Hello,
We have two application servers in a remote building (and different subnet).
The two applicaiton servers are the only ones outside of the main building.
The domain controller is in the main building. Communications between
application servers and DC should be unchallenged by the routers. DNS
settings for both member servers point to the DC in the other building. I
can ping the fully qualified name and nslookup.
Upon startup of two identical (both hardware and software) application
servers (Win 2003 Standard, SP1) – I receive the following error messages at
startup.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
User: NT AUTHORITY\SYSTEM
Description:
Windows cannot determine the user or computer name. (The specified domain
either does not exist or could not be contacted. ). Group Policy processing
aborted.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
User: N/A
Description:
This computer was not able to set up a secure session with a domain
controller in domain XXX due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your domain
administrator.
The following event may be related to the two events above.
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
User: NT AUTHORITY\NETWORK SERVICE
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,45627}
Process ID: 592
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: (domain user)
Primary Domain: XXX
Primary Logon ID: (0x0,0x3E7)
Client User Name: NETWORK SERVICE
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x3E4)
Accesses: READ_CONTROL
Connect to service controller
Lock service database for exclusive access
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x20009
Issue – With errors 1053 and 5719 we have an application that heavily
depends on AD/LDAP and COM+. There are three services associated with the
application that are supposed to automatically start. One of the three
services fails to start and a second one shows as started but there are
issues. Application is unable to start automatically upon startup.
Troubleshooting –
1) Changed services from auto startup to manual. Then wrote script
w/scheduled task (run at startup) to start the three services with a 45
second delay. In testing the delay (120 seconds = good, 60 seconds good, 30
seconds = fail). Services started without issue with 45 second delay.
2) Tested dcpromo on one of the two application servers. Dcpromo resolved
both error messages on promoted server however it is not desired to have a
production application server as a domain controller. Other application
server on same subnet still has the issue. On network neighborhood on
promoted server, can see all servers except for other application server on
same subnet.
3) Netlogon service does show as running under services on application
servers. Also was able to manually perform a gpupdate.
4) Physically moved other application server to same building and subnet
where DC/DNS is located. This resolved the issue but again this is not
preferred.
5) Tried adding hosts and lmhost entries and did not resolve issue.
6) Changed nic settings from auto to 100 full and did not resolve issue.
7) Unjoined applicaiton servers from domain and rejoined - did
not resolve issue. FYI - never have issue logging into application servers
with domain account.
So with the application servers on a different subnet it looks like there
are issues at startup but eventually everything works. I have no idea why I
need a 45 second delay to start the services which by computer terms is a lot
of time. Simply moving one server to the main building resolves the issue.
Interesting that the 2nd application could not see the DC on the remote site
even though it was on the same subnet.
Any suggestions?
Thanks in advance.
|
Linear Mode
