Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- From: "b225CCC@xxxxxxxxx" <b225CCC@xxxxxxxxx>
- Date: 12 Feb 2006 14:05:35 -0800
I noticed the following errors at some point (a few days) after a new
SBS 2003 install.
Userenv, Event 1006 ; occurence: every 5 minutes
Userenv, Event 1030 ; occurence: every 5 minutes
MSExchangeSA, Event 9153 ; occurence: every 13 minutes
I am new to Windows Server 2003, so I assumed that I just misconfigured
something. All these wizards make me feel like I'm missing something!
After some Internet research and randomly trying "fixes" recommended by
other people with the same problem with no luck, I just decided to
reinstall the OS.
So, yesterday, I reinstalled the OS (reformat and clean install), and
what do you know? I get the same exact errors occuring at the same
exact intervals.
My install discs install SBS 2003 Service Pack 1 and Exchange Server
2003 Service Pack 1 by default. The errors were present before any
patches / fixes / updates / etc. were installed. (i.e. Microsoft
Update or Windows Update had not been performed.)
The server has two NICs; one LAN, one WAN. The server (pdc0) acts as
the router, gateway, dns server, etc.
I had all client devices disconnected from the network. i.e. the
server's WAN NIC was connected to our T1 and the LAN NIC was connected
to a switch with nothing else plugged into it. So, to reiterate, there
is no client PC involved in this scenario.
I was logged into the server with the Administrator account that was
created during the OS install. No other users/computers had been
created. The Administrator password was not changed at any time before
the errors started occuring.
Another (odd?) thing, is that when you are in ADUC, GPMC, and I think
the DNSMGMT MC, anytime you right-click an object and select
"Properties" it takes 10-20 seconds to load/appear. This could be
normal, I don't know.
There are no third party applications running on the server such as
AntiVirus. The original install had ESET NOD32 installed.
At one point in the troubleshooting, I noticed Event 1524 (source:
Userenv):
"Windows cannot unload your classes registry file - it is still in use
by other applications or services. The file will be unloaded when it is
no longer in use."
I came across an article that said this could be caused by cached
credentials causing a problem and to use UPHClean to resolve the issue.
This was installed with no [apparent] positive effect on the original
errors.
After I checked everything I could think of, I:
1. Changed Administrator password, logged off and on, still had problem
2. Created a new user with Administrator priveleges, logged off and on
with new user, still had problem
THINGS I TRIED PER OTHER USERS' EXPERIENCES:
1. Verify that the DFS is started - verified, no changes made
2. Check binding order of NICs - verified, no changes made [ 1)
Internal (LAN) NIC, 2) External (WAN) NIC 3) RAS Adapter ]
3. Verify DNS Dynamic Updates is set to "Secure Only" - verified, no
changes made
4. Verify correct TCP/IP settings for adapters - verified (I think -
see ipconfig /all output), no changes made
5. Check Group Policy security settings - verified, no changes made. I
could not find a reference as to what exactly should be in the list,
but I assumed that it *should* be ok because (among other groups) both
Authenticated Users and Everyone has at least Read access
6. The SYSVOL share is accessible via command line,
\\ncsystemsinc.local\SYSVOL
See below for more information.
In addition the information posted below, I have, if needed:
- output from netdiag /verbose
- output from gpresult /verbose
- HTML report of Administrator's RSOP
- Any event logs in .evt format
________________________________________________
IPCONFIG /ALL
------------------------------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : pdc0
Primary Dns Suffix . . . . . . . : ncsystemsinc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : ncsystemsinc.local
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-14-22-73-7D-A7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 165.236.163.224
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 165.236.163.225
DNS Servers . . . . . . . . . . . : 192.168.47.4
Primary WINS Server . . . . . . . : 192.168.47.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection #2
Physical Address. . . . . . . . . : 00-14-22-73-7D-A6
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.47.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.47.4
Primary WINS Server . . . . . . . : 192.168.47.4
------------------------------------------------
A series of events is logged in the userenv.log every 5 minutes (like
the Application Event log userenv errors). Below is that series of
events. The section surrounded by asterisks may be helpful.
________________________________________________
USERENV.LOG
------------------------------------------------
USERENV(930.153c) 19:19:00:174 LibMain: Process Name:
C:\WINDOWS\system32\cmd.exe
USERENV(930.153c) 19:19:00:174 GetProfileType: Profile already loaded.
USERENV(930.153c) 19:19:00:174 GetProfileType: ProfileFlags is 0
USERENV(10dc.16fc) 19:19:00:299 LibMain: Process Name:
C:\WINDOWS\system32\mmc.exe
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: Entering
with timeout 40000 and flags 0x1
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: Machine
critical section has been claimed. Handle = 0x30c
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: Entering
with timeout 40000 and flags 0x1
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: User
critical section has been claimed. Handle = 0x3c0
USERENV(c98.10bc) 19:19:12:784 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(c98.10bc) 19:19:13:893 UpdateGPCoreStatus: updating status from
<Computer> registry for gp core
USERENV(c98.10bc) 19:19:13:909 UpdateGPCoreStatus: updating status from
<User> registry for gp core
USERENV(c98.10bc) 19:19:13:924 LeaveCriticalPolicySection: Critical
section 0x3c0 has been released.
USERENV(c98.10bc) 19:19:13:924 LeaveCriticalPolicySection: Critical
section 0x30c has been released.
USERENV(10dc.16fc) 19:19:23:440 GetProfileType: Profile already
loaded.
USERENV(10dc.16fc) 19:19:23:440 GetProfileType: ProfileFlags is 0
USERENV(368.f34) 19:22:28:329 ProcessGPOs:
USERENV(368.f34) 19:22:28:329 ProcessGPOs:
USERENV(368.f34) 19:22:28:329 ProcessGPOs: Starting computer Group
Policy (Background) processing...
USERENV(368.f34) 19:22:28:329 ProcessGPOs:
USERENV(368.f34) 19:22:28:329 ProcessGPOs:
USERENV(368.f34) 19:22:28:329 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(368.f34) 19:22:28:329 EnterCriticalPolicySectionEx: Machine
critical section has been claimed. Handle = 0x81c
USERENV(368.f34) 19:22:28:329 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(368.f34) 19:22:28:329 ProcessGPOs: Machine role is 3.
USERENV(368.f34) 19:22:28:329 PingComputer: PingBufferSize set as 2048
USERENV(368.f34) 19:22:28:329 PingComputer: Adapter speed 10000000 bps
USERENV(368.f34) 19:22:28:329 PingComputer: First time: 0
USERENV(368.f34) 19:22:28:329 PingComputer: Fast link. Exiting.
USERENV(368.f34) 19:22:28:329 ProcessGPOs: network name is
USERENV(368.f34) 19:22:28:329 ProcessGPOs: User name is:
CN=PDC0,OU=Domain Controllers,DC=ncsystemsinc,DC=local, Domain name is:
ncsystemsinc.local
USERENV(368.f34) 19:22:28:329 ProcessGPOs: Domain controller is:
\\pdc0.ncsystemsinc.local Domain DN is ncsystemsinc.local
USERENV(368.f34) 19:22:28:329 ReadGPExtensions: Rsop entry point not
found for dskquota.dll.
USERENV(368.f34) 19:22:28:329 ReadGPExtensions: Rsop entry point not
found for gptext.dll.
USERENV(368.f34) 19:22:28:329 ReadGPExtensions: Rsop entry point not
found for iedkcs32.dll.
USERENV(368.f34) 19:22:28:329 ReadGPExtensions: Rsop entry point not
found for scecli.dll.
USERENV(368.f34) 19:22:28:329 ReadGPExtensions: Rsop entry point not
found for C:\WINDOWS\System32\cscui.dll.
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(368.f34) 19:22:28:329 ReadStatus: Read Extension's Previous
status successfully.
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(368.f34) 19:22:28:329 ReadStatus: Read Extension's Previous
status successfully.
USERENV(368.f34) 19:22:28:329 ReadExtStatus: Reading Previous Status
for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(368.f34) 19:22:28:345 ReadExtStatus: Reading Previous Status
for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(368.f34) 19:22:28:345 ReadStatus: Read Extension's Previous
status successfully.
USERENV(368.f34) 19:22:28:345 ReadExtStatus: Reading Previous Status
for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(368.f34) 19:22:28:345 ReadExtStatus: Reading Previous Status
for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(368.f34) 19:22:28:345 ReadExtStatus: Reading Previous Status
for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(368.f34) 19:22:28:345 ProcessGPOs: Calling GetGPOInfo for
normal policy mode
USERENV(368.f34) 19:22:28:345 GetGPOInfo:
********************************
USERENV(368.f34) 19:22:28:345 GetGPOInfo: Entering...
USERENV(368.f34) 19:22:28:345 GetGPOInfo: Server connection
established.
USERENV(368.f34) 19:22:34:454 GetGPOInfo: ldap_bind_s failed with =
<82>
USERENV(368.f34) 19:22:34:454 GetGPOInfo: Leaving with 0
USERENV(368.f34) 19:22:34:454 GetGPOInfo:
********************************
USERENV(368.f34) 19:22:34:454 ProcessGPOs: GetGPOInfo failed.
USERENV(368.f34) 19:22:34:454 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(368.f34) 19:22:34:454 ProcessGPOs: Processing failed with error
8341.
USERENV(368.f34) 19:22:34:454 LeaveCriticalPolicySection: Critical
section 0x81c has been released.
USERENV(368.f34) 19:22:34:454 ProcessGPOs: Computer Group Policy has
been applied.
USERENV(368.f34) 19:22:34:454 ProcessGPOs: Leaving with 0.
USERENV(368.f34) 19:22:34:454 EnterCriticalPolicySectionEx: Entering
with timeout 600000 and flags 0x0
USERENV(368.f34) 19:22:34:454 EnterCriticalPolicySectionEx: Machine
critical section has been claimed. Handle = 0x81c
USERENV(368.f34) 19:22:34:454 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(368.f34) 19:22:34:485 LeaveCriticalPolicySection: Critical
section 0x81c has been released.
USERENV(368.f34) 19:22:34:485 GPOThread: Next refresh will happen in 5
minutes
------------------------------------------------
________________________________________________
GPRESULT
------------------------------------------------
Microsoft (R) Windows (R) Operating System Group Policy Result tool
v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 2/11/2006 at 6:43:18 PM
RSOP data for NCSYSTEMSINC\Administrator on PDC0 : Logging Mode
----------------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003 for
Small Business Server
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=PDC0,OU=Domain Controllers,DC=ncsystemsinc,DC=local
Last time Group Policy was applied: 2/11/2006 at 6:41:39 PM
Group Policy was applied from: pdc0.ncsystemsinc.local
Group Policy slow link threshold: 500 kbps
Domain Name: NCSYSTEMSINC
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Small Business Server Auditing Policy
Default Domain Controllers Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Domain Password Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
PDC0$
Domain Controllers
Exchange Domain Servers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Exchange Enterprise Servers
USER SETTINGS
--------------
CN=Administrator,CN=Users,DC=ncsystemsinc,DC=local
Last time Group Policy was applied: 2/11/2006 at 6:31:59 PM
Group Policy was applied from: pdc0.ncsystemsinc.local
Group Policy slow link threshold: 500 kbps
Domain Name: NCSYSTEMSINC
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)
Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2
Small Business Server Lockout Policy
Filtering: Disabled (GPO)
Small Business Server Client Computer
Filtering: Not Applied (Empty)
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Group Policy Creator Owners
Domain Admins
Enterprise Admins
Schema Admins
SBS Mobile Users
SBS Report Users
Offer Remote Assistance Helpers
------------------------------------------------
I would appreciate any input on this issue. I have spent many hours
researching these problems. Most references are cases where the client
machines are getting the Userenv (1006, 1030) errors. In addition to
finding a fix, I also wanted to post because I did not see any other
references to the problem immediately post-install with no clients
connected to the network.
Thanks in Advance,
Brian
.
- Follow-Ups:
- Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- From: b225CCC@xxxxxxxxx
- Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- From: Frank McCallister SBS MVP
- Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- Prev by Date: Re: DNS Server
- Next by Date: Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- Previous by thread: DNS Server
- Next by thread: Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
- Index(es):
Relevant Pages
|
