Userenv error 1

[Bunbu]

I'm getting errors 1058 and 1030 every 5 minutes. I usually fix this kind of errors issuing dfsutil /PurgeMupCache at the command line and everything goes back to normal for a while but after a two or three weeks I began to get the same errors all over again, this have been happening for the last 4 months. I'm clueless as to what might be causing this problem since I have three DC on my domain but only one seems to be showing this behavior.

Thanks for any clues or tips

 

[ITPangaeaArchitect]

this was a bug in win2003 that was fixed in sp1 if I remember right (it may have been a post SP1 patch)
842804 I think is the kb

This can also be caused if your DNS configuration is out of wack (see my FAQ on how to verify this)


-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 

[Bunbu]

Thanks for your reply,

I remember the bug you're talking about but The DC in question is runing Win2003 R2. I'll take a closer look to my DNS but I don't know whether I can blame it since I have three DCs and only one is getting these errors. Anyway if you have another tip I really appreciate it.

 

[ITPangaeaArchitect]

thats not all that uncomonnon, especially if all DCs point to themselves for preferred DNS. It may, or may not happen, depending on the situation of a particular system (service race conditions and things of that nature).

R2 definitely should already have the hotfix in it, so no worries there....which points it that much more towards DNS.

Its not DNS itself you should be looking at, but the DCs actual NIC configuration (binding orders correct, PDCe for preferred DNS and itself as alternate, all defaults on advanced tcp/ip properties DNS tab, etc.)

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 

[elmurado]

Does this cause problems with Group Policy being applied?
Especially at startup of machines?
If so, check the speed at which the links come up on your switches-Cisco switch ports sometimes take thirty plus seconds to come up and this interferes with GP being applied.

 

[Bunbu]

Thank you guys for your time!!

As fas as I can tell there hasn't been any issues with GPOs, everything seems to work fine and the only annoyance is the event viewer flooded with the two errors every five minutes. What's really odd is that once I run dfsutil /PurgeMupCache the errors disappear for two to three weeks. It's never a fixed period of time but it's usually more than two weeks.

Per ADGod suggestion I checked the DNS settings and found out that the DC was pointing to itself as a preferred DNS server. I don't know whether this may be the cause of this behavior. Should this DNS server use one of my other DNS servers as a preferred server?

Thanks again

 

[ITPangaeaArchitect]

Yes

I wrote a FAQ on this that is posted to this site (how to properly configure DNS for Domain controllers I think its called)

Here's the run down:

1. PDCe - points to itself and itself only
2. Replica DCs (in same site as PDCe) - point to PDCe for preferred and themselves as alternate (use IP and NOT 127.0.0.1)
3. Replica DCs (in different site than PDCe) - first DC alphabetically in branch site points to PDCe for preferred and itself as alternate, other DCs in branch site point to first alphabetical DC in their site for preferred DNS and themselves as alternates


This will help you in troubleshooting DNS problems in the future, as well as help constrain replication, along with eliminating alot of nuisances that can appear and disappear in an hour


Desigining DNS like this was a requirement foer windows 2000. In windows 2003, they technically changed the way the lookup algorithm works, allowing DCs to point to themselves as preferred, technically, however, in practice, this is a bad idea to do either way. DCs are way more prone to not come up due to service race issues, and any other number.

For the best health you can get really (as far as DCs, AD, and DNS go), use the method I supplied you above.



Now as another thing it could be...

If you're DCs are multihomed (more than 1 NIC ENABLED; not counting teamed NICs), then that needs to stop as it too could cause this...disable unnecessary NICs, ensure adapter binding order is correct, move microsoft networks to top of bindings list (over MS terminal services), ensure no other protocols other than tcp/ip are installed, ensure advanced tcp/ip properties dns tab is at all defaults (append primary and connection specific DNS suffixes; append parent suffixes; register this connections addresses in DNS....everything else should be blank except for the DNS server IPs)

also ensure you don't have a disjointed name (check my computer properties on c omputer name tab...ensure full computer name is in the format of server.domain.com).

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 

[Bunbu]

Brandon,

Thanks again for taking the time to help me with this.

I tried following your DNS FAQ, I've also checked protocol bindings and every one of your other suggestions. Like I mentioned before the issue reappears after two-four weeks so at the moment there's no telling if what I did fixes my issue. If it reappears I'll post back.

Thanks again!!

 

[ITPangaeaArchitect]

winlogon logging may be of some assistance, as will netlogon logging (from the client side; aka,the system getting the userenv errors). they do take a reboot to enable.

there are race conditions that can occur with gigabit NICs, which most servers have now, so if that condition exists, these should help point to it.



-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 

[jmorr34]

Bunbu,

What fixed those errors for my DC was that my Trend Micro Officescan was scanning the SYSVOL folders and a few other files it was not supposed to be. I had to add the directories and files to an exclusion list.

 

[ITPangaeaArchitect]

that could potentially cause the problem, however, that normally will cause journal wrap issues with FRS, which in turn moves all of the group policies, at which point you can log these errors because the policy itself cant be found (as its been moved to the journal wrap preexisting do not remove folder). This would/should be very noticeable if this occurs.



-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+