Printable View
I am getting this error (Event Id 1006 userenv) along with event id 1053 on
XP clients that are connecting to our domain via a VPN over a PIX. This has
worked for quite some time and now it is causing 45 minutes to apply computer
settings, clients cannot access our Exchange server and GPO's are not being
applied. There are no errors server side. I have checked DNS and I do not see
anything wrong. What will cause this error and how do I resolve this? Thanks.
Two things pop into my mind DNS and Cached Credentials.
Couple of quick things
Can you do an nslookup correctly
Run a trace route back from the XP machine
Check your reverse zone to make sure it is correct
Check out these two locations for users with similar problems
http://www.eventid.net/display.asp?e...serenv&phase=1
http://www.eventid.net/display.asp?e...serenv&phase=1
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"webby" <webby@discussions.microsoft.com> wrote in message
news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> I am getting this error (Event Id 1006 userenv) along with event id 1053
on
> XP clients that are connecting to our domain via a VPN over a PIX. This
has
> worked for quite some time and now it is causing 45 minutes to apply
computer
> settings, clients cannot access our Exchange server and GPO's are not
being
> applied. There are no errors server side. I have checked DNS and I do not
see
> anything wrong. What will cause this error and how do I resolve this?
Thanks.
I can do a nslookup from the XP machine with no problems. I have not checked
cached credentials yet, that is on the Manage Passwords tab, yes? Could all 5
machines be having a cached credentials issue, what would cause that? Where
else should I be checking to resolve this? Thanks for the help.
"Paul Bergson" wrote:
> Two things pop into my mind DNS and Cached Credentials.
>
> Couple of quick things
> Can you do an nslookup correctly
> Run a trace route back from the XP machine
> Check your reverse zone to make sure it is correct
>
> Check out these two locations for users with similar problems
>
> http://www.eventid.net/display.asp?e...serenv&phase=1
>
> http://www.eventid.net/display.asp?e...serenv&phase=1
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "webby" <webby@discussions.microsoft.com> wrote in message
> news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > I am getting this error (Event Id 1006 userenv) along with event id 1053
> on
> > XP clients that are connecting to our domain via a VPN over a PIX. This
> has
> > worked for quite some time and now it is causing 45 minutes to apply
> computer
> > settings, clients cannot access our Exchange server and GPO's are not
> being
> > applied. There are no errors server side. I have checked DNS and I do not
> see
> > anything wrong. What will cause this error and how do I resolve this?
> Thanks.
>
>
>
Webby,
You mention that you can do an NSLOOKUP correctly. Try doing the NSLOOKUP
to the FQDN of your domain (DoaminName.local or whatever). This will make
sure you are looking up the domain rather than just the server and will show
you if the SRV records associated with the domain are seen correctly.
If you are having DNS problems or problems contacting the PDCe, you will get
those errors. To verify that there are no other problems with the FSMO
roles, I would suggest that you run DCDIAG and NETDIAG in verbose mode
against your server. These can be found int he Support Tools on the Server
CD (you do install these on every server you have, right??)
Let me know if this gets you anywhere....
Ryan Hanisco
FlagShip Integration Services
"webby" wrote:
> I can do a nslookup from the XP machine with no problems. I have not checked
> cached credentials yet, that is on the Manage Passwords tab, yes? Could all 5
> machines be having a cached credentials issue, what would cause that? Where
> else should I be checking to resolve this? Thanks for the help.
>
> "Paul Bergson" wrote:
>
> > Two things pop into my mind DNS and Cached Credentials.
> >
> > Couple of quick things
> > Can you do an nslookup correctly
> > Run a trace route back from the XP machine
> > Check your reverse zone to make sure it is correct
> >
> > Check out these two locations for users with similar problems
> >
> > http://www.eventid.net/display.asp?e...serenv&phase=1
> >
> > http://www.eventid.net/display.asp?e...serenv&phase=1
> >
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> > "webby" <webby@discussions.microsoft.com> wrote in message
> > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > I am getting this error (Event Id 1006 userenv) along with event id 1053
> > on
> > > XP clients that are connecting to our domain via a VPN over a PIX. This
> > has
> > > worked for quite some time and now it is causing 45 minutes to apply
> > computer
> > > settings, clients cannot access our Exchange server and GPO's are not
> > being
> > > applied. There are no errors server side. I have checked DNS and I do not
> > see
> > > anything wrong. What will cause this error and how do I resolve this?
> > Thanks.
> >
> >
> >
Here is a detailed explanation of cached credentials and how they could
pertain specifically to your scenario.
http://www.microsoft.com/technet/pro...81be5348e.mspx
When you say you have validated the dns have you tried both forward and
reverse lookups? Does the PIX appliance block any ports(Or is there a
firewall that could be doing this)? Is the xp (sp2) firewall blocking any
ports.
You can check to see if the sysvol share is connectible by opening up
Windows Explorer and in the address line enter \\domain_name\sysvol example
\\microsoft.com\sysvol. This where your gpo's are stored.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"webby" <webby@discussions.microsoft.com> wrote in message
news:B5A37408-2AD3-4AFE-A279-80CC364EC0B2@microsoft.com...
> I can do a nslookup from the XP machine with no problems. I have not
checked
> cached credentials yet, that is on the Manage Passwords tab, yes? Could
all 5
> machines be having a cached credentials issue, what would cause that?
Where
> else should I be checking to resolve this? Thanks for the help.
>
> "Paul Bergson" wrote:
>
> > Two things pop into my mind DNS and Cached Credentials.
> >
> > Couple of quick things
> > Can you do an nslookup correctly
> > Run a trace route back from the XP machine
> > Check your reverse zone to make sure it is correct
> >
> > Check out these two locations for users with similar problems
> >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> >
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> > "webby" <webby@discussions.microsoft.com> wrote in message
> > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > I am getting this error (Event Id 1006 userenv) along with event id
1053
> > on
> > > XP clients that are connecting to our domain via a VPN over a PIX.
This
> > has
> > > worked for quite some time and now it is causing 45 minutes to apply
> > computer
> > > settings, clients cannot access our Exchange server and GPO's are not
> > being
> > > applied. There are no errors server side. I have checked DNS and I do
not
> > see
> > > anything wrong. What will cause this error and how do I resolve this?
> > Thanks.
> >
> >
> >
Thank both of you for your replies. Some additional info:
There are two Windows 2000 pro clients that are in these remote offices, and
they are not affected as the XP Pro clients are. I can browse to the sysvol
share. The XP firewall is off and the PIX config has not changed in two years
that these clients could connect. How do I get rid of the cached
credentials? I really need to resolve this as the people in these offices
cannot work :( I will need to check the reverse lookups, I only checked the
forward lookups.
"Paul Bergson" wrote:
> Here is a detailed explanation of cached credentials and how they could
> pertain specifically to your scenario.
> http://www.microsoft.com/technet/pro...81be5348e.mspx
>
> When you say you have validated the dns have you tried both forward and
> reverse lookups? Does the PIX appliance block any ports(Or is there a
> firewall that could be doing this)? Is the xp (sp2) firewall blocking any
> ports.
>
> You can check to see if the sysvol share is connectible by opening up
> Windows Explorer and in the address line enter \\domain_name\sysvol example
> \\microsoft.com\sysvol. This where your gpo's are stored.
>
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "webby" <webby@discussions.microsoft.com> wrote in message
> news:B5A37408-2AD3-4AFE-A279-80CC364EC0B2@microsoft.com...
> > I can do a nslookup from the XP machine with no problems. I have not
> checked
> > cached credentials yet, that is on the Manage Passwords tab, yes? Could
> all 5
> > machines be having a cached credentials issue, what would cause that?
> Where
> > else should I be checking to resolve this? Thanks for the help.
> >
> > "Paul Bergson" wrote:
> >
> > > Two things pop into my mind DNS and Cached Credentials.
> > >
> > > Couple of quick things
> > > Can you do an nslookup correctly
> > > Run a trace route back from the XP machine
> > > Check your reverse zone to make sure it is correct
> > >
> > > Check out these two locations for users with similar problems
> > >
> > >
> http://www.eventid.net/display.asp?e...serenv&phase=1
> > >
> > >
> http://www.eventid.net/display.asp?e...serenv&phase=1
> > >
> > >
> > > --
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > > I am getting this error (Event Id 1006 userenv) along with event id
> 1053
> > > on
> > > > XP clients that are connecting to our domain via a VPN over a PIX.
> This
> > > has
> > > > worked for quite some time and now it is causing 45 minutes to apply
> > > computer
> > > > settings, clients cannot access our Exchange server and GPO's are not
> > > being
> > > > applied. There are no errors server side. I have checked DNS and I do
> not
> > > see
> > > > anything wrong. What will cause this error and how do I resolve this?
> > > Thanks.
> > >
> > >
> > >
>
>
>
If you want to determine if the users are authenticating via cached
credentials open up a command prompt and type in "set logonserver" if it
doesn't have one of your dc's in there (Has the local system) then you know
this system is using cached credentials.
To disable cached credentials see the following:
http://support.microsoft.com/default...b;en-us;242536
If W2K users aren't having problems then I doubt that this is a cache
credential problem.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"webby" <webby@discussions.microsoft.com> wrote in message
news:323FC857-621E-4D36-800C-E60BBF8B25E8@microsoft.com...
> Thank both of you for your replies. Some additional info:
> There are two Windows 2000 pro clients that are in these remote offices,
and
> they are not affected as the XP Pro clients are. I can browse to the
sysvol
> share. The XP firewall is off and the PIX config has not changed in two
years
> that these clients could connect. How do I get rid of the cached
> credentials? I really need to resolve this as the people in these offices
> cannot work :( I will need to check the reverse lookups, I only checked
the
> forward lookups.
>
>
> "Paul Bergson" wrote:
>
> > Here is a detailed explanation of cached credentials and how they could
> > pertain specifically to your scenario.
> >
http://www.microsoft.com/technet/pro...81be5348e.mspx
> >
> > When you say you have validated the dns have you tried both forward and
> > reverse lookups? Does the PIX appliance block any ports(Or is there a
> > firewall that could be doing this)? Is the xp (sp2) firewall blocking
any
> > ports.
> >
> > You can check to see if the sysvol share is connectible by opening up
> > Windows Explorer and in the address line enter \\domain_name\sysvol
example
> > \\microsoft.com\sysvol. This where your gpo's are stored.
> >
> >
> > --
> >
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> > "webby" <webby@discussions.microsoft.com> wrote in message
> > news:B5A37408-2AD3-4AFE-A279-80CC364EC0B2@microsoft.com...
> > > I can do a nslookup from the XP machine with no problems. I have not
> > checked
> > > cached credentials yet, that is on the Manage Passwords tab, yes?
Could
> > all 5
> > > machines be having a cached credentials issue, what would cause that?
> > Where
> > > else should I be checking to resolve this? Thanks for the help.
> > >
> > > "Paul Bergson" wrote:
> > >
> > > > Two things pop into my mind DNS and Cached Credentials.
> > > >
> > > > Couple of quick things
> > > > Can you do an nslookup correctly
> > > > Run a trace route back from the XP machine
> > > > Check your reverse zone to make sure it is correct
> > > >
> > > > Check out these two locations for users with similar problems
> > > >
> > > >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> > > >
> > > >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> > > >
> > > >
> > > > --
> > > >
> > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > >
> > > >
> > > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > > > I am getting this error (Event Id 1006 userenv) along with event
id
> > 1053
> > > > on
> > > > > XP clients that are connecting to our domain via a VPN over a PIX.
> > This
> > > > has
> > > > > worked for quite some time and now it is causing 45 minutes to
apply
> > > > computer
> > > > > settings, clients cannot access our Exchange server and GPO's are
not
> > > > being
> > > > > applied. There are no errors server side. I have checked DNS and I
do
> > not
> > > > see
> > > > > anything wrong. What will cause this error and how do I resolve
this?
> > > > Thanks.
> > > >
> > > >
> > > >
> >
> >
> >
In your opinion, what do you think it is and what should I check to resolve
this?
"Paul Bergson" wrote:
> If you want to determine if the users are authenticating via cached
> credentials open up a command prompt and type in "set logonserver" if it
> doesn't have one of your dc's in there (Has the local system) then you know
> this system is using cached credentials.
>
> To disable cached credentials see the following:
>
> http://support.microsoft.com/default...b;en-us;242536
>
> If W2K users aren't having problems then I doubt that this is a cache
> credential problem.
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "webby" <webby@discussions.microsoft.com> wrote in message
> news:323FC857-621E-4D36-800C-E60BBF8B25E8@microsoft.com...
> > Thank both of you for your replies. Some additional info:
> > There are two Windows 2000 pro clients that are in these remote offices,
> and
> > they are not affected as the XP Pro clients are. I can browse to the
> sysvol
> > share. The XP firewall is off and the PIX config has not changed in two
> years
> > that these clients could connect. How do I get rid of the cached
> > credentials? I really need to resolve this as the people in these offices
> > cannot work :( I will need to check the reverse lookups, I only checked
> the
> > forward lookups.
> >
> >
> > "Paul Bergson" wrote:
> >
> > > Here is a detailed explanation of cached credentials and how they could
> > > pertain specifically to your scenario.
> > >
> http://www.microsoft.com/technet/pro...81be5348e.mspx
> > >
> > > When you say you have validated the dns have you tried both forward and
> > > reverse lookups? Does the PIX appliance block any ports(Or is there a
> > > firewall that could be doing this)? Is the xp (sp2) firewall blocking
> any
> > > ports.
> > >
> > > You can check to see if the sysvol share is connectible by opening up
> > > Windows Explorer and in the address line enter \\domain_name\sysvol
> example
> > > \\microsoft.com\sysvol. This where your gpo's are stored.
> > >
> > >
> > > --
> > >
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > news:B5A37408-2AD3-4AFE-A279-80CC364EC0B2@microsoft.com...
> > > > I can do a nslookup from the XP machine with no problems. I have not
> > > checked
> > > > cached credentials yet, that is on the Manage Passwords tab, yes?
> Could
> > > all 5
> > > > machines be having a cached credentials issue, what would cause that?
> > > Where
> > > > else should I be checking to resolve this? Thanks for the help.
> > > >
> > > > "Paul Bergson" wrote:
> > > >
> > > > > Two things pop into my mind DNS and Cached Credentials.
> > > > >
> > > > > Couple of quick things
> > > > > Can you do an nslookup correctly
> > > > > Run a trace route back from the XP machine
> > > > > Check your reverse zone to make sure it is correct
> > > > >
> > > > > Check out these two locations for users with similar problems
> > > > >
> > > > >
> > >
> http://www.eventid.net/display.asp?e...serenv&phase=1
> > > > >
> > > > >
> > >
> http://www.eventid.net/display.asp?e...serenv&phase=1
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > >
> > > > >
> > > > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > > > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > > > > I am getting this error (Event Id 1006 userenv) along with event
> id
> > > 1053
> > > > > on
> > > > > > XP clients that are connecting to our domain via a VPN over a PIX.
> > > This
> > > > > has
> > > > > > worked for quite some time and now it is causing 45 minutes to
> apply
> > > > > computer
> > > > > > settings, clients cannot access our Exchange server and GPO's are
> not
> > > > > being
> > > > > > applied. There are no errors server side. I have checked DNS and I
> do
> > > not
> > > > > see
> > > > > > anything wrong. What will cause this error and how do I resolve
> this?
> > > > > Thanks.
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
I'm stumped.
Attempt the cached credentials option and see if fixes from a link I gave
earlier from eventid.net has any merit.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"webby" <webby@discussions.microsoft.com> wrote in message
news:95C63DC7-7D8A-4BF4-90FA-ACF0C2063066@microsoft.com...
> In your opinion, what do you think it is and what should I check to
resolve
> this?
>
> "Paul Bergson" wrote:
>
> > If you want to determine if the users are authenticating via cached
> > credentials open up a command prompt and type in "set logonserver" if it
> > doesn't have one of your dc's in there (Has the local system) then you
know
> > this system is using cached credentials.
> >
> > To disable cached credentials see the following:
> >
> > http://support.microsoft.com/default...b;en-us;242536
> >
> > If W2K users aren't having problems then I doubt that this is a cache
> > credential problem.
> >
> > --
> >
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> > "webby" <webby@discussions.microsoft.com> wrote in message
> > news:323FC857-621E-4D36-800C-E60BBF8B25E8@microsoft.com...
> > > Thank both of you for your replies. Some additional info:
> > > There are two Windows 2000 pro clients that are in these remote
offices,
> > and
> > > they are not affected as the XP Pro clients are. I can browse to the
> > sysvol
> > > share. The XP firewall is off and the PIX config has not changed in
two
> > years
> > > that these clients could connect. How do I get rid of the cached
> > > credentials? I really need to resolve this as the people in these
offices
> > > cannot work :( I will need to check the reverse lookups, I only
checked
> > the
> > > forward lookups.
> > >
> > >
> > > "Paul Bergson" wrote:
> > >
> > > > Here is a detailed explanation of cached credentials and how they
could
> > > > pertain specifically to your scenario.
> > > >
> >
http://www.microsoft.com/technet/pro...81be5348e.mspx
> > > >
> > > > When you say you have validated the dns have you tried both forward
and
> > > > reverse lookups? Does the PIX appliance block any ports(Or is there
a
> > > > firewall that could be doing this)? Is the xp (sp2) firewall
blocking
> > any
> > > > ports.
> > > >
> > > > You can check to see if the sysvol share is connectible by opening
up
> > > > Windows Explorer and in the address line enter \\domain_name\sysvol
> > example
> > > > \\microsoft.com\sysvol. This where your gpo's are stored.
> > > >
> > > >
> > > > --
> > > >
> > > >
> > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > >
> > > >
> > > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > > news:B5A37408-2AD3-4AFE-A279-80CC364EC0B2@microsoft.com...
> > > > > I can do a nslookup from the XP machine with no problems. I have
not
> > > > checked
> > > > > cached credentials yet, that is on the Manage Passwords tab, yes?
> > Could
> > > > all 5
> > > > > machines be having a cached credentials issue, what would cause
that?
> > > > Where
> > > > > else should I be checking to resolve this? Thanks for the help.
> > > > >
> > > > > "Paul Bergson" wrote:
> > > > >
> > > > > > Two things pop into my mind DNS and Cached Credentials.
> > > > > >
> > > > > > Couple of quick things
> > > > > > Can you do an nslookup correctly
> > > > > > Run a trace route back from the XP machine
> > > > > > Check your reverse zone to make sure it is correct
> > > > > >
> > > > > > Check out these two locations for users with similar problems
> > > > > >
> > > > > >
> > > >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> > > > > >
> > > > > >
> > > >
> >
http://www.eventid.net/display.asp?e...serenv&phase=1
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > > >
> > > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > > >
> > > > > >
> > > > > > "webby" <webby@discussions.microsoft.com> wrote in message
> > > > > > news:C728C673-3E6F-476B-BFD3-933FA6C50B9F@microsoft.com...
> > > > > > > I am getting this error (Event Id 1006 userenv) along with
event
> > id
> > > > 1053
> > > > > > on
> > > > > > > XP clients that are connecting to our domain via a VPN over a
PIX.
> > > > This
> > > > > > has
> > > > > > > worked for quite some time and now it is causing 45 minutes to
> > apply
> > > > > > computer
> > > > > > > settings, clients cannot access our Exchange server and GPO's
are
> > not
> > > > > > being
> > > > > > > applied. There are no errors server side. I have checked DNS
and I
> > do
> > > > not
> > > > > > see
> > > > > > > anything wrong. What will cause this error and how do I
resolve
> > this?
> > > > > > Thanks.
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >