Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Still recieving 1030 & 1058 event id codes on primary ad server

Status
Not open for further replies.

reynolwi

IS-IT--Management
Sep 7, 2006
452
US
I have looked thru all my settings and checked security privilages like microsoft said in their tech support papers on this issue but i still can not get the 1030 and 1058 event id codes from showing up on the primary ad server which is also the global catalog server.

I have 2 ad servers and the other one is not having this problem. The other ad server is the infastructure master and i have not seen any of these event ids show up. the primary ad server is the RID Master and the PDC Emulator. I have noticed that the secondary ad server is "fighting" for the master browser role but i didnt think anything of it.

What am i missing here?

Wm. Reynolds
RRWDS | TxPSS

 
This is the the kind of errors that I hate the most. Usually it IS DNS related, though sometimes it could be a result of screwed NTFRS replication of SYSVOL share.

couple of tests that might help you pinpoint the problem:

1) create a scheduled task on the client experiencing the problem, which will open an interactive cmd shell (by default will run as Local System account). When the window pops up, check if you can resolve/access the sysvol share.

2) Check out the following KB:
try enabling verbose logging and drill down the logs for any errors.(the article applies to W2K, so you might need to adjust it to your needs - gpotool is depricated in favor of gpupdate/gpresult)

3) go over the system variables to determine the DC the client used to logon. Make sure the DC is resolvable by FQDN and it's hostname.

4) Use ntfrsutl.exe with "ds" or "sets" options to make sure the SYSVOL is replicating ok.

5) Check out that the comuter accounts have at least read access to SYSVOL and the folder where the GPT part of the GPO is located (both NTFS and share permissions)
 
Got this from Eventid.net.. see if it helps

Adrian Grigorof (Last update 8/3/2006):
As per M810907 (applicable to Windows XP) this may occur in conjunction with Event id 1030 and it is a confirmed (known) problem with XP. A hotfix is available.

This event is also reported in many instances of upgrades from Windows NT or Windows 2000 to Windows 2003 Server.
Some other recommendations in regards to this (from newsgroup posts) is to verify that:
- DFS service on all DCs is started and set to "Automatic"
- there are no FRS issues - (if there are, toubleshoot those first)
- TCP/IP Netbios Helper service is started and set to "Automatic"
- the "Everyone" has the "bypass traverse checking" user right
on the default domain controller policy
- the antivirus (if installed) is not scanning the sysvol or subfolders, if so, exclude it
- consider that the error description in event id 1058 ("network path not found" or "access denied") is caused by different problems and have different solutions.

Other posts from Microsoft engineer suggest that if a domain controller is multi-homed (more than 1 network card) they may experience this problem (note that "network card" could mean a physical or a virtual one - i.e. VMWare or VPN virtual adapters). The posts also indicate that the Client for Microsoft Networks and the File and Printer Sharing services have to be bound to the network adapter.

See also M307900 on updating Windows 2000 Group Policy for Windows XP.

Reported errors:
Error "Access denied" - For a generic description of such error see the link to Error code 5.
Error "The network path was not found." - See Error code 53.

From a newsgroup post: "I had the 1030 and 1058 errors in the event log every 5 minutes on a W2K3 domain controller that also ran DNS, DHCP, Exchange 2003 Standard, DFS & IIS. After calling Microsoft Tech Support and spending few hours on the phone, the thing that finally got rid of the error messages was reinstalling TCP/IP. This is not a task to be done trivially. My DC was down for about an hour total, so you'll want to make sure you have that much time. M325356 describes how to TCP/IP on a domain controller.
 
Its not a client having the problem... its the primary dc having the problem. It has only 1 network card and it is the primary DNS and WINS server as well. I did not notice this problem till after i added the second dc and made it the infastructure master so that the gc could function correctly. If i look at the event log it will finally load the GPO after an hour or so then it starts all over again with the errors 1030 and 1058. its an endless cycle. it has errors then it successfully applies it, it has errors and then it successfully applies it.

DNS seems to be running correctly it has error when i boot the server up but its the only DNS server on the domain but after DNS started there are no errors. i noticed in the DNS in the domain zone the _msdcs folder is a grey color and not the normal file folder color. there are 2 zones in the foward lookup zones _msdcs.domain.org and domain.org

its agreavating me and i cant figure out the problem. its like im missing something. all the clients have no problems with the GPO. There are no 1030 or 1058 on the clients or the other dc. its just the primary dc that is having the problem.

Wm. Reynolds
RRWDS | TxPSS

 
Have you run DCDIAG.EXE yet? This will tell you what problems you may be having. We had the same issue and we <finally> got it fixed. DCDIAG is where to start. Post the results here.
Also, what versions are the OSes for the two servers?

Bill
 
Rey,

OK on the DCDIAG.
Which servers have DNS running?
Are they Active Directory Integrated zones? If not, what are they?
Do you have DHCP running? If so, on which server(s)?

Bill


 
Rey,

Another question; did you do what MS KB article #867464 says to do? That was part of what we did along with one other step which I will explain depending on your answers to the question I posted about 10 minutes ago. It took us some effort, but we fixed it. You'll get it done.....

Our problems started when we installed a server that is the R2 version of Windows Server 2003. It uses a slightly different AD schema than even Windows Server 2003 (non-R2).


Bill
 
DNS is only running on the primary DC server and its AD integrated. DHCP is running on that server also. The other server is just technically the backup and the infastructure master so that the GC can work correctly. The primary server also has the GC.

The DNS does not have any error codes any more nor does it have any while its running.

Wm. Reynolds
RRWDS | TxPSS

 
The 'dfsutil /PurgeMupCache' command at the bottom stopped the errors until the next reboot on our DC.

Do your DC's have SP1 installed?
 
One issue that seems wrong if I remember correctly, is that all servers running AD must have DNS running on the server locally. You want to check into that. You state that DNS is only on the primary server.
 
DNS is not required on all DC's but Active Directory needs to be able to communitcae with a DNS server.
 
Porkchop,

True, but what happens if he boots the server with no DNS running and the other server is down (say, he's rebooting both servers)? Do you think he should install DNS on the other server and make it AD Integrated?

Bill
 
Yep redundancy is always a good idea i would always have two DNS severs and make them AD intergrated.
 
I can do that and install DNS on the other server. I used to get errors when i had to reboot the primary server in DNS but i havent had any errors recently. I changed the dns address from 127.0.0.1 to its true IP address and that seemed to fix the DNS errors i was having but these 1030 and 1058 errors are a headache. I read that one tech article from MS you sent porkchop about those errors on the dc server and i have already seen that one and everything looked to be ok in all the settings unless i just over looked somthing. I checked DNS and both the forward and reverse lookup zones are running correctly. I can change an ip address and DNS changes like its suppose to so both zones are running right. I followed microsofts instructions on checking and resetting the permissions on the SYSVOL folder and its sub-folders thinking that was it but that didnt help.

Ive been doing this for a while and granted i like windows server 2003 but i didnt have any problems with AD in windows 2000 server.

Wm. Reynolds
RRWDS | TxPSS

 
Rey,

Did you look at MS article #867464 and did you find a duplicate entry?

Bill
 
That event doesnt even show up in DNS but i did look thru to see if there was a duplicate. Currently its set to All DNS Servers in the Active Directory Domain domain.com. In the foward lookup zones there are two folders.

Folder 1 is _msdcs.domain.com and folder 2 is domain.com. In folder 2 there are 2 folders called DomainDNSZones and ForestDNSZones but i take it those are suppose to be there or did i misread that article?

Wm. Reynolds
RRWDS | TxPSS

 
reynolwi did you try the 'dfsutil /PurgeMupCache' command to see if it stopped the errors?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top