| Author | Messages | |
acjuelich
Posts:147
 | | 11/19/2010 7:27 PM |
|
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one! 
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though ….. 
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 7:38 PM |
| “Interestingly, sometimes machine accounts just vanish from AD”
Ø Yes, that is interesting! J Worrying might be the phrase I’d use though! You have to find out what’s going on here though Adam! This could be the reason! The computer on which the user is logging onto must be authenticated with AD.
What are the pings times between physical sites? Group policy will try and detect slow links and might not be processing policy due to the speed of your overall path through the network.
You say you have virtualised 2 DCs and the other is at another physical site. Verify DNS etc by running dcdiag/netdiag on ALL DC’s and check the performance of each dc to make sure it’s not running at 100% CPU or something satirical like that.
You mention wireless also. IS this an infrastructure wireless point? Are your DC’s accessible over it? IS that the connection the lab pc’s are using?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 7:46 PM |
| Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 8:54 PM |
| I will do some netdiag/dcdiag on the DCs.
Our Wireless is a Cisco Infrastructure solution. They do have access to the DCs, but this lab is wired.
All of our buildings are connected via fiber – no slow links.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:18 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
“Interestingly, sometimes machine accounts just vanish from AD”
Ø Yes, that is interesting! ☺ Worrying might be the phrase I’d use though! You have to find out what’s going on here though Adam! This could be the reason! The computer on which the user is logging onto must be authenticated with AD.
What are the pings times between physical sites? Group policy will try and detect slow links and might not be processing policy due to the speed of your overall path through the network.
You say you have virtualised 2 DCs and the other is at another physical site. Verify DNS etc by running dcdiag/netdiag on ALL DC’s and check the performance of each dc to make sure it’s not running at 100% CPU or something satirical like that.
You mention wireless also. IS this an infrastructure wireless point? Are your DC’s accessible over it? IS that the connection the lab pc’s are using?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 9:02 PM |
| I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 9:07 PM |
| Fibre is a quick media but other factors can slow down, ping times would be nice . Also I assume in the wired lab, the pc’s dot have wireless nics connecting to the WAP at the same time as being wired in?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:38
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I will do some netdiag/dcdiag on the DCs.
Our Wireless is a Cisco Infrastructure solution. They do have access to the DCs, but this lab is wired.
All of our buildings are connected via fiber – no slow links.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:18 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
“Interestingly, sometimes machine accounts just vanish from AD”
Ø Yes, that is interesting! J Worrying might be the phrase I’d use though! You have to find out what’s going on here though Adam! This could be the reason! The computer on which the user is logging onto must be authenticated with AD.
What are the pings times between physical sites? Group policy will try and detect slow links and might not be processing policy due to the speed of your overall path through the network.
You say you have virtualised 2 DCs and the other is at another physical site. Verify DNS etc by running dcdiag/netdiag on ALL DC’s and check the performance of each dc to make sure it’s not running at 100% CPU or something satirical like that.
You mention wireless also. IS this an infrastructure wireless point? Are your DC’s accessible over it? IS that the connection the lab pc’s are using?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 9:21 PM |
| Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 9:42 PM |
| I don’t have ‘U’ specified in the script. U is their Home Drive Letter.
I haven’t checked them from the command prompt – these are students using the machines, so they don’t have access to all that stuff. I suppose I could allow it for testing, though.
Correct on the domain question.
These machines are strictly wired, gig speed. No wireless hooked to them.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 9:59 PM |
| Sorry, glanced over that, yes that refers to the ‘J’ drive. You can check the users registry (remotely if the service is enabled) to see what drives are actually mapped as opposed to displayed.
http://technet.microsoft.com/en-us/library/cc786775%28WS.10%29.aspx
“CheckGPOs: No GPO changes but couldn't read extension %s's status or policy time.
Group Policy stores the status and the time of each extension as needed for the machine and every user that logs onto the machine. They are stored in the following registry locations:
MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List
USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\<SID>\Extension-List
If you receive this error, check your registry permissions for any explicit denials on the registry settings. Also, check for any third-party software that might manipulate this key. Some third parties change the Group Policy cache in both the file system and registry to have their product mimic Group Policy.
“
Applies to some errors in your logs but since this works intermittently ….. Is the home drive assigned via GPP or AD user account properties? If GPP, can I see the xml?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:25
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I don’t have ‘U’ specified in the script. U is their Home Drive Letter.
I haven’t checked them from the command prompt – these are students using the machines, so they don’t have access to all that stuff. I suppose I could allow it for testing, though.
Correct on the domain question.
These machines are strictly wired, gig speed. No wireless hooked to them.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 9:59 PM |
| I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 10:10 PM |
| Very good information.
The Home Drive is assigned via the User Account Properties. Sometimes they just get their Home Drive, which I can kind of understand. The times where they get nothing is really weird.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:38 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Sorry, glanced over that, yes that refers to the ‘J’ drive. You can check the users registry (remotely if the service is enabled) to see what drives are actually mapped as opposed to displayed.
http://technet.microsoft.com/en-us/library/cc786775%28WS.10%29.aspx
“CheckGPOs: No GPO changes but couldn't read extension %s's status or policy time.
Group Policy stores the status and the time of each extension as needed for the machine and every user that logs onto the machine. They are stored in the following registry locations:
MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List
USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\<SID>\Extension-List
If you receive this error, check your registry permissions for any explicit denials on the registry settings. Also, check for any third-party software that might manipulate this key. Some third parties change the Group Policy cache in both the file system and registry to have their product mimic Group Policy.
“
Applies to some errors in your logs but since this works intermittently ….. Is the home drive assigned via GPP or AD user account properties? If GPP, can I see the xml?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:25
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I don’t have ‘U’ specified in the script. U is their Home Drive Letter.
I haven’t checked them from the command prompt – these are students using the machines, so they don’t have access to all that stuff. I suppose I could allow it for testing, though.
Correct on the domain question.
These machines are strictly wired, gig speed. No wireless hooked to them.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 10:13 PM |
| Are these roaming profiles?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:46
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Very good information.
The Home Drive is assigned via the User Account Properties. Sometimes they just get their Home Drive, which I can kind of understand. The times where they get nothing is really weird.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:38 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Sorry, glanced over that, yes that refers to the ‘J’ drive. You can check the users registry (remotely if the service is enabled) to see what drives are actually mapped as opposed to displayed.
http://technet.microsoft.com/en-us/library/cc786775%28WS.10%29.aspx
“CheckGPOs: No GPO changes but couldn't read extension %s's status or policy time.
Group Policy stores the status and the time of each extension as needed for the machine and every user that logs onto the machine. They are stored in the following registry locations:
MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List
USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\<SID>\Extension-List
If you receive this error, check your registry permissions for any explicit denials on the registry settings. Also, check for any third-party software that might manipulate this key. Some third parties change the Group Policy cache in both the file system and registry to have their product mimic Group Policy.
“
Applies to some errors in your logs but since this works intermittently ….. Is the home drive assigned via GPP or AD user account properties? If GPP, can I see the xml?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:25
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I don’t have ‘U’ specified in the script. U is their Home Drive Letter.
I haven’t checked them from the command prompt – these are students using the machines, so they don’t have access to all that stuff. I suppose I could allow it for testing, though.
Correct on the domain question.
These machines are strictly wired, gig speed. No wireless hooked to them.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 10:37 PM |
| Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 10:39 PM |
| And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 10:59 PM |
| I’m not sure how to answer those questions. I’ve checked Replmon and there are no errors. How can I answer your question correctly?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:15 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 11:19 PM |
| Well, if these DC’s are in different subnet they may be in different AD sites and have site links between them which means there is most likely some replication delay between them (in the order of minutes).
Replmon might show that there are no errors but to get the latencies run
· repadmin /replsummary
And paste the output. Also, one thing:
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMEPATH% = "\SS\KG1\sun1"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMESHARE% = "\\student\students"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %LOGONSERVER% = \\SERVICES3 <file:///\\SERVICES3>
You map U: to \\student\students\%username% <file:///\\student\students\%25username%25> . Why is homepath set?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:31
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m not sure how to answer those questions. I’ve checked Replmon and there are no errors. How can I answer your question correctly?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:15 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| jeromelcruz
Posts:123
| | 11/19/2010 11:28 PM |
| Side note response:
Don’t ask me why we’re still using WINS.
Ha ha ha ha ha ha . . . . . . . . that’s a good one. That makes my day!
I’m hoping to FINALLY start getting some traction with the new W2K8 Global Names feature, but in such a large multi-OS, multi-tiered company with so many legacy and/or non-Windows systems, it can be hard…. I feel your pain.
Jer
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: Friday, November 19, 2010 1:10 PM
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/19/2010 11:33 PM |
| We are only using the Default Site.
[cid:image001.png@01CB8804.7A167550]
We aren’t setting the U: anywhere but the AD Account. The log must be picking that up.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:54 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Well, if these DC’s are in different subnet they may be in different AD sites and have site links between them which means there is most likely some replication delay between them (in the order of minutes).
Replmon might show that there are no errors but to get the latencies run
· repadmin /replsummary
And paste the output. Also, one thing:
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMEPATH% = "\SS\KG1\sun1"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMESHARE% = "\\student\students"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %LOGONSERVER% = \\SERVICES3<file:///\\SERVICES3>
You map U: to \\student\students\%username%<file:///\\student\students\%25username%25>. Why is homepath set?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:31
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m not sure how to answer those questions. I’ve checked Replmon and there are no errors. How can I answer your question correctly?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:15 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” ☺ They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either ☺. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| DarraghOShaughnessy
Posts:177
| | 11/19/2010 11:36 PM |
| Yep, GPP are environment variable ware so they expand them That’s why they show up in the lo but my question remains
You map U: to \\student\students\%username% <file:///\\student\students\%25username%25> .
· Why is homepath set to "\SS\KG1\sun1"???
Replication latencies look fine.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 22:12
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
We are only using the Default Site.
We aren’t setting the U: anywhere but the AD Account. The log must be picking that up.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:54 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Well, if these DC’s are in different subnet they may be in different AD sites and have site links between them which means there is most likely some replication delay between them (in the order of minutes).
Replmon might show that there are no errors but to get the latencies run
· repadmin /replsummary
And paste the output. Also, one thing:
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMEPATH% = "\SS\KG1\sun1"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMESHARE% = "\\student\students"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %LOGONSERVER% = \\SERVICES3 <file:///\\SERVICES3>
You map U: to \\student\students\%username% <file:///\\student\students\%25username%25> . Why is homepath set?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:31
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m not sure how to answer those questions. I’ve checked Replmon and there are no errors. How can I answer your question correctly?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:15 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
· Single forest/single domain
· Windows XP
· PCs are plugged directly into network switches (i.e. no ip phones in the way)
· Not using cached credentials to log in
Questions:
· What service pack is being used?
XP SP3
· Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
· Does it only happened on the first logon after the machine boots or various logons?
Various
· Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
· Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
· Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
· Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
· Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
· Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
· How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
· “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” J They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either J. Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
· Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
| acjuelich
Posts:147
| | 11/20/2010 5:29 AM |
| U: is only mapped in the AD User Account. The path is variable based on User(grade, building, etc.). The 'sun1' one is for a generic student account.
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy [xxxxxxxxxxxxxxxx]
Sent: Friday, November 19, 2010 4:16 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Yep, GPP are environment variable ware so they expand them That’s why they show up in the lo but my question remains
You map U: to \\student\students\%username%<file:///\\student\students\%25username%25>.
• Why is homepath set to "\SS\KG1\sun1"???
Replication latencies look fine.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 22:12
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
We are only using the Default Site.
[cid:image001.png@01CB8837.5EB5C260]
We aren’t setting the U: anywhere but the AD Account. The log must be picking that up.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:54 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Well, if these DC’s are in different subnet they may be in different AD sites and have site links between them which means there is most likely some replication delay between them (in the order of minutes).
Replmon might show that there are no errors but to get the latencies run
• repadmin /replsummary
And paste the output. Also, one thing:
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMEPATH% = "\SS\KG1\sun1"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %HOMESHARE% = "\\student\students"
2010-11-16 14:11:32.884 [pid=0x2e0,tid=0x88c] Variable %LOGONSERVER% = \\SERVICES3<file:///\\SERVICES3>
You map U: to \\student\students\%username%<file:///\\student\students\%25username%25>. Why is homepath set?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:31
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m not sure how to answer those questions. I’ve checked Replmon and there are no errors. How can I answer your question correctly?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 3:15 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
And are the replication latencies ok? Is urgent replication enabled? Sorry for all the questions but just trying to get ur toplogy in my head.
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 21:10
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
Services3 is the strict 2003 one. Don’t ask me why. I need to usurp some of that power. It’s 2003 Standard, whereas the others are 2003 Enterprise R2.
Domain/Forest Level is 2003. Schema has been extended for 802.3 Wired and 802.11 Wireless Policies.
Just cleared up some Netdiag issues on Serivces3. It was pointing to a false secondary WINS server. Services2 also had a WINS Replication Partner that is no longer a DC. Don’t ask me why we’re still using WINS. No other issues found.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:55 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Which one is the 2003 one? SERVICES3? PS: what is the Domain/Forest level
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 20:39
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I just noticed one juicy piece of information….
2 of our DCs are Server 2003 R2 and 1 is Server 2003. If a user authenticates to the Server 2003 DC, would drives with Access-Based Enumeration get fubar?
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 2:06 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Adam,
Could it be that some of the drives are being hidden in the gui?
611638F8FEEE}" bypassErrors="1">
<Properties action="U" thisDrive="HIDE" allDrives="NOCHANGE" userName="" path="\\apps\nwappsSS" label="Test Taker" persistent="0" useLetter="1" letter="J" />
- <Filters>
<FilterGroup bool="AND" not="0" name="PCS.K12\SS Staff" sid="S-1-5-21-834434087-1672823513-1849977318-38577" userContext="1" primaryGroup="0" localGroup="0" />
<FilterGroup bool="OR" not="0" name="PCS.K12\SS Students" sid="S-1-5-21-834434087-1672823513-1849977318-38535" userContext="1" primaryGroup="0" localGroup="0" />
</Filters>
</Drive>
This takes precedence over the Hide/Show all drives setting. I presume you’ve checked if the drives are mapped from the command line? I did see an “accessed denied” message in the gptrace logs on one of the J drive attempts.
Also, ur domain ispulaski.k12.wi.local, domain down-level name is PCS.K12?
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 19:45
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Userenv 1054 Error
I’m attaching one of the UserEnv.logs and the XML Settings. They should be receiving J,P,T,V,X and Y…….in addition to their Home Drive. Like I said, sometimes they don’t even get their home drive. The machine accounts disappearing only seems to have 3-4 times a year…..still weird, though.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 12:27 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Hi, I cant really interpret your stats from the switch (router/wap ???) unless I knew your topology. Just because the port on the switch si fines doesn’t mean that somewhere along the path there are other issues.
Do you have userenv debug logging enabled and can you post a sample? Also, it would help, when looking at the logs, if we knew what the drives for a given user should be when they log on. Also, what drive preference options are set for the drives. Could you post the .xml config for the preference (excluding any passwords of course)
Darragh O’Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Adam C Juelich
Sent: 19 November 2010 18:09
To: 'xxxxxxxxxxxxxxxx'
Subject: [gptalk] Userenv 1054 Error
Thank you! See responses below!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh O'Shaughnessy
Sent: Friday, November 19, 2010 11:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Userenv 1054 Error
Ok, we have to get to the bottom of this one!
What we know:
• Single forest/single domain
• Windows XP
• PCs are plugged directly into network switches (i.e. no ip phones in the way)
• Not using cached credentials to log in
Questions:
• What service pack is being used?
XP SP3
• Does this happened on the same machines or various random machines?
Happens on various machines but we ESPECIALLY see the results in this lab (Missing mapped drives, missing Home Drive….)
• Does it only happened on the first logon after the machine boots or various logons?
Various
• Have you any security posture software that could affect logon such as Cisco NAK?
I don’t believe so. I know the network team controls a lot of stuff with ACLs.
• Does a “gpuupdate/force” solve the problem once the user is logged on?
Sometimes. One of my co-workers has to sometimes remove that user’s local profile, or re-add the machine to the domain. Interestingly, sometimes machine accounts just vanish from AD.
• Do some of the gpp settings get applied on logon?
It looks like Registry ones and such get applied fine. It’s only the Drive Mappings which aren’t reliable.
• Are there any gp settings relating to DNS, firewall etc being applied?
Not yet. We are planning on doing a Firewall one soon.
• Is there a firewall in place?
Not on the client-side. Just hardware ones for the DMZ.
• Has the AD site info been verified? Have you got a global catalogue in each site?
We have three DCs. They are all GCs. Two are virtualized at our central office, another one is at another building and that isn’t virtualized. The two virtualized ones hold all FSMO roles.
• How many DC in the local site and does the client subnet match that site?
See above. Each building has its own subnet, wireless also has its own subnet. The DCs are not on the same subnet as this building having the issue.
Networking:
• “Tracing on the network side looks fine. DNS looks fine”. How was this quantified? Has dcdiag/netdiag been run at both sides of the connection? Have you checked WINS/DNS for leftover dc/gc entries? I can’t ever remember a time I asked a network guy to check on the network and him saying “oh yeah, it’s not configured that way it should be !” They always seem to saw “there are no errors on the network”. Can’t remember the last time I saw an error on the network either . Maybe misconfigs though …..
I haven’t done dcdiag/nediag yet. I have looked through DNS to make sure there aren’t leftover dc/gc entries…….I cleaned that up about a year ago. I have enabled verbose userenv logging.
• Are there odd packets going to an unknown host or any strange dn/wins lookups?
I’m attaching one of the Userenv.logs and details from one of the ports they are plugged into.
I know it seems like a lot but check them off one by one
Darragh O’Shaughnessy
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Gustin Johnson
Sent: 19 November 2010 17:08
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Userenv 1054 Error
Is the DC on the same subnet as the lab? Could there be a router
dropping traffic or filtering ports, or perhaps a firewall on the DC
itself?
hping or ncat combined with either tcpdump (windump) or wireshark can
be your friend here.
Are the configured DNS servers of the lab computers AD DNS servers?
On Fri, Nov 19, 2010 at 6:55 AM, Adam C Juelich
<xxxxxxxxxxxxxxxx> wrote:
> Tracing on the network side looks fine. DNS looks fine. I’m running out of
> options.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:54 PM
>
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If you are truly logging in with cached creds, you should see an event log
> entry to that effect—specifically that 5719 entry. If not, then it could be
> a different issue. But the sniffer trace should help.
>
>
>
> Darren
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 11:42 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> Well, I’m getting the errors stating that it cannot find the name of the DC,
> so I would then think it is logging in with cached credentials thus
> bypassing GP Processing. What I’m trying to find out is why it can’t find
> the DC….
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 1:22 PM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> If they are using cached credentials then that would explain user policy not
> processing. But the question I would have is, why are they using cached
> credentials, which typically only occurs if the DC is not available at user
> logon.
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 9:53 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’m sure they are using cached credentials. We do have ‘wait for network’
> applied to all machines. I did not see any 5719 events. In this particular
> lab we have elementary students logging in using a single generic account,
> usually at the same time.
>
>
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darren Mar-Elia
> Sent: Thursday, November 18, 2010 11:36 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> It seems strange that you would get this during user-side processing, since,
> the assumption is that if the user is logging in, they are already getting
> to the DC. I wonder if these users are logging in with cached credentials.
> Do you see any system log events of 5719 on these systems?
>
>
>
> Darren
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: Thursday, November 18, 2010 7:25 AM
> To: 'xxxxxxxxxxxxxxxx'
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> These machines aren’t plugged into IP Phones. My hunch was that it was
> something on the network-side. I’ll have my network admin start some
> traces. In the meantime, I’ve enabled Verbose UserEnv Logging on several
> machines and I’ll start picking through those logs.
>
>
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Darragh O'Shaughnessy
> Sent: Thursday, November 18, 2010 9:07 AM
> To: xxxxxxxxxxxxxxxx
> Subject: RE: [gptalk] Userenv 1054 Error
>
>
>
> I’d consider grabbing a network trace from a spanned port on the switch
> Adam. Are these PC’s plugged into IP phones by any chance?
>
>
>
> Darragh O’Shaughnessy
>
>
>
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Adam C Juelich
> Sent: 18 November 2010 14:24
> To: 'xxxxxxxxxxxxxxxx'
> Subject: [gptalk] Userenv 1054 Error
>
>
>
> Hi Everyone,
>
>
>
> I’m still getting this error on many machines, even after modifying the
> GpNetworkStartTimeoutPolicyValue setting to 60. Usually when this error
> pops up, the user is missing some drive mappings and sometimes their Home
> Drive. Any other explanation for this? Thanks.
>
>
>
>
>
> ------------------------------------------------------------------
>
> Adam C. Juelich
>
> A+, Network+, MCTS:Vista, MCSE: Server 2003, MCSA: Messaging
>
> Application and Hardware Specialist/Technician
>
> Pulaski Community School District
>
> 920-822-6075
>
>
>
> "If you never venture outside the box, you will probably not be creative.
> But if you never get inside the box, you will certainly be stupid"
>
> - Christopher Peterson
>
>
| | | |
|
|