none
Event ID 1058 and 1030, gpotool reports DC list empty, DNS is working RRS feed

  • Question

  • Hello all,

    What we have is AD with one DC running Windows Server 2003 R2 Standard.  This server is used mostly for Terminal Services.  We are getting these event ID's 1030 and 1058 on that same server.  I have been reading and doing some steps in (http://support.microsoft.com/default.aspx?scid=kb;en-us;887303) but no luck in fixing the issue.  

    Here is a list of issues we are seeing on this server:

     

    • Event ID: 1030 and 1058
    • Run gpotool.exe: Server.domain.com: Down (sysvol only) Error: DC list is empty
    • Trying to access the Group Policy tab in AD users and computers getting error:  Domain controller not found for domain.com
    • Try running Domain (and Controller) Security Policy from Admin tools, getting: Failed to open the Group Policy Object.  You may not have appropriate rights.
    The things I have checked on the local DC from console:
    • sysvol is share is there and working, by looking at the directory structure all files seem to be in place.  I can access the file (gpt.ini) that is being reported in 1058 without any issues.  ACL seem to be correct.  net share shows both sysvol and netlogon shares and again can be access.
    • DNS is working, with DNS settings correct.  I see the SRV records and can ping both DC name and domain without problems.  Also DNS event log is clean.  
    • All services are running i even restarted most of them without issue.
    • I have change the SMB signing settings.  Did not fix the problem
    • DFS seems to be working, again these event id 1058 errors are on the local DC.  File Repl Service event log is clean except for event 13512, and that event is only informational.
    Please can anyone set me straight?  I don't know when these errors started, as I stupidly cleared the app log thinking i fixed the problem.  Thanks for your time and help,
    Nick

     


    Nick Hesson
    Friday, December 10, 2010 8:09 PM

Answers

  • Hi,

     

    Although multihomed domain controller is supported, it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we suggest that you do not configure domain controller as multihomed. 

     

    For more information, you can refer to the following support articles:

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294   

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063   

     

    Meanwhile, if you insist configuring a multihomed DC, please refer to the following articles:

     

    Multihomed DCs with DNS, RRAS, and/or PPPoE adapters

    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx  

     

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    For more information about how to troubleshoot the Event ID 1058 and 1030, please also refer to the following articles:

     

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Group policies are not applied the way you expect; "Event ID 1058" and "Event ID 1030" errors in the application log

    http://support.microsoft.com/kb/314494

     

    What are Userenv 1030 and 1058 events?

    http://blogs.technet.com/b/instan/archive/2009/07/13/what-are-userenv-1030-and-1058-events.aspx

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, December 13, 2010 7:43 AM
    Moderator

All replies

  • Hello,

    please post an unedited ipconfig /all from the DC and a machine you are connecting from, so we can verify the settings, it sounds for me that the DC is multihomed.

    Also you should never use a DC for terminal services, this requries to lower the security of the DC, the heart of the domain.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, December 10, 2010 10:48 PM
  • For sure it is multihomed.  Here is a edited version of the ipconfig /all.  I can not give out the external address or servername.  

    C:\>ipconfig /all

     

    Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : server

       Primary Dns Suffix  . . . . . . . : domain.com

       Node Type . . . . . . . . . . . . : Unknown

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : domain.com

     

    Ethernet adapter IHISERVER01-172.16.0.254:

     

       Connection-specific DNS Suffix  . : domain.com

       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2

       Physical Address. . . . . . . . . : 00-10-18-33-40-1E

       DHCP Enabled. . . . . . . . . . . : No

       IP Address. . . . . . . . . . . . : 172.16.0.254

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 172.16.0.1

       DNS Servers . . . . . . . . . . . : 172.16.0.254

     

    Ethernet adapter Internet - 00.00.00.00:

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

       Physical Address. . . . . . . . . : 00-1D-09-FE-DA-A0

       DHCP Enabled. . . . . . . . . . . : No

       IP Address. . . . . . . . . . . . : 00.00.00.00

       Subnet Mask . . . . . . . . . . . : 255.255.255.248

       Default Gateway . . . . . . . . . : 00.00.00.00

       DNS Servers . . . . . . . . . . . : 127.0.0.1�

     

     

    One office, one server, 4 users.  We have to have this server run everything.  It's not perfect, but it works.  Thanks for your time and help,

     

    Nick


    Nick Hesson
    Friday, December 10, 2010 10:56 PM
  • Hi,

     

    Although multihomed domain controller is supported, it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we suggest that you do not configure domain controller as multihomed. 

     

    For more information, you can refer to the following support articles:

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294   

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063   

     

    Meanwhile, if you insist configuring a multihomed DC, please refer to the following articles:

     

    Multihomed DCs with DNS, RRAS, and/or PPPoE adapters

    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx  

     

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    For more information about how to troubleshoot the Event ID 1058 and 1030, please also refer to the following articles:

     

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Group policies are not applied the way you expect; "Event ID 1058" and "Event ID 1030" errors in the application log

    http://support.microsoft.com/kb/314494

     

    What are Userenv 1030 and 1058 events?

    http://blogs.technet.com/b/instan/archive/2009/07/13/what-are-userenv-1030-and-1058-events.aspx

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, December 13, 2010 7:43 AM
    Moderator