Pardon the long email, but the explanation and back info might be helpful. We have 3 x 2008 R2 sp1 domain controllers, 2008 domain and forest functional level. My testing is on a Win 7 X64 sp1 workstation. For quite some time, maybe a year or more, login scripts, group policy settings and software assignments to computers have been unreliable. So things slowed a bit and with all the Adobe Reader and Flash updates I thought it was time to get this working better. After a day and a half, I'm not much closer. What I've done so far. About 2 weeks ago, set up assigned Adobe reader 9.4.6 in group policy and all is good. This week, I want to update flash. I've been installing flash via gpo for a while but have just recently found that lots of machines aren't getting the updates. Maybe not the reader updates also. So I start looking into the event logs on my machine. First one was 5719 computer was unable to set up a secure session with domain controller. Googled that and found one post that said to set group policy Startup Policy Processing Wait time. Set that to the default 120 seconds. Next error is 1014 name resolution for _ldap._tcp.msdcs.domain time out. Ran nslookup _ldap._tcp.msdcs.domain and I get a valid response from all 3 domain controllers. So is it still a timing issue with the network not coming up fast enough or something similar. I ran dcdiag /v and dcdiag /test:dns on all the domain controllers. Everything comes back clean except one DC says no AAAA records for the 3 servers. IPv6 is enabled on the DCs and I've read not to disable it as we are running exchange 2010. I don't think that error is relevant anyway. Odd that only one DC reports that error even though none of the 3 domain controllers have AAAA records. Portfast is enabled on the switch port. Nic driver is the latest from Dell, Intel 8257 gig Ethernet. Tried setting the nic and switch port to 100 full, 1000 full and no help. Tried connecting the workstation to a different, dumb switch. No help. Installed KB2459530-v3-x64 after finding an article from MS in reference to a TCP/IP bug in win 7. No help Group policy set to always wait for network at boot and logon enabled. Negative DC discovery Cache Setting enabled and set to 0 from default of 45 Startup policy processing wait time enabled and set to 120 seconds. Right now the event log errors are, 5717, no secure session with domain controller, 1014 name resolution for __ldap._tcp.dc._msdcs.domain and 130, ntp unable to set a domain peer. I can browse to the installation point, and the permissions allow domain computer and users read and execute. Any more ideas as to how to fix this?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
