|
Right. So you need to lock down DCOM ports on your workstatiosn,
servers, and then add that to your checkpoints. I use 5000-5020 (which is in a
KB), although we had some issues on really really busy boxes and upped it
enterprise wide to 5000-5100. Get a GPO together for the reg hack and include
it in your build process moving forward. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Clay, Justin (ITS) Well everyone, it’s fixed. It’s something that even MS is a bit
surprised at, although they say they have seen it before. Essentially, the last
year since this forest has been deployed, high ports (1024-65535) have been
blocked at the firewall but for whatever reason, everything seemed to work
fine. Installing SP1 apparently changed something, or fixed something that
finally made it a requirement to have those high ports open. They opened 1024-65535 on our Checkpoint firewall and the login
times instantly went from 4-8 minutes back down to the usual few seconds. It
sucks to have to learn about things like this by killing a production
environment for 4 hours and burning some Premiere Support hours, but at least
we know what to look for when we upgrade some of our other domains to SP1! Thanks to everyone for all the suggestions and help, it’s always
appreciated! Also, to everyone else that was experiencing this issue, I’d be
interested to know if a firewall or router ACL blocking high ports is the cause
of the problem for you! From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Clay, Justin (ITS) Nope, I can get to them from the client PCs just fine…I was able to
drill down into all of the policies that I tried. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick Any problems accessing ? On 6/2/06, Clay, Justin (ITS)
<[EMAIL PROTECTED]>
wrote: Hopefully
the attachment comes through. The interesting part, and where most of the time
delay is seen is here: USERENV(42c.2f0)
12:36:47:528 ProcessGPOs: Machine role is 2. USERENV(42c.2f0)
12:37:50:606 MyGetUserName: GetUserNameEx failed with 1753. USERENV(42c.2f0)
12:37:50:606 MyGetUserName: Retrying call to GetUserNameEx in 1/2 second. USERENV(42c.2f0)
12:38:54:371 MyGetUserName: GetUserNameEx failed with 1753. USERENV(42c.2f0)
12:38:54:371 MyGetUserName: Retrying call to GetUserNameEx in 1/2 second. USERENV(42c.2f0)
12:39:58:027 MyGetUserName: GetUserNameEx failed with 1753. USERENV(42c.2f0)
12:39:58:027 MyGetUserName: Retrying call to GetUserNameEx in 1/2 second. USERENV(42c.2f0)
12:41:01:573 MyGetUserName: GetUserNameEx failed with 1753. USERENV(42c.2f0)
12:41:01:573 ProcessGPOs: MyGetUserName failed with 1753. USERENV(42c.2f0)
12:41:01:573 ProcessGPOs: No WMI logging done in this policy cycle. USERENV(42c.2f0)
12:41:01:573 ProcessGPOs: Processing failed with error 1753. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Al Mulnick I think a different thread mentioned that DNS was about 90% of the cause of
this type of behavior. It's not the only one however. What keeps rebooting? The DC? Or the workstations? If the
workstations, not only ethereal but Darren's suggestion of logging is a good
idea. On 6/2/06, Za Vue <
[EMAIL PROTECTED]> wrote: Finally..someone is also experiencing this problem. My DCs are Windows 2003
SP1 also. It seems to hang every 3-4 reboots. My first thought was DNS DNS..
but NetDiag, Repl, DCDiag, Nslookup all show no error. Nothing is reported in
logs. It is not firewall. I have play with NetBIOS, changing Provider Order in
Network Neighborhood->Advanced Settings..nada.
Hello, Last night
we upgraded our 3 Win2K3 domain controllers to SP1. This morning, we're getting
tons and tons of calls from users who report that their computer sits at
"Applying computer settings" for a good 10 minutes, then another 10
or so minutes at "Applying your personalized settings" After the
upgrade we did start seeing DCOM errors in the System event log, which I've
found many people online have experienced. I "fixed it" (or at least
the DCOM errors went away) by granting Network Service the following rights: Local Launch Remote
Launch Local
Activation Remote
Activation In the
Launch and Activation Permissions dialog on the Security tab of the netman
component. However, even after the DCOM errors have gone away, we continue to
see the same results on the clients. Any ideas?
I'm considering calling Premier Support, but I figured you guys would be better
help than them. Thanks, Justin Clay
|
- RE: [ActiveDir] PCs hang at... Brian Desmond
- Re: [ActiveDir] PCs ha... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: [ActiveDir] PC... Al Mulnick
- Re: [ActiveDir... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: [Activ... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: [... Za Vue
- Re: [Activ... Al Mulnick
- Re: [... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- RE: [ActiveDir] PCs ha... Brian Desmond
- RE: [ActiveDir] PCs ha... Brian Desmond
- Re: [ActiveDir] PCs ha... Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- RE: [ActiveDir] PC... Brian Desmond
