*And fwiw you have some forgiving firewall people. I would have
told you to f off and lock it down.*
* *
*Thanks,*
*Brian Desmond*
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>*
* *
*c - 312.731.3132*
* *
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED] *On Behalf Of *Clay,
Justin (ITS)
*Sent:* Friday, June 02, 2006 4:30 PM
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* RE: [ActiveDir] PCs hang at "Applying computer
settings" after upgradingDCs to 2K3 SP1
Well everyone, it's fixed. It's something that even MS is a bit
surprised at, although they say they have seen it before.
Essentially, the last year since this forest has been deployed,
high ports (1024-65535) have been blocked at the firewall but for
whatever reason, everything seemed to work fine. Installing SP1
apparently changed something, or fixed something that finally
made it a requirement to have those high ports open.
They opened 1024-65535 on our Checkpoint firewall and the login
times instantly went from 4-8 minutes back down to the usual few
seconds. It sucks to have to learn about things like this by
killing a production environment for 4 hours and burning some
Premiere Support hours, but at least we know what to look for
when we upgrade some of our other domains to SP1!
Thanks to everyone for all the suggestions and help, it's always
appreciated!
Also, to everyone else that was experiencing this issue, I'd be
interested to know if a firewall or router ACL blocking high
ports is the cause of the problem for you!
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED] *On Behalf Of *Clay,
Justin (ITS)
*Sent:* Friday, June 02, 2006 2:31 PM
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* RE: [ActiveDir] PCs hang at "Applying computer
settings" after upgradingDCs to 2K3 SP1
Nope, I can get to them from the client PCs just fineā¦I was able
to drill down into all of the policies that I tried.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Friday, June 02, 2006 1:34 PM
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* Re: [ActiveDir] PCs hang at "Applying computer
settings" after upgradingDCs to 2K3 SP1
Any problems accessing
\\domain\sysvol\domain\Policies
?
On 6/2/06, *Clay, Justin (ITS)* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hopefully the attachment comes through. The interesting part, and
where most of the time delay is seen is here:
USERENV(42c.2f0) 12:36:47:528 ProcessGPOs: Machine role is 2.
USERENV(42c.2f0) 12:37:50:606 MyGetUserName: GetUserNameEx
failed with 1753.
USERENV(42c.2f0) 12:37:50:606 MyGetUserName: Retrying call to
GetUserNameEx in 1/2 second.
USERENV(42c.2f0) 12:38:54:371 MyGetUserName: GetUserNameEx
failed with 1753.
USERENV(42c.2f0) 12:38:54:371 MyGetUserName: Retrying call to
GetUserNameEx in 1/2 second.
USERENV(42c.2f0) 12:39:58:027 MyGetUserName: GetUserNameEx
failed with 1753.
USERENV(42c.2f0) 12:39:58:027 MyGetUserName: Retrying call to
GetUserNameEx in 1/2 second.
USERENV(42c.2f0) 12:41:01:573 MyGetUserName: GetUserNameEx
failed with 1753.
USERENV(42c.2f0) 12:41:01:573 ProcessGPOs: MyGetUserName failed
with 1753.
USERENV(42c.2f0) 12:41:01:573 ProcessGPOs: No WMI logging done in
this policy cycle.
USERENV(42c.2f0) 12:41:01:573 ProcessGPOs: Processing failed with
error 1753.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Al
Mulnick
*Sent:* Friday, June 02, 2006 12:19 PM
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* Re: [ActiveDir] PCs hang at "Applying computer
settings" after upgradingDCs to 2K3 SP1
I think a different thread mentioned that DNS was about 90% of
the cause of this type of behavior. It's not the only one however.
What keeps rebooting? The DC? Or the workstations? If the
workstations, not only ethereal but Darren's suggestion of
logging is a good idea.
On 6/2/06, *Za Vue* < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Finally..someone is also experiencing this problem. My DCs are
Windows 2003 SP1 also. It seems to hang every 3-4 reboots. My
first thought was DNS DNS.. but NetDiag, Repl, DCDiag, Nslookup
all show no error. Nothing is reported in logs. It is not
firewall. I have play with NetBIOS, changing Provider Order in
Network Neighborhood->Advanced Settings..nada.
This week has been quiet. If someone calls again I have ethereal
setup and ready to capture. The thing about my environment is I
do not manage the switches or router. I don't know if someone is
messing with something.
-Z.V.
, Justin (ITS) wrote:
Hello,
Last night we upgraded our 3 Win2K3 domain controllers to SP1.
This morning, we're getting tons and tons of calls from users who
report that their computer sits at "Applying computer settings"
for a good 10 minutes, then another 10 or so minutes at "Applying
your personalized settings"
After the upgrade we did start seeing DCOM errors in the System
event log, which I've found many people online have experienced.
I "fixed it" (or at least the DCOM errors went away) by granting
Network Service the following rights:
Local Launch
Remote Launch
Local Activation
Remote Activation
In the Launch and Activation Permissions dialog on the Security
tab of the netman component. However, even after the DCOM errors
have gone away, we continue to see the same results on the clients.
Any ideas? I'm considering calling Premier Support, but I figured
you guys would be better help than them.
Thanks,
/Justin Clay/
/ITS Enterprise Services/
/Metropolitan Government of Nashville and Davidson County /
/Howard School Building/
/Phone: (615) 880-2573/
ITS ENTERPRISE SERVICES EMAIL NOTICE
The information contained in this email and any attachments is
confidential and may be subject to copyright or other
intellectual property protection. If you are not the intended
recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
ITS ENTERPRISE SERVICES EMAIL NOTICE
The information contained in this email and any attachments is
confidential and may be subject to copyright or other
intellectual property protection. If you are not the intended
recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
ITS ENTERPRISE SERVICES EMAIL NOTICE
The information contained in this email and any attachments is
confidential and may be subject to copyright or other
intellectual property protection. If you are not the intended
recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
ITS ENTERPRISE SERVICES EMAIL NOTICE
The information contained in this email and any attachments is
confidential and may be subject to copyright or other
intellectual property protection. If you are not the intended
recipient, you are not authorized to use or disclose this
information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.