Event ID 1000 and 1001: If a multihomed domain controller does not have File and Printer Sharing bound to it, the following multiple problems are logged or displayed when you attempt to work with Group Policy objects on the domain controller:1)UserEnv 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).
Event ID 1010 - Perflib
Symptoms: The Event Viewer may shows Event ID 1010 ""The Collect procedure for the "tcpip" service in DLL "C:\WINNT\SYSTEM32\PERFCTRS.DLL" generated an exception or returned an invalid status. Performance data returned by counter DLL will not be returned in perf data block."
1. Changing to 0 the value of
the register [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance]
or refer to MS Q300956.
2. Download and install exctrlst.exe from Resource kit from Microsoft web site. Mark tcpip and reboot the server
1. Delete the DHCP on the router if you have two
DHCP, one on the router and another one on your MS server.
2. Delete the DHCP servers from Active Directory Sites and Services, and then reauthorize the DHCP servers.
3. Authorize the DHCP servers by using Adsiedit.msc, which is an administrative tool included in the w2k support tools CD.
Event ID 1053 - Userenv
Symptoms: your w2k/xp clients may receive this Event ID 1053 - Windows cannot determine the user or computer name. (<error description>). Group Policy processing aborted. Or error: "The specified user does not exist."
1. Make sure that your internal DNS server is the server for the
domain you are logging in to.
2. Verify the DNS Settings. This will occur if your DNS server is unable to resolve information about your domain.
3. Delete the problem computer from DNS records and re-create it.
1. Windows 2000 domain controllers running Terminal Services configured to use Remote Administration mode do not permit regular user logon, with the exception of two concurrent administrator accounts for server management. When a user attempts to connect to a Windows 2000-based domain controller running Terminal Services configured to use Remote Administration mode, the following error message is generated: You do not have access to logon to this Session.
2. Windows 2003 domain controllers running RDC do not permit regular user logon, with the exception of administrator accounts.
3. The user attempting to log on does not have sufficient permissions on the appropriate RDP-TCP connection. Modify the RDP-TCP permissions by using Terminal Services Configuration to grant the user or group the logon permission.
4. Terminal Services has a default connection security setting allows only administrators to log on. If the security attributes on a specified connection have not been set, the connection inherits these default security settings.
Symptoms: The primary purpose of logging on with cached credentials is to enable you to access the local workstation. However, if you have logged on by cached credentials, you may be unable to access network resources because you have not been authenticated. For example 1) after you log on to a w2k/xp laptop by using cached credentials, you may be unable to access the network resources. This issue is commonly experienced by laptop users whose computer resides in a Windows Server domain and who log on to the computer by using cached credentials prior to being able to establish a remote access connection. 2) You log on to a w2k/xp laptop with a domain logon option in a workgroup network. After you establish the connection and you try to map the network drives, the operation may be unsuccessful, and you may receive the following error message: "System Error: (1311) There are currently no logon servers available to service the logon request."
Event ID: 2011 When accessing shares on a server from a client, you may receive "Not enough server storage is available to process this command." error. .
Resolution: The registry value IRPstackSize may be not explicitly present. To increase the value of the parameter, go to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\Parameters. If the key is not present, choose Add Value in the Registry Editor. The Value Name should be IRPStackSize and the Data Type is REG_DWORD. Refer to MS Q106167 and Q177078 for more details.
Event ID 2019, 2020, 2021 2022
"Windows cannot logon you because the profile cannot be loaded"
"Insufficient system resources exist to complete the requested service"
"Not enough storage available to process this command"
Symptoms: Some hardware like 3COM Dynamic Access Protocol and USRobotics PCI 56K
faxmodem, and software such as Symantec's Norton AntiVirus, Open File Manager and overloading
services can cause to leak non-paged pool memory. You may get the following
1.You may receive Event ID 2019, "The server was unable to allocate from the system non-paged pool because the pool was empty".
2. Your server may lose network connectivity with its clients and report the following errors in the event log: Event ID: 2020, "The server was unable to allocate from the system paged pool because the pool was empty".
3. Event ID: 2021: Server was unable to create a work item n times in the last seconds seconds.
4. Event ID 2022: "The server was unable to find a free connection 4 times in the last 60 seconds".
5. Your server may stop accepting new user connections and you may receive this message "Windows cannot logon you because the profile cannot be loaded. Contact your network administrator. DETAIL - Insufficient system resources exist to complete the requested service."
6. You may receive the following error: "Not enough storage available to process this command".
7. If you keep getting above errors without fixing, the server may need to reboot.
Resolutions: 1. Apply the Latest Service Pack.
2. Apply the Latest Device Driver Updates.
3. Examine the Hard Disks for Errors and Defrayment the Hard Disk Drives.
4. Upgrade or apply SP to the suspect software.
5. Try to maximize the resources that can be made available to the Server service. This may eliminate the error messages or only lessen the frequency of the errors.
Still need help, contact consultant More resolutions for ChicagoTech Consultants (need password to logon)
Event ID 2114 and 7024
Causes: Netlogon Issue
Symptoms: 1. When you double-click
My Network Places in a client, an incomplete browse list is
2. Computers that do not have file and printer sharing turned on do not appear in the browse list.
3. Windows client that try to use the browse list gets Event ID 8021 or 8032:
4. On the domain controller that does not have file and printer sharing turned on gets Event ID: 2504 or Event ID: 2505
Event ID: 3095 - Source: NETLOGON - This Windows NT computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
1. Since the Netlogon service should not be configured to start automatically on a
server that is not a domain member (a stand-alone server ora non-networked
Windows NT-based computer), configure the Netlogon service so that its
startup type is set to "Manual."
2. Make workstation service is running and restart
Symptoms: After install or uninstall some services or patches, you may receive some the following messages:
Event ID : 4119 Source : TCP/IP Description: IP could not open registry key for NdiswanX. -or- Event ID : 4311 Source : NetBT Description: Initialization failed because the driver device could not be created.
Netlogon Event ID 5701: The Netlogon service failed to update the domain trust list. The following error occurred: There are currently no logon servers to validate the logon request.
Causes: 1. You may have exhausted the NetBT datagram buffer.
2. This error can be caused by a failing NIC or defective device driver.
Symptoms: you may find Event ID 5774 and 5775 - Registration of the DNS record '<dns record>'. 600 IN SRV 0 100 3268 <domain name>.' failed with the following error: <error description>.on your AD with DNS server.
Make sure the Domain
Controller points to itself as a DNS server.
2. If you have two NICs on this server, disable one of them or point all NICs to the internal DNS.
3. If you just upgraded the server or changed the IP, you may need delete the problem record manually and restart the NETLOGON service.
Symptoms: when attempting to logon a domain, you keep getting an error that "The system cannot log you on now because the domain "name" is not available." Also, Event viewer shows Event ID: 5719. No Windows NT or Windows 2000 Domain Controller is available for domain <domain name>. The following error occurred: There are currently no logon servers available to service the logon request.
Resolutions: One possible cause of this error is that you have run out of buffer space in the NetBT datagram buffer. To resolve this problem, increase the MaxDgramBuffering value from 128 KB to 256 KB. Run Regedt32.exe, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. On the Edit menu, click Add Value, and then add the following information:
Value Name: MaxDgramBuffering
Data Type: REG_DWORD
Event ID 5805 - Net Logon
Cause: A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name, or the computer name has not replicated to every domain controller.
Event ID: 7024 - Source: Service Control Manager - The Net Logon service terminated with service-specific error 3095.
Resolution: refer to Event ID: 3095
Resolutions: 1. If you don't use IPX, delete
IPX from HKEY_LOCAL_MACHINE>System>CurrentControlSet>Services>RemoteAccess>RouterManagers.
2. If you use IPX, manually set the internal network number and specify Manual Frame Type Detection for the properties of the NWLink IPX/SPX Compatible Transport.
Event id: 8021 - Source: Browser - Description: The browser was unable to retrieve a list of servers from the browser master <PDC> on the network \device\<protocol_netcard>. The data is the error code. Resolution: Fixing Browser Problem.
Event id: 8032 - Source: Browser - Description: The browser service has failed to retrieve the backup list too many times on transport of <protocol_netcard>. The backup browser is stopping. Resolution: Fixing Browser Problem.
This web is provided "AS IS" with no warranties.