Risoluzione errori Event Viewer

Torna alla pagina delle informazioni tecniche
Torna alla Home Page di Jack

Event ID 1000 and 1001
Event ID 1010 - Perflib
Event ID 1051
Event ID 1053 - Userenv
Event ID 1054
Event ID 1218 - You do not have access to logon to this Session.
Event ID 1311
Event ID: 2011
Event ID 2019, 2020, 2021 2022
Event ID 2114 and 7024
Event ID 2504, 2505, 8021 and 8032 - Inability to Browse
Event ID: 3095
Event ID 4119 and 4311
Event ID: 4319 -Duplicate Names on the Network
Event ID: 4320 - Duplicate name has been detected on the TCP network
Event ID 5701 - The Netlogon service failed to update the domain trust list
Event ID 5774 and 5775 - Netlogon
Event ID 5719 - The system cannot log you on now because the domain name is not available.
Event ID 5805 - Net Logon
Event ID: 7024
Event ID 7024, 20103 and 20133 - RRAS Fails to Start
Event ID 8017 - Scheduled Backup Does Not Run
Event id: 8021
Event id: 8032
Event ID 10002 - Scheduled Backup Does Not Run

Event ID 1000 and 1001: If a multihomed domain controller does not have File and Printer Sharing bound to it, the following multiple problems are logged or displayed when you attempt to work with Group Policy objects on the domain controller:

1)UserEnv 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).
2) SceCli 1001 Security policy cannot be propagated. Cannot access the template. Error code = 3. \\domain name\sysvol\domain name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
3) UserEnv 1000 Windows cannot access the registry information at \\domain name\sysvol\domain name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol with (51).
4) Attempting to gain access to the Group Policy objects by using the Domain Security policy and the Default Domain Controller Security policy displays a "Group Policy Error" error message. The text of the message states: "Failed to Open Group Policy Object. You may not have appropriate rights. Details: The network path not found."
5) Attempting to access the Group Policy objects by using the Active Directory Users and Computers snap-in or Group Policy Editor displays a "Domain Controller for Domain domain name not found" error message. There are several options, none of which work.
6) Attempting to open the Sysvol share by using \\domain name\sysvol causes a "Remote Computer not available" error message.

RESOLUTION:
1) Change the binding order of the network adapters so that the adapter that is listed at the top of the Connections list has File and Printer Sharing bound to it.
2) Make sure File and Printer Sharing for Microsoft Networks is enabled on the interface.
3) Disable unplugged network adapters if you have more than one adapters in the computers.
4) Restore \\winnt\sysvol from a backup.

Event ID 1010 - Perflib

Symptoms: The Event Viewer may shows Event ID 1010 ""The Collect procedure for the "tcpip" service in DLL "C:\WINNT\SYSTEM32\PERFCTRS.DLL" generated an exception or returned an invalid status. Performance data returned by counter DLL will not be returned in perf data block."

Resolutions: 1. Changing to 0 the value of the register [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance]
or refer to MS Q300956.
2. Download and install exctrlst.exe from Resource kit from Microsoft web site. Mark tcpip and reboot the server

Event ID 1051:  The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: yourdomainname.com

RESOLUTIONS:

1. Delete the DHCP on the router if you have two DHCP, one on the router and another one on your MS server.
2. Delete the DHCP servers from Active Directory Sites and Services, and then reauthorize the DHCP servers.
3. Authorize the DHCP servers by using Adsiedit.msc, which is an administrative tool included in the w2k support tools CD.

Event ID 1053 - Userenv 

Symptoms: your w2k/xp clients may receive this Event ID 1053 - Windows cannot determine the user or computer name. (<error description>). Group Policy processing aborted.  Or error: "The specified user does not exist."

Resolutions: 1. Make sure that your internal DNS server is the server for the domain you are logging in to.
2. Verify the DNS Settings. This will occur if your DNS server is unable to resolve information about your domain.
3. Delete the problem computer from DNS records and re-create it.

Event ID 1054: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.

Symptoms: Your XP computer may experience an extremely slow logon when connecting to the domain. You also receive the Event ID 1054 in the application event log:

Event ID: 1054
Source: Userenv
Type: Error
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.

Resolutions: This is mostly like DNS issue and it occurs because the client may not be able to reach the DNS or the configured preferred DNS server on the client is not valid. If all XP computers have the same problem, check the DNS server settings; if only a few xp computers have this problem, make sure they have correct DNS settings. You may use ipconfig or nslookup to troubleshoot.

Event ID 1218 - You do not have access to logon to this Session.

1. Windows 2000 domain controllers running Terminal Services configured to use Remote Administration mode do not permit regular user logon, with the exception of two concurrent administrator accounts for server management. When a user attempts to connect to a Windows 2000-based domain controller running Terminal Services configured to use Remote Administration mode, the following error message is generated: You do not have access to logon to this Session.

2. Windows 2003 domain controllers running RDC do not permit regular user logon, with the exception of administrator accounts.

3. The user attempting to log on does not have sufficient permissions on the appropriate RDP-TCP connection. Modify the RDP-TCP permissions by using Terminal Services Configuration to grant the user or group the logon permission.

4. Terminal Services has a default connection security setting allows only administrators to log on. If the security attributes on a specified connection have not been set, the connection inherits these default security settings.

Error 1311 - There are currently no logon servers available to service the logon request

Symptoms: The primary purpose of logging on with cached credentials is to enable you to access the local workstation. However, if you have logged on by cached credentials, you may be unable to access network resources because you have not been authenticated. For example 1) after you log on to a w2k/xp laptop by using cached credentials, you may be unable to access the network resources. This issue is commonly experienced by laptop users whose computer resides in a Windows Server domain and who log on to the computer by using cached credentials prior to being able to establish a remote access connection. 2) You log on to a w2k/xp laptop with a domain logon option in a workgroup network. After you establish the connection and you try to map the network drives, the operation may be unsuccessful, and you may receive the following error message: "System Error: (1311) There are currently no logon servers available to service the logon request."

Resolutions: To authenticate the cached credentials, 1) if it is w2k/xp, use net command, for example, net use \\servername\sharename /user:username. 2) if xp, open Windows Explorer>Tools>Map Network Drive. Click Connect using a different user name, enter the username and password.

Event ID: 2011 When accessing shares on a server from a client, you may receive "Not enough server storage is available to process this command." error. .

Resolution: The registry value IRPstackSize may be not explicitly present. To increase the value of the parameter, go to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\Parameters. If the key is not present, choose Add Value in the Registry Editor. The Value Name should be IRPStackSize and the Data Type is REG_DWORD. Refer to MS Q106167 and Q177078 for more details.

Event ID 2019, 2020, 2021 2022
"Windows cannot logon you because the profile cannot be loaded"
"Insufficient system resources exist to complete the requested service"
"Not enough storage available to process this command"

Symptoms: Some hardware like 3COM  Dynamic Access Protocol and USRobotics PCI 56K faxmodem, and software such as Symantec's Norton AntiVirus, Open File Manager and overloading services can cause to leak non-paged pool memory. You may get the following symptoms.
1.You may receive Event ID 2019, "The server was unable to allocate from the system non-paged pool because the pool was empty".
2. Your server may lose network connectivity with its clients and report the following errors in the event log: Event ID: 2020, "The server was unable to allocate from the system paged pool because the pool was empty".
3. Event ID: 2021: Server was unable to create a work item n times in the last seconds seconds.
4. Event ID 2022: "The server was unable to find a free connection 4 times in the last 60 seconds".
5. Your server may stop accepting new user connections and you may receive this message "Windows cannot logon you because the profile cannot be loaded. Contact your network administrator. DETAIL - Insufficient system resources exist to complete the requested service."
6. You may receive the following error: "Not enough storage available to process this command".
7.  If you keep getting above errors without fixing,  the server may need to reboot.

Resolutions: 1. Apply the Latest Service Pack.
2. Apply the Latest Device Driver Updates.
3. Examine the Hard Disks for Errors and Defrayment the Hard Disk Drives.
4. Upgrade or apply SP to the suspect software.
5. Try to maximize the resources that can be made available to the Server service. This may eliminate the error messages or only lessen the frequency of the errors.
Still need help, contact consultant        More resolutions for ChicagoTech Consultants (need password to logon)

Event ID 2114 and 7024

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 2114
Description: The Server service is not started.
 
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Description: The Netlogon service terminated with service-specific error 2114.

Causes: Netlogon Issue

Event ID 2504, 2505, 8021 and 8032 - Inability to Browse

Symptoms: 1. When you double-click My Network Places in a client, an incomplete browse list is displayed.
2. Computers that do not have file and printer sharing turned on do not appear in the browse list.
3. Windows client that try to use the browse list gets Event ID 8021 or 8032:
4. On the domain controller that does not have file and printer sharing turned on gets Event ID: 2504 or Event ID: 2505

Resolutions: 1. A Windows computer that becomes a backup browser but that does not have file and printer sharing turned on cannot share the browse list with clients. In the other words, any computer that is to be included in the browse list must also have file and printer sharing turned on. Make sure you have installed or turn on file and printer sharing on the domain controllers and on any computer that is in the browse list.
2. If the multihomed computer network cards are linked to the same subnet or the computer as master browser is using an incorrect subnet mask, unbind all but one of the TCP/IP subnet transport bindings from the workstation service; or remove all but one of the network cards or RAS connections; or at the command prompt type the following command: net stop browser. NOTE: After you perform these steps, wait at least 10 minutes to see if the errors still occur.
3. Also, you may want to check IPC$ status on the server by using net share command.

Event ID:  3095 - Source: NETLOGON - This Windows NT computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in    this configuration.

RESOLUTION:

1. Since the Netlogon service should not be configured to start automatically on a server that is not a domain member (a stand-alone server ora non-networked Windows NT-based computer), configure the Netlogon service so that its startup type is set to "Manual."
2. Make workstation service is running and restart

Event ID 4119 and 4311

Symptoms: After install or uninstall some services or patches, you may receive some the following messages:

   Event ID   : 4119
   Source     : TCP/IP
   Description: IP could not open registry key for NdiswanX.
			-or- 
   Event ID   : 4311
   Source     : NetBT
   Description: Initialization failed because the driver device could not be created.

Cause: Some of the registry keys associated with the services or patch were not correctly removed or installed correctly  when installed and uninstalled. You may need to modify the registry manually. Alternatively, you may re-apply latest SP.

Event ID 4319: Duplicate Names on the Network

SYMPTOMS: When you start the computer, the NetBIOS name resolution over your Transmission Control Protocol/Internet Protocol (TCP/IP)-based network may not succeed, and Event Viewer may report Event ID 4319 with the following error message: "A duplicate name has been detected on the TCP network". The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to check which name is in the conflict state.

RESOLUTION:
1) To resolve this issue, delete the static WINS mappings and clean (scavenge) the WINS database. To delete the static mappings, go to WINS Manager>Mappings Static Mappings>WINS Static Mapping, and then click Delete Mapping. To clean the WINS database, click Initiate Scavenging in WINS Static.
2) If the server is a multihomed WINS server, disable the WINS client on one of the network adapters. To disable the WINS client, go to Control Panel>Network>Bindings, In the Show Bindings For list, click All Adapters, right-click WINS Client (TCP/IP), and then click Disable.
3) If the WINS service on WINS server stops unexpectedly or does not start again after it is stopped. Obtain the latest service pack for Windows 2000.

Event ID 4320 - Source: NetBT. Description: Another machine has sent a name release message to this machine probably because a duplicate name has been detected on the TCP network. The IP address of the node that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. This article may also apply to Event ID: 4319.

Resolutions: 
1. If two computers on the Network with the same name, use the nbtstat -n command to find out these two computers, for example, using nbtstat -n to check the name and ip of the local computer, and then using  nbtstat -a command with the IP address to get the another computer name.
2. If identical username is logging on to multiple computers, the usernames will register with a <03h>, and that may cause the name conflict in the network. Ask the user to log off of all computers and log back on to just one computer.
3. This may be occurred because of inactive or duplicate names in the WINS Database. Go to the WINS server, check the database and delete the inactive or duplicated names.
4. This my be  occurred because of  a possibly corrupted DHCP database. To clear DHCP related entries or clean out old settings in the registry, delete any .mib files, and then reinstall DHCP.
5. This may be occurred because of  conflicting NICs in a Multihomed Computer. To fix this problem, you may want to stop Computer Browser service or uncheck one of Client for MS Network.
6. This may be ocurred because IPCONFIG /ALL returns incorrect host name. To change computer name in the TCP/IP parameters section, run regedit.exe, and locate the HOSTNAME value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters, and then edit the string data.

Event ID 5701 - The Netlogon service failed to update the domain trust list

Netlogon Event ID 5701:    The Netlogon service failed to update the domain trust list. The following error occurred: There are currently no logon servers to validate the logon
 request.

Causes: 1. You may have exhausted the NetBT datagram buffer.
2. This error can be caused by a failing NIC or defective device driver.

Event ID 5774, 5775 and 5781 - Netlogon

Symptoms: you may find Event ID 5774 and 5775 - Registration of the DNS record '<dns record>'. 600 IN SRV 0 100 3268 <domain name>.' failed with the following error: <error description>.on your AD with DNS server.

Resolutions: 1. Make sure the Domain Controller  points to itself as a DNS server.
2. If you have two NICs on this server, disable one of them or point all NICs to the internal DNS.
3. If you just upgraded the server or changed the IP, you may need delete the problem record manually and restart the NETLOGON service.

Event ID 5719 - The system cannot log you on now because the domain "name" is not available."

Symptoms: when attempting to logon a domain,  you keep getting an error that "The system cannot log you on now because the domain "name" is not available."  Also, Event viewer shows Event ID: 5719.  No Windows NT or Windows 2000 Domain Controller is available for domain <domain name>. The following error occurred: There are currently no logon servers available to service the logon request. 

Resolutions: One possible cause of this error is that you have run out of buffer space in the NetBT datagram buffer. To resolve this problem, increase the MaxDgramBuffering value from 128 KB to 256 KB. Run Regedt32.exe, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. On the Edit menu, click Add Value, and then add the following information:

Value Name: MaxDgramBuffering
Data Type: REG_DWORD
Value: 0x40000

Event ID 5805 - Net Logon
 
Cause: A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name, or the computer name has not replicated to every domain controller.
 

Event ID:  7024 - Source: Service Control Manager - The Net Logon service terminated with service-specific error 3095.

Resolution: refer to Event ID:  3095

Even ID 7024, 20103 and 20133 - RRAS Fails to Start

Symptoms: When attempting to start RRAS, you can't and  Event Viewer also lists the following error:

Event ID: 20103 - Description: Unable to load C:\WINNT\system32\ipxrtmgr.dll.
Event ID: 20133 - Description: The description for Event ID (20133) in Source (IPXRouterManager) could not be found.  It contains the          following insertion string(s):.
Event ID: 7024 - Description: The Routing And Remote Access Service service terminated with service-specific error 1003.

Resolutions: 1. If you don't use IPX, delete IPX from HKEY_LOCAL_MACHINE>System>CurrentControlSet>Services>RemoteAccess>RouterManagers.
2. If you use IPX, manually set the internal network number and specify Manual Frame Type Detection for the properties of the NWLink IPX/SPX Compatible Transport.

Event id: 8021 - Source: Browser - Description: The browser was unable to retrieve a list of servers from the browser master <PDC> on the network \device\<protocol_netcard>. The data is the error code. Resolution: Fixing Browser Problem.

Event id: 8032 - Source: Browser - Description: The browser service has failed to retrieve the backup list too many times on transport of <protocol_netcard>. The backup browser is stopping. Resolution: Fixing Browser Problem.

This web is provided "AS IS" with no warranties.