Re: XP App 1030 & Sys 40961 Errors
- From: "Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 Jan 2006 06:08:03 -0800
I found my problem.
Somehow in my User Accounts>Advanced>Passwords and .Net Passports>Manage
Passwords I had an entry for our ServerName.Domain.local. I have no idea how
that got in there but after I removed it, all appears to be well again.
Thank you for the leads.
Paul
"cjobes" wrote:
> Paul,
>
> There are several possible reasons for this. Check out the info below which
> is from EventId.net
>
> www.eventid.net is a really good resource and the annual fee is very small.
> You might want to sign up there. If you want to look up the links on the MS
> site, the "M" needs to be replaced by "KB".
>
> This problem occurs when network address translation (NAT) prevents LDAP
> requests from reaching services on the domain server. See M908370 to solve
> this problem.
>
> This problem occurs because the Group Policy engine in Windows XP
> Professional and Windows Server 2003 does not have read permissions to the
> gPLink and gPOptions attributes of the parent OUs. See M909260 to solve this
> problem.
>
> or this one....
>
> As per Microsoft: "This behavior occurs if the SMB signing settings for the
> Workstation service and for the Server service contradict each other. When
> you configure the domain controller in this way, the Workstation service on
> the domain controller cannot connect to the domain controller's Sysvol
> share. Therefore, you cannot start Group Policy snap-ins. Also, if SMB
> signing policies are set by the default domain controller security policy,
> the problem affects all the domain controllers on the network. Therefore,
> Group Policy replication in the Active Directory directory service will
> fail, and you will not be able to edit Group Policy to undo these settings".
> See M839499 to fix this problem.
>
> As per Microsoft: "This issue may occur if you have account names that use
> non-ASCII characters, such as ö and é. Windows 2000 Server and Windows
> Server 2003 do not distinguish between non-ASCII and ASCII characters in
> account names.
> Windows NT 4.0 distinguishes between ASCII and non-ASCII characters in
> account names. For example, in a Windows NT 4.0-based domain, you can use
> Administrator and Administratör as separate account names. However, in
> Active Directory, both Administrator and Administratör effectively have the
> same logon credentials. This scenario causes the conflict". See M883271 for
> details on this issue.
>
> From a newsgroup post: "I connected to the Sysvol share as the current user
> (non- administrator), and noticed that I could get into "mydomain"
> directory, but when I tried to get into Policies I received "Access Denied".
> All of the share/file permissions were correct, allowing this user to get to
> the share and to traverse/read the files within it. I tracked it down to the
> fact that I was not allowing read access for Authenticated Users, Everyone,
> Domain Users, and/or the users Group from the root (C:) to the SYSVOL
> directory. Once I allowed Everyone, or Authenticated Users, or Domain Users
> read permissions to from C: -> WINNT -> SYSVOL the users were then able to
> receive the GPO's".
>
> From a newsgroup post: "Here is what you should do to get rid of this error
> and of Event ID 1058 on Windows Server 2003. Edit the hosts file on each
> domain controller. Put in the IP address for your domain controller (the
> local IP address should be first in the list), and then next to the IP
> address do not put the host name, but put the name of the domain. Then list
> the IP address for each domain controller in your domain, on the same hosts
> file (with the domain name next to it). In other words, your hosts file
> should look like this (if you have just two domain controllers):
> <IP 1> yourdomainname.com
>
> <IP 2> yourdomainname.com
>
> Where <IP 1> = the IP address of the local domain controller for this hosts
> file.
> Where <IP 2> = the IP address of your other domain controller.
>
> yourdomainname.com = the name of your domain
>
> The list would be reversed (as far as IP address) on the hosts file on the
> other domain controller. Yes, you need a hosts file on each domain
> controller".
>
> Also check M290647, M832215, M834649, M886516, M887303, M887421, M888943,
> and MSW2KDB for more details on this event.
>
> "Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E5275B99-086C-4330-8D56-72FCF003CE1B@xxxxxxxxxxxxxxxx
> > Thanks Claus for response and I am sorry for delay and lack of
> > information -
> > year ending closures and the such.
> >
> > Topology:
> > SBS2003 Server has 1 NIC into HP Procurve Switch; No ISA or any other
> > software firewall, but has TrendMicro Officescan AV. Two other Windows
> > 2003
> > Std Servers acting as member servers; One is for running backups & hosting
> > WSUS and the other is hosting websites & has DNS/WINS running as backup to
> > domain server. Both member servers have clean log files down the line.
> > The SBS2003 server runs all services as originally installed. Under DHCP
> > the Scope Options and Server Options are listed as follows
> > Scope Options:
> > Option Name Vendor Value Class
> > 003 Router Standard 192.168.16.1 None
> > 004 Time Server Standard 192.168.16.2 None
> > 006 DNS Servers Standard 192.168.16.2 None
> > 015 DNS Domain Name Standard DomainName.local None
> > 044 WINS/NBNS Servers Standard 192.168.16.2 None
> > 046 WINS/NBT Node Type Standard 0x8 None
> > 005 Name Servers Standard 192.168.16.2 None
> >
> > Server Options:
> > Option Name Vendor Value Class
> > 005 Name Servers Standard 192.168.16.2 None
> > 006 DNS Servers Standard 182.168.16.2 None
> > 044 WINS/NBNS Servers Standard 192.168.16.2 None
> >
> > The 20 XP Pro SP2 clients (3 are laptops) all tie into the switch. Each
> > XP
> > client is fully updated with what I call a standard default installation.
> > All clients appear to have normal, fully functional look and feel - There
> > is
> > no difficulty accessing any network resources and network response time is
> > snappy. All clients are showing the same errors as described below, and
> > it
> > appears that the time lapse and frequency are very similar.
> >
> >
> > Regarding Application log Event ID 1030, here is a few of the most recent
> > entries. This list continues to the end of the log file in a similar
> > fashion:
> >
> > 01/04/2006 6:29:48 AM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/04/2006 4:57:46 AM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/04/2006 3:17:43 AM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/04/2006 1:44:41 AM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/04/2006 1:01:13 AM SceCli Information None 1704 N/A XPClient1 Security
> > policy in the Group policy objects has been applied successfully.
> > 01/04/2006 12:03:39 AM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/03/2006 10:05:36 PM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/03/2006 8:06:34 PM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was previously logged by the policy engine.
> > 01/03/2006 6:10:31 PM Userenv Error None 1030 Domain\User XPClient1
> > Windows
> > cannot query for the list of Group Policy objects. A message that
> > describes
> > the reason for this was
> >
> >
> >
> >
> > Regarding System log Event ID 40961, here is a few of the most recent
> > entries. This list continues to the end of the log file in a similar
> > fashion:
> >
> > 01/04/2006 7:05:34 AM Service Control
> > Manager Information None 7036 N/A XPClient1 The Application Management
> > service entered the running state.
> > 01/04/2006 7:05:34 AM Service Control
> > Manager Information None 7035 Domain\User XPClient1 The Application
> > Management service was successfully sent a start control.
> > 01/04/2006 6:29:48 AM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/04/2006 4:57:46 AM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/04/2006 3:17:43 AM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/04/2006 1:44:41 AM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/04/2006 12:03:39 AM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/03/2006 10:05:36 PM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/03/2006 8:06:34 PM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> > 01/03/2006 6:10:31 PM LSASRV Warning SPNEGO (Negotiator)
> > 40961 N/A XPClient1 The Security System could not establish a secured
> > connection with the server
> > ldap/ServerName.DomainName.local/DomainName.local@xxxxxxxxxxxxxxxxx No
> > authentication protocol was available.
> >
> >
> > I hope this is enough information to at least get a start and I will be
> > available from now on to supply any further information.
> > Thank You
> > Paul
> >
> >
> >
> >
> >
> >
> >
> >
> > "cjobes" wrote:
> >
> >> If you want us to help we need some more info. Most important is the
> >> source
> >> for the 2 errors. Especially 1030 shows up with quite a few different
> >> sources.
> >>
> >> What is your network topology? Do I assume right that your SBS is
> >> 192.168.16.2?
> >>
> >> Claus
> >>
> >> "Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:E485B3E3-704B-4207-9F07-92E8493F02BD@xxxxxxxxxxxxxxxx
> >> >I have an SBS2003 domain and I have all XP SP2 clients. It appears that
> >> >all
> >> > XP clients are reporting Application Error 1030 every 1 1/2 hours or so
> >> > and
> >> > at the same time System Error 40961 is observed. Network connectivity
> >> > appears to be fine as users are able to do everything they are
> >> > required.
> >> > However, I would like to resolve these errors, since they most likely
> >> > mean
> >> > something is not right.
> >> >
> >> > When I run ipconfig /all >
> >> > Microsoft Windows XP [Version 5.1.2600]
> >> > Windows IP Configuration
> >> >
> >> > Host Name . . . . . . . . . . . . : XPClient1
> >> > Primary Dns Suffix . . . . . . . : abc.local
> >> > Node Type . . . . . . . . . . . . : Hybrid
> >> > IP Routing Enabled. . . . . . . . : No
> >> > WINS Proxy Enabled. . . . . . . . : No
> >> > DNS Suffix Search List. . . . . . : abc.local
> >> > abc.local
> >> >
> >> > Ethernet adapter Local Area Connection:
> >> >
> >> > Connection-specific DNS Suffix . : abc.local
> >> > Description . . . . . . . . . . . : Marvell Yukon 88E8050 PCI-E
> >> > ASF
> >> > Giga
> >> > bit Ethernet Controller
> >> > Physical Address. . . . . . . . . : 00-11-11-40-EE-B0
> >> > Dhcp Enabled. . . . . . . . . . . : Yes
> >> > Autoconfiguration Enabled . . . . : Yes
> >> > IP Address. . . . . . . . . . . . : 192.168.16.32
> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >> > Default Gateway . . . . . . . . . : 192.168.16.1
> >> > DHCP Server . . . . . . . . . . . : 192.168.16.2
> >> > DNS Servers . . . . . . . . . . . : 192.168.16.2
> >> > Primary WINS Server . . . . . . . : 192.168.16.2
> >> > Lease Obtained. . . . . . . . . . : Monday, January 02, 2006
> >> > 7:21:10
> >> > PM
> >> > Lease Expires . . . . . . . . . . : Tuesday, January 10, 2006
> >> > 7:21:10 PM
> >> >
> >> > Network has 20 computers connected via HP Procurve switch (no special
> >> > settings on it) and SBS2003 server has 1 NIC and whole LAN is behind
> >> > harware
> >> > firewall. Also have two member Windows Server 2003 machines, one
> >> > running
> >> > as
> >> > webserver and other handles backups.
.
- Follow-Ups:
- Re: XP App 1030 & Sys 40961 Errors
- From: Tammy
- Re: XP App 1030 & Sys 40961 Errors
- References:
- Re: XP App 1030 & Sys 40961 Errors
- From: cjobes
- Re: XP App 1030 & Sys 40961 Errors
- From: Paul
- Re: XP App 1030 & Sys 40961 Errors
- From: cjobes
- Re: XP App 1030 & Sys 40961 Errors
- Prev by Date: Re: Domain Client keeps losing trust with Domain
- Next by Date: Re: Ipnat.sys seems to be blocking my VPN
- Previous by thread: Re: XP App 1030 & Sys 40961 Errors
- Next by thread: Re: XP App 1030 & Sys 40961 Errors
- Index(es):
Relevant Pages
|
