# Problems with users logins to Windows 2003 Domain



## noobmoone (Dec 14, 2010)

I have a problem when i try to log on from my pc to AD in the domain.
When i boot the pc, and enter username, password and domain to which i want to log on, i need to wait 3-4 minutes, at Applying your personal settings... pop
up. After that i can log on, but when i check logs on my pc, at Application logs i fount thise two logs:

-----> LOG1
Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1030
Date: 1/27/2011
Time: 10:05:29 AM
User: DOMAIN\user1
Computer:	user1pc
Description:
Windows cannot query for the list of Group Policy objects. 
A message that describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----> LOG2
Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1006
Date: 1/27/2011
Time: 10:05:29 AM
User: DOMAIN\user1
Computer:	user1pc 
Description:
Windows cannot bind to domain.com domain. (Local Error).
Group Policy processing aborted.

For more information, 
see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I log off and log on back several times, and its the same situation, 3-4 minutes waiting at log on, and always this two logs.

The DFS service is started at DC.
-------------
About sysvol:
-------------
I have the following path: c:\Windows\sysvol\sysvol\domain.com\

For the File permisions:
********************
C:\Windows\sysvol\

Folder is not shared.

Authenticated users and Server Operators have Read&Execute
Administrators, Creator Owners and System have Full Control

In the column Inherited From: they all have <not inherited>

In the column Apply To:
Creator Owner: Subfolders and Files only
Others:	This foler, subfolders and files

Check box: Allow inheritable permissions from the parrent to propagate... is Unchecked
Check box: Replace permmision enttries on all child objects... is unchecked

************************
C:\Windows\sysvol\sysvol\

Folder is shared.

Administrators: Full control
Authenticated users: Read & Execute, List Folder Contents, Read
Creator Owner: Full control
SYSTEM: Full control
Server Operators: Read and Execute
Everyone: Read & Execute
Domain users: Read & Execute

In the column Inherited from for Domain users and Everyone is <not inherited>
For the rest is "inherited from C:\\Windows\sysvol\"

In the column Apply to
For Creator Owner: Subfolders and files only
For Everyone: This folder only
For all the rest: This folder, subfolders and files

Check box: Allow inheritable permissions from the parrent to propagate... is Unchecked for all
Check box: Replace permmision enttries on all child objects... is unchecked
*********************************

Any ideas, solutions?


----------



## Rockn (Jul 29, 2001)

Is this computer a member of this domain?


----------



## noobmoone (Dec 14, 2010)

Yes it is a member of the Domain.

When i try Start->Run-> gpupdate, the same logs appears.

The same thing don't happen to the other pc's in the domain.

I know it something about GPO's.

I recently chance XP licence key on this pc. 
Maybe that's the problem????


----------



## Rockn (Jul 29, 2001)

Delete the computer account from the domain and join the domain again. I am sure that license key is the issue.


----------



## noobmoone (Dec 14, 2010)

I reset the computer acount, then add the computer to the AD with the same user acount, but again it was generating the same logs.

Then i tried pinging my pc from the DC and i couldn't.

I forgot that i have Firewall client (which is ok), but also a Comodo Firewall on my pc. After uninstaling the comodo, and rebooting the pc, everything is working fine now. 

Thax a lot for the help


----------



## Rockn (Jul 29, 2001)

Resetting the account is the last thing you want ot try.....for future reference.


----------



## noobmoone (Dec 14, 2010)

What's the risk in doing that.

I've made that action several times in other machines when there is no other alternative.
off course, i first try to do everything else i know to solve the problem ...


----------



## Rockn (Jul 29, 2001)

Resetting the computer account on occaision will screw things up worse, especiallyif you do it when the computer has lost connection with the network.


----------



## noobmoone (Dec 14, 2010)

Could you be more tech specific.
Like: It will screw this this and that.
Above statements are all too general


----------



## Rockn (Jul 29, 2001)

Can't be more specific than that. If the computer account for whatever reason becomes disconnected from the network and you reset the computer account it iwll cause the computer account to not be able to connect to the server and then you will sit an troubleshoot another problem you just created. Resetting the account creates a new security token between the computer and AD and if those tokens do not match it will never authenticate. It will reset the computer account whether or not the computer is physically connected to the network.....plain enough?


----------

