Windows Server TechCenter >
Windows Server Forums
>
Group Policy
>
Event ID 1030 and 1058 on primary domain controller running Windows 2003 Enterprise Server
Event ID 1030 and 1058 on primary domain controller running Windows 2003 Enterprise Server
- Event ID 1030 and 1058 started to appeared every few minutes on our primary domain controller after I upgraded it to Windows 2003 Server Enterprise Edition, Service Pack 2 from Windows 2000 Advanced Server. On the client PC running XP, the event viewer showed event ID 1054: "Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted." and ID 15: "Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed." Any ideas what I should do? Thanks.
Answers
- Hi,
Looking at the Dcdiag results and your previous replies, it seems that everything is just perfect :) Anyhow, we need to check other things.
What is the Replication status on the Domai Controllers ?
Try running '' Repadmin /syncall /e /P ''
Are all the Ports open on the Servers like 53, 88, 389, 443, 135, and 123 ?
What about the Firewall and Antivirus ? Did you try disableing them ?
Do you see and other AD Event on any of the Servers ?
What happens when you run 'Gpupdate /force' while logged in to the Server ? You should see Events under the Application Logs.
Revert back with the info. Hope we find something this time.
cheers
Nitin- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 05, 2009 3:37 AM
All Replies
- Hi,
This problem may occur if the Autoenrollment feature cannot reach an Active Directory domain controller. In an Active Directory domain that has Microsoft Windows 2000 or later domain controllers, the problem may be caused by a DNS name resolution or by network connectivity issue.
To turn off the Autoenrollment feature in the Local Group Policy, follow these steps on your client computer:- Click Start, click Run, type gpedit.msc, and then press ENTER.
- In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
- Double-click Autoenrollment Settings.
- Click Do not enroll certificates automatically.
- Click OK.
- Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
- Close the Group Policy window.
After you have determined that you have good Internet Protocol (IP) connectivity between the member and a domain controller, correct the DNS address in the IP properties of the workstation also
regards from www.windowsadmin.info
ManuPhilip
Hi ManuPhilip,
Thanks for the suggestion. I followed your instructions and got rid of the error on the client PC. However, event ID 1030 and 1058 still pop up on my domain controller every few minutes. Any suggestions for fixing the DC?- Hello,
This is a microsoft solution for a similar issue. Hope this may help for the remaining issue
http://support.microsoft.com/kb/842804
regards from www.windowsadmin.info
ManuPhilip - Hi,
Event 1030 and 1058 comes up because the Machine is not able to enumerate the Group Policies properly. This is majorly cause because of two reasons --
DNS Issues and FRS Issues
We will start with DNS Connectivity first. Please check the following --
> Make sure the DNS Pointing is proper and the Server points to the current DNS Servers only. No Public IP should be specified in the Alternate DNS under the NIC Properties.
> Try pinging the Domain Name and see if it resolves to correct IP's.
> Run Nslookup and make sure that it also resolves to correct Name Servers
> Network Binding should be correct on the Server. This can be checked from Network Connections under Advanced TAB.
Run Netdiag to make sure no DNS and Network issues are there.
If DNS is proper then the issue may be because of FRS Issues.
> Please check if you have any FRS related Events on the Domain Controller.
> I am suspecting the Event 13568 (Journal Wrap) and Event 13508.
> Run 'Net Share' to make sure SYSVOL and NETLOGON are shared on the Domain Controller.
Please get back with these results. If there are FRS issues then we can fix that easily.
cheers
Nitin - Hi Nitin,
My answers are below in bold. Thanks for your help.
> Make sure the DNS Pointing is proper and the Server points to the current DNS Servers only. No Public IP should be specified in the Alternate DNS under the NIC Properties.
The Alternate DNS Server has an IP address in it. It points to our backup DC. Should I remove it?
> Try pinging the Domain Name and see if it resolves to correct IP's.
It did resolve to correct IP's.
> Run Nslookup and make sure that it also resolves to correct Name Servers
Correct Name Server showed up.
> Network Binding should be correct on the Server. This can be checked from Network Connections under Advanced TAB.
Could not find this under Advanced tab.
Run Netdiag to make sure no DNS and Network issues are there.
Ran successfully.
If DNS is proper then the issue may be because of FRS Issues.
> Please check if you have any FRS related Events on the Domain Controller.
> I am suspecting the Event 13568 (Journal Wrap) and Event 13508.
Neither Event 13568 or 13508 was found in the Event Viewer.
> Run 'Net Share' to make sure SYSVOL and NETLOGON are shared on the Domain Controller.
Both SYSVOL and NETLOGON were shared . - Hi,
> How many Domain Controllers and DNS Servers you have in the environment ?
> You did not mention the Nslookup Results. Run 'Nslookup' then type the Domain Name and see how many IP's it returns. They should only be of the cueernt DNS Servers. If you see and other then we need to remove them from Name Server List under DNS Console.
Open Network Connections window and click on Advanced at the top of the page. You will see and option 'Advanced Settings'. Make sure that the current Active NIC is on the top.
You can also try to disable any third party antivirus and firewall and see if it makes any difference.
Also please paste the Dcdiag from Problem DC.
cheers
Nitin - Hi,
Thanks for trying to help troubleshooting this issue. Here are my answers:
> How many Domain Controllers and DNS Servers you have in the environment ?
2 DCs and DNS Servers.
> You did not mention the Nslookup Results. Run 'Nslookup' then type the Domain Name and see how many IP's it returns. They should only be of the cueernt DNS Servers. If you see and other then we need to remove them from Name Server List under DNS Console.
NSLOOKUP showed 2 IP's of the current DNS Servers.
Open Network Connections window and click on Advanced at the top of the page. You will see and option 'Advanced Settings'. Make sure that the current Active NIC is on the top.
The current Active NIC is on the top
Also please paste the Dcdiag from Problem DC.
Here it is ...
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MAINSERVER
Starting test: Connectivity
......................... MAINSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MAINSERVER
Starting test: Replications
......................... MAINSERVER passed test Replications
Starting test: NCSecDesc
......................... MAINSERVER passed test NCSecDesc
Starting test: NetLogons
......................... MAINSERVER passed test NetLogons
Starting test: Advertising
......................... MAINSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MAINSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MAINSERVER passed test RidManager
Starting test: MachineAccount
......................... MAINSERVER passed test MachineAccount
Starting test: Services
......................... MAINSERVER passed test Services
Starting test: ObjectsReplicated
......................... MAINSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... MAINSERVER passed test frssysvol
Starting test: frsevent
......................... MAINSERVER passed test frsevent
Starting test: kccevent
......................... MAINSERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 11/03/2009 16:16:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 11/03/2009 16:17:13
(Event String could not be retrieved)
......................... MAINSERVER failed test systemlog
Starting test: VerifyReferences
......................... MAINSERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : sdl
Starting test: CrossRefValidation
......................... sdl passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... sdl passed test CheckSDRefDom
Running enterprise tests on : sdl.org
Starting test: Intersite
......................... sdl.org passed test Intersite
Starting test: FsmoCheck
......................... sdl.org passed test FsmoCheck
- Hi,
Looking at the Dcdiag results and your previous replies, it seems that everything is just perfect :) Anyhow, we need to check other things.
What is the Replication status on the Domai Controllers ?
Try running '' Repadmin /syncall /e /P ''
Are all the Ports open on the Servers like 53, 88, 389, 443, 135, and 123 ?
What about the Firewall and Antivirus ? Did you try disableing them ?
Do you see and other AD Event on any of the Servers ?
What happens when you run 'Gpupdate /force' while logged in to the Server ? You should see Events under the Application Logs.
Revert back with the info. Hope we find something this time.
cheers
Nitin- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 05, 2009 3:37 AM
- Hi Nitin,
Sorry it took a while to get back to this. I tried your suggestions above and this was what I got.
>What is the Replication status on the Domai Controllers ?
>Try running '' Repadmin /syncall /e /P ''
SyncAll terminated with no errors .
>Are all the Ports open on the Servers like 53, 88, 389, 443, 135, and 123 ?
Among the ports listed above, only 389 showed up as open.
>What about the Firewall and Antivirus ? Did you try disableing them ?
Still got the errors after Antivirus was disabled. I'm not sure how to do disable the firewall .
>Do you see and other AD Event on any of the Servers ?
Other servers had the same errors but not as frequently as the DC.
>What happens when you run 'Gpupdate /force' while logged in to the Server ? You should see Events under the Application Logs.
Event Viewer showed Security policy in the Group policy objects has been applied successfully .
Thanks again for your help.
