ups to microsoft.public.test)
Click to expand...

Hi Paul,

Hope all is well.

FYI, I would normally in our private forum set followups and such, because
most of those folks in the private arena are aware of net etiquette and how
to navigate the forums. Some of the public posters here don't necessarily
access it thru a newsreader, but rather one of the many public forums that
are tied in, as you well know, and are in some cases somewhat complicated
for some of the newbies to find.

So. not knowing if they know how to get to the group that followups were set
to, (I've seen questions by a few asking how-to get to that forum thru the
website they did get to here thru), I found it easier to just reply to the
post knowing at least they're able to find it and read it.

Just trying to help out in the least complicated method for the general
public. I hope you understand.

Wish you and your family a Happy New Year.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Ulf B. Simon-Weidner said:
He was setting Follow-Ups when X-Posting, I don't see the incorrect
behavior there.

Gruesse - Sincerely,

Ulf B. Simon-Weidner
Click to expand...

Then maybe Paul should have also changed the subject line too to show that
his response was an off-topic discussion.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top