XP clients can't get group policy

[deano050778]

I am having loads of problems with my XP clients. I can join the domain on my 2003 server, and log onto to it.

yet, I get loads of errors in the event viewer. It starts with:

NETLOGON
No domain controller is available for domain ****** due to the following. No RPC server available. Make sure the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

then.....

DHCP
Your computer was not able to renew its address from the network (from the DHCP server)for the network card with the address **********. The following error occured: the semaphore timeout period has timed out. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

then I get a warning - DHCP
Your computer has automatically configured the IP address for the network card with network address xxxxxxx. The IP address being used is 169.254.95.168.

Then lastly, and most concerning, I get USERENV error stating:

Windows cannot determine the user or computer name. (A socket operation was attempted to an unreachable host.) Group Policy processing aborted.

I also get two w32time errors which I believe could be related to the above, aswell as a sql$microsoftbc error.

but even after all those error messages, my machine still has a IP address from the DHCP range, and I can ping the server aswell as log onto it.

Any ideas on how to resolve this? I desperatly need to have group policies applied!

 

[mlichstein]

That sounds to me like a timing problem. It sounds like the computer is not getting an IP from the DHCP server when it initially comes up. This causes the GPOs not to apply (which is why you have the userenv errors and the netlogon errors).

Do all of these clients have the same network adapter? If so, you may want to see if there is a newer driver for it.

 

[deano050778]

I looked for new network drivers, but they appear to be the latest. All the machines are identical with Intel 1000/MT adapters.

If I set a static IP I still get the netlogon error -

NETLOGON
No domain controller is available for domain ****** due to the following. No RPC server available. Make sure the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

and....
USERENV error stating:

Windows cannot determine the user or computer name. (A socket operation was attempted to an unreachable host.) Group Policy processing aborted.

I can ping the domain controller and the machine logs onto it with details in its active directory.

 

[Jpoandl]

- Do any of your client logon properly?

- Did you check the server? Are the event viewer errors on the server?

- As mlichtein suggested, did you setup W23Time properly (needed for AD authentication - all machines must be configured with a synched time)

http://support.microsoft.com/default.aspx?scid=kb;EN-US;216734

- DNS is very important, make sure all clients are pointing only to internal DNS servers. They should not be pointing to anything other then internal DNS servers. (do not point clients to ISP DNS) Your internal DNS server should forward internet bound requests to ISP DNS servers.

- If you type \\servername is one of the displayed shares NETLOGON? If not, your netlogon service did not start on the server and no one will be able to login until this starts.

-later




Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[mlichstein]

Yeah, I thought you might be using that card. There have been many issues with it, and they don't appear to have been resolved with the latest drivers.

You may want to check out this thread.

http://forums.us.dell.com/supportfo...message.id=2040&view=by_date_ascending&page=2

 

[deano050778]

Think this may be the problem. Rather strange that I have the problem with the Dell GX260's with Intel Gigabit Adapters with Cisco Switches.

I'll try in the morning with cheap 10/100 cards and let you know the results.

If this is the problem mlichstein, you have saved my job!!!

Jpoandl, which way do you display the shares?? my server is called Server2003, but when I type \\server2003 at the command prompt it isn't recognised.

 

[Jpoandl]

- If you type \\servername is one of the displayed shares NETLOGON? If not, your netlogon service did not start on the server and no one will be able to login until this starts."

on a client or better yet, do this on the server itself:

Start --> Run --> \\server2003 (enter)

-later

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[TimRegester]

If you cannot even grab an IP address, I would suggest looking at a link issue as this thread intimates.

Can we assume you have tried hard fixing the speed and duplex of the nics at both ends, this may, and you may groan at this involve going through all the available speed and duplex modes to find one that works. If there is an autoneg issue this would solve the problem. If you have tried this ignore this idea but at least you have eliminated the autoneg issue as the source of the problem.

Also disable flow control at both ends (as it is wholly unlikely that the flow control mechanisms used by Dell and Cisco match)

Possibly try disabling portfast on the cisco switches and also check that the dells have not got a network bridge installed in the network settings (highly unlikely but I have seen it)

All these issues are from experience.

 

[deano050778]

Joseph, I can see netlogon on the server once the XP client has started up. It definatly seems like a timing issue or something.

Tim, do you suggest setting the speed on the switches to 100mbit Full Fuplex and the same on the NIc in the Dell? or just the NIC in the dell and drop the server from Gigabit to 100mbit Full Duplex?

Which way do you disable Flow Control?

 

[TimRegester]

If the clients are Dells running XP Pro I would start by setting the speed to 100BASE-T full duplex with no flow control. Set the switch port to the same. If that does not work try 100BASE half duplex the 10BASE full duplex then finally 10BASE half duplex. See Bcastners excellent faq586-4186 in the ethernet forum.

This is especially important on the server to switch link.

FLow control should be off on all links since only if the nic in a device states explicitly that it should work with the switch or hub vendors flow control will it work, otherwise it can at best be a useless overhead or, at worse prevent it working. Cisco did have links with intel but the dell GX260s I have seen use a generic intel nic chipset and i doubt the flow control mechanism will work.

 

[Jpoandl]

I'm not sure you are having a network connectivity issue...but I would continue looking at this from a hardware and an OS perspective.

From an OS perspective:

"I can see netlogon on the server once the XP client has started up." This must mean that the client has a valid IP address! Did the error that you were reporting to us before away --> "DHCP
Your computer was not able to renew its address from the network (from the DHCP server)for the network card with the address **********. The following error occured: the semaphore timeout period has timed out. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

then I get a warning - DHCP
Your computer has automatically configured the IP address for the network card with network address xxxxxxx. The IP address being used is 169.254.95.168."

You can also try testing by setting a client to a static IP address. Then look for the errors you have been describing...after all, you might be having a simple DHCP problem on the server.




Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[deano050778]

Joseph, When I set a static IP address it seems to work fine. No error messages in the Event Log. The DHCP server does allocate an address, just not quick enough.....

Any way I can change the timeout?

 

[Jpoandl]

When I set a static IP address it seems to work fine. No error messages in the Event Log." You probably don't have a hardware problem. This is some kind of windows issue with DHCP.


"The DHCP server does allocate an address, just not quick enough....." What do you mean here....there is no rush to get the DHCP address. When you boot the computer or run IPCONFIG /release and then IPCONFIG /renew, the computer will get an ip address. There is no time limit for this...explain what you mean by time limit.

By the way, this address: 169.254.95.168 isn't coming from the DCHP server. This is being automatically assigned because the DHCP server did not responsive.

I think you have a simple DHCP problem here....

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[deano050778]

Sorry i didn't make myself clear Joseph. I'll show the times of the messages in the log to show you the order of appearance. If I set the machine to get a DHCP address I get the following Errors in the Event Log -

DHCP - (Warning)- Your computer was not able to renew its address from the network (from the DHCP server)for the network card with the address **********. The following error occured: the semaphore timeout period has timed out. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


W32Time (Warning) - saying it can't syncronise the time. in the system log at 10.39.51am

DHCP (Warning) "Your computer has automatically configured the IP address for the network card with network address xxxxxxx. The IP address being used is 169.254.95.168" in the System log at 10:39.51am

W32Time - it now says it can syncronise the time with the time server 10.33.1.1 - (The Servers' IP)

I also get the following error in the Application log -
Userenv (Error) - Windows cannot determine the user or computer name. (A socket operation was attempted to an unreachable host.) Group Policy processing aborted - at 10.41.27am.

When the machine logs on though, if I got straight to the command prompt, and type ipconfig /all, it has picked up an IP address from the DHCP scope, the DNS, default gateway etc......

it is just the same as the DHCP doesn't allocate the machine's IP quick enough....

 

[Jpoandl]

This doesn't make sence. What is the IP of your server?

The IP you are getting is not being handed out by the DHCP server. The IP you got is: 169.254.95.168

This is a self-allocated IP address. You will get an IP address in the 169.254.95.0 subnet when you can not reach a DHCP server (but are configured to use a DHCP serveR).

I would bet that your server has an IP address that does not start with 169.254.95.x.

Everything works fine when you set a manual IP address on the client. What manual IP address did you set?

It looks like you have a DHCP problem. Verify that DHCP is setup properly. Make sure that DHCP is authorized in your domain. Make sure that the DHCP service is running. Make sure that you have configured a DHCP scope that hands out the appropriate IP address, DNS server addresses, etc.

-later

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[deano050778]

My server IP is 10.33.1.1. The scope I have set up is 10.33.1.2 thru to 10.33.1.253.

If I check the ip of a client when it is set to DHCP I get an address from that range. Same if I release it and renew it. Still got errors in the event log though.

If I set a manual one, such as 10.33.1.250, (which I know hasn't been allocated, it works fine, no even viewer errors.

How do I make sure the DHCPis registered in my domain? All my DNS, DHCP, default gateway, subnet mask is set correctly.

 

[Jpoandl]

OK...so I get it now. Even though you get error when you receive an IP address from DHCP (Like this one: The IP address being used is 169.254.95.168), you still actually get an IP address.

so, you get this error: "The IP address being used is 169.254.95.168" but when you do a local IPCONFIG /all, you see the proper IP (10.33.1.x)

Do you see the address 169.254.95.168 listed in the IPCONFIG /all? Or do you just see the good address of 10.33.1.x?

Do you have multiple nics on the client? If so, disable the nic not connected to the network.

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[deano050778]

if I do a local ipconfig/all, I only see the proper IP from my DHCP scope from my server. No sign of the 169.254.95.168. I've only got the onboard nic on the client.....

Thanks so much for your time Joseph.....

 

[stunpals]

Could this be something to do with XPSP2 and its Firewall..? Just a suggestion..

 

[mlichstein]

It's the Intel NIC, as I indicated above. It's very problematic when it comes to the timing (not w32time) of the login process.

If possible, you should try a different NIC, and disable the onboard one and see if you have the same problem.