When I attempted to login under the user's account or the domain administrator's account, I kept getting the following error message:
| Logon Message | |
Windows cannot connect to the
domain, either because the domain controller is down or otherwise unavailable,
or because your computer account was not found. Please try again later. If this
message continues to appear, contact your system administrator for assistance.
|
I rebooted the system and even rebooted the domain controller, but the results
were the same. If I logged into the system using its local administrator
account, I could see all of the systems in the domain listed even the affected
one when I used the command net view /domain:solutions. Wwhen I
tried to view the shared folders on the system, D, from the domain controller,
I got an "access denied" error message.
When I tried to mount drive C on the affected system as drive W on the domain controller, I got the error message below.
But I could mount it, if I specified that I wanted to use the local
administrator account on D, i.e. using net use w: \\d\c$
/user:d\administrator.
I could ping the system from the domain controller and vice versa, so network
connectivity between the server and the system seemed to be ok. I removed the
system from the domain and then added the system, which is named D, back to the
domain using the command net computer \\d /add. The results were
the same. The computer was listed in the domain, solutions, when I used
net view /domain:solutions, but I couldn't login to the system
using a domain account.
When I looked in the system's event logs, the first error entry I saw in the system log for the day, which appeared shortly after those related to the system restarting, was as shown below. The time must have been set incorrectly on the system, since it is showing the time as 4:40 PM, whereas I plugged the system into the network shortly after 8:00 AM.
Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 5719 Date: 7/25/2006 Time: 4:40:07 PM User: N/A Computer: D Description: No Domain Controller is available for domain solutions due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
A warning entry that seemed to be related to the same problem appeared about a minute later.
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 7/25/2006
Time: 4:41:00 PM
User: N/A
Computer: D
Description:
The system failed to update and remove host (A) resource records
(RRs) for network adapter
with settings:
Adapter Name : {B0E52B4A-8C98-4F6E-8DFC-299728BA4DF7}
Host Name : D
Primary Domain Suffix : altered1.com
DNS server list :
192.168.0.3, 66.159.80.160
Sent update to server : <?>
IP Address(es) :
192.168.0.8
The reason the update request failed was because of a system
problem. For specific error code, see the record data displayed below.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 27 00 00 Q'..
The next error entry appeared at 4:43:44 PM. It was the same event id 5719 error as before. The only difference was the time change. It appeared about 3 1/2 minutes after the prior event id 5719 error message.
Looking at the information entry that appeared immediately preceding the 4:43:44 event id 5719 error entry, I saw the following:
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4202
Date: 7/25/2006
Time: 4:43:43 PM
User: N/A
Computer: D
Description:
The system detected that network adapter \DEVICE\TCPIP_{B0E52B4A-
8C98-4F6E-8DFC-299728BA4DF7} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 6a 10 00 40 ....j..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error Event Source: Userenv Event Category: None Event ID: 1054 Date: 7/25/2006 Time: 4:40:07 PM User: NT AUTHORITY\SYSTEM Computer: D Description: Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
About a minute afterwards, the entry below appeared in the application log:
Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 15 Date: 7/25/2006 Time: 4:41:10 PM User: N/A Computer: D Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Another event id 1054 error entry appeared in the application log at 4:43:44. It was the same as the first one, except for the time change. Microsoft has an article Event ID 1054 is logged in the application event log, which suggests one should check the DNS settings, but I never changed those and when I checked the servers listed for the DNS servers, they are correct, with the first entry pointing to the internal DNS server, which is the domain controller. And I can ping the domain controller from the system.
None of the other systems in the domain were having any problem. So I logged into another system in the domain that no one was using at the time intending to copy the user's "My Documents" files, "Desktop", and "Favorites" to that system, since I could access the affected system over the network by connecting to it using its local administrator account. While I was in the process of doing that I checked the affected system, D, again, and found the problem had gone away. The problem had lasted about an hour. I only expected to drop off the system and leave and had no time to do any further checking on what might have caused the problem. I thought perhaps some process on the server that runs on a periodic basis might have run and properly accepted the system into the domain at that time.
The system appeared to work fine Tuesday and Wednesday; at least the user did not have any problems. The user didn't work on Thursday, but when she came back to work Friday morning, the problem was there again and she had to work on another system in the office again. When I checked on the problem Friday evening, it appeared to be the same situation as before.
Looking back through the system logs on Saturday morning, I found that though the user didn't seem to have problems later Tuesday or while she worked Wednesday, July 26, I did find error entries appearing in the log files starting the morning of July 26 (I'm assuming that the system's time was synchronized with that of the domain controller by then, so the times are now correct). I did not see a recurrence of the event id 1054 entry in the application log after July 25.
An application log error entry for Wednesday morning is shown below:
Event Type: Error Event Source: Userenv Event Category: None Event ID: 1053 Date: 7/26/2006 Time: 8:15:02 AM User: NT AUTHORITY\SYSTEM Computer: D Description: Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
It was followed immediately by another error entry.
Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 15 Date: 7/26/2006 Time: 8:16:08 AM User: N/A Computer: D Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007052b). Unable to update the password. The value provided as the current password is incorrect. Enrollment will not be performed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
That error entry was followed by a warning entry:
Event Type: Warning Event Source: Userenv Event Category: None Event ID: 1517 Date: 7/26/2006 Time: 8:17:59 AM User: NT AUTHORITY\SYSTEM Computer: D Description: Windows saved user D\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Looking in the system event log for Wednesday, July 26, the first error entry I found was as follows:
Event Type: Error Event Source: Dhcp Event Category: None Event ID: 1002 Date: 7/26/2006 Time: 8:14:35 AM User: N/A Computer: D Description: The IP address lease 192.168.1.102 for the Network Card with network address 001111A89CB0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I had the system plugged into another network after I restored it from a backup so I could download and install all of the bug fixes and security updates from Microsoft since the time I made the image backup. I had it set to get its IP address by DHCP then. But before plugging it back into the network from which I had taken it, I set it back to its fixed IP values, with an address of 192.168.0.8. It was apparently still trying to renew a leased IP address, 192.168.1.102 from the DHCP server on the network where I had plugged it in temporarily. A DHCP server, 192.168.0.1 on its permanent network rejected that lease renewal. I don't understand why it was trying to renew the lease, since I had changed it to a static IP address and DNS servers before plugging it back into its permanent network. But this error entry may not be related to the problems with the system authenticating with the domain controller. It was followed immediately by another error entry.
Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 3210 Date: 7/26/2006 Time: 8:14:49 AM User: N/A Computer: D Description: This computer could not authenticate with \\S.altered1.com, a Windows domain controller for domain solutions, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 22 00 00 c0 "..À
Searching for information on the problem, I found an Title: XP users cannot see domain or register connestions in DNS entry on the problem at Experts Exchange. A response by nyck6623 to someone reporting the problem provides the following information:
PRB: Cannot Connect to Domain Controller and Cannot Apply Group Policy with Gigabit Ethernet Devices
View products that this article applies to.
This article was previously published under Q326152
SYMPTOMS
Windows XP-based systems that use Gigabit Ethernet devices may not be able to join an Active Directory domain, which aborts the Group Policy download process. When this occurs, a series of events are written to the event log. For example:
Event ID: 1054
Source: NT AUTHORITY/SYSTEM
Type: Error
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or exist or could not be contacted). Group Policy processing aborted.
Data: (unavailable)
CAUSE The problem occurs because link status fluctuates as the network adapter (also known as the network interface card, or NIC) driver initializes and as the network adapter hardware negotiates a link with the network infrastructure. The Group Policy application stack executes before the negotiation process is completed and can fail because of the absence of a valid link.
WORKAROUND
You may be able to work around this problem by disabling the "Media Sensing" feature in Windows. For additional information about how to disable Media Sense, click the following article number to view the article in the Microsoft Knowledge Base:
239924 How to Disable Media Sense for TCP/IP in Windows
If you disable Media Sense, and if you cannot join an Active Directory domain or download group policies, make sure that you are running the most current drivers for your network adapter. If you are already running the most current drivers for your network adapter, the only workaround currently available is to switch to a different network adapter.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.
Network adapter manufacturers may implement workarounds for this problem in their drivers. Microsoft has confirmed that some of these workarounds can cause network adapters to incorrectly report their link speed. As a result, programs that perform downloads from the network, monitor network performance, or do load balancing and packet scheduling (QoS) may not work as expected.
An 7243 » Windows XP logs Event ID 1054, 'The specified domain either does not exist or exist or could not be contacted'? article at the JSI FAQ site, also indicates disabling media sense may resolve the problem, if you are using a Gigabit Ethernet network adapter.
The response indicated this information applies to problems with Gigabit Ethernet adapters. The system has a 10/100 Mbs Ethernet adapter, an Intel Pro/100 VE adapter rather than a Gigabit Ethernet adapter, but when I installed the updates from Microsoft for the operating system, one of those I installed was "Intel Corporation - Networking - Intel(R) PRO/100 VE Network Connection" an Intel network software update released on June 13 2005. I thought the later drive might be causing the problem, since it was likely not on the system before the disk drive problem occurred. Rather than changing the media sensing configuration, I thought I would first try rolling back to the previous driver. So I took the following steps to roll back the driver.
I rebooted the system after rolling back the network adapter driver to its previous state. However, that did not resolve the problem. Nor did another reboot of the domain controller.
On the affected computer, I then right-clicked on "My Computer", chose Properties, then Computer Name, clicked on the Change button changed the Member of setting from "domain" to "workgroup" and typed in "temp" for the workgroup name. I rebooted, then changed the setting back to the domain "solutions" and rebooted again. This time, I was successfully able to log into the computer using the domain administrator account.
Switching from the domain to a workgroup and back resolved my problem. For anyone who may have a similar problem, for which the solution that worked for me doesn't work, there are lots of other causes and suggested solutions listed at Event ID: 1054 on EventID.Net, a resource for information on various Windows event IDs. Some people have encountered this problem due to a firewall blocking communications between the system and the domain controller. One of the posters on that webpage resolved the problem by "disjoining the domain, then re-joining the domain" as I did.
References: