Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Windows Server General Help » Network interruption whenever GPO updates (event log SciCli Event ID 1704)
Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164255] Thu, 18 June 2009 14:26 Go to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
I have a single Windows 2000 Advanced server, fully patched, that's
been working flawlessly for years. Primarily used as a file server.
But now get LAN traffic interruptions whenever group policiy objects
are updated (event log SceCli 1704), which seems to fire once or twice
per day. Any workstations with files in use on the server temporarily
lose track of these files.

Problem clears up in a minute or two, but some programs lock up and
files can get corrupted. Very predictable failure, but annoying.

Don't see any other log messages on server. Any suggestions?
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164262 is a reply to message #164255] Thu, 18 June 2009 17:28 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

The GPO update runs by default every 90-120 minutes. Are there errors or
warnings in the event viewer?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have a single Windows 2000 Advanced server, fully patched, that's
> been working flawlessly for years. Primarily used as a file server.
> But now get LAN traffic interruptions whenever group policiy objects
> are updated (event log SceCli 1704), which seems to fire once or twice
> per day. Any workstations with files in use on the server temporarily
> lose track of these files.
>
> Problem clears up in a minute or two, but some programs lock up and
> files can get corrupted. Very predictable failure, but annoying.
>
> Don't see any other log messages on server. Any suggestions?
>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164263 is a reply to message #164262] Thu, 18 June 2009 18:30 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Thanks!

No errors or warnings in the event viewer. I do realize Event ID 1704
is an informational message, not a warning, so all the more curious.
I've been searching thru MS KB and see that GPO and security policies
seem tightly integrated (are GPO and security policies the same?).
Couple of mentions of 17 hour intervals for security policy refresh if
a stand-alone server, which sounds about right for my experience.

What I do know is that whenever interruptions occur, the coincide with
SciCli Event ID 1704 in the event log and that these interruptions and
event logs are about that far apart.

I found KB Article ID: 277543 "(How to delay security policies from
being applied") that explains how to delay security policy updates,
but I'd like to fix the underlying issue.

>Hello Erik,
>
>The GPO update runs by default every 90-120 minutes. Are there errors or
>warnings in the event viewer?
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164338 is a reply to message #164263] Sat, 20 June 2009 16:04 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

You are correct, security settings are applied every 16 hours. But this shouldn't
have the effect you see. Is the server on the same subnet as the DC or on
a different one?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks!
>
> No errors or warnings in the event viewer. I do realize Event ID 1704
> is an informational message, not a warning, so all the more curious.
> I've been searching thru MS KB and see that GPO and security policies
> seem tightly integrated (are GPO and security policies the same?).
> Couple of mentions of 17 hour intervals for security policy refresh if
> a stand-alone server, which sounds about right for my experience.
>
> What I do know is that whenever interruptions occur, the coincide with
> SciCli Event ID 1704 in the event log and that these interruptions and
> event logs are about that far apart.
>
> I found KB Article ID: 277543 "(How to delay security policies from
> being applied") that explains how to delay security policy updates,
> but I'd like to fix the underlying issue.
>
>> Hello Erik,
>>
>> The GPO update runs by default every 90-120 minutes. Are there errors
>> or warnings in the event viewer?
>>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164344 is a reply to message #164338] Sun, 21 June 2009 03:55 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
I have only this server and it is the domain controller, so the subnet
must be one and the same, right? When I run ipconfig on the server
and the workstations, the same subnet mask is identified.

Don't know if this is relevant, but the server has a dual NIC, each of
which has a unique address, but have the same subnet mask.

Thoughts?

Regards,
Erik

>Hello Erik,
>
>You are correct, security settings are applied every 16 hours. But this shouldn't
>have the effect you see. Is the server on the same subnet as the DC or on
>a different one?
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164347 is a reply to message #164344] Sun, 21 June 2009 07:25 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

Ok, good that you mention that. It is relevant. A server, especially Domain
controller should never be mlutihomed. What is the reason that you did this?
Please post the unedited ipconfig /all from the server and the client. GPOs
will not be apllied correct, slow logons and many more thinks will happen
that you don't want to have.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have only this server and it is the domain controller, so the subnet
> must be one and the same, right? When I run ipconfig on the server
> and the workstations, the same subnet mask is identified.
>
> Don't know if this is relevant, but the server has a dual NIC, each of
> which has a unique address, but have the same subnet mask.
>
> Thoughts?
>
> Regards,
> Erik
>> Hello Erik,
>>
>> You are correct, security settings are applied every 16 hours. But
>> this shouldn't have the effect you see. Is the server on the same
>> subnet as the DC or on a different one?
>>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164363 is a reply to message #164347] Sun, 21 June 2009 16:47 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
>Ok, good that you mention that. It is relevant. A server, especially Domain
>controller should never be mlutihomed. What is the reason that you did this?
>Please post the unedited ipconfig /all from the server and the client. GPOs
>will not be apllied correct, slow logons and many more thinks will happen
>that you don't want to have.

When we started having the network interruptions, I suspected hardware
failure somewhere, so replaced network switches and server's NIC
(disabled built-in dual-NIC and added hp replacement dual- NIC card).
I thought I was replicating the prior settings, but perhaps got
something wrong. Per your suggestion, I ran ipconfig /all on the
Win2K server and my workstation. See results below (The only editing
I did was to substitute generic "myserver" and "mycompanyname.local"
and "mywrkstn")

Thanks for checking this out.

Regards,
Erik


FROM SERVER:

Windows 2000 IP Configuration
Host name....................... myserver
Primary DNS Suffix.............. mycompanyname.local
Node Type....................... Broadcast
IP Routing Enabled.............. No
WINS Proxy Enabled.............. No
DNS Suffix Search List.......... mycompanyname.local

Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix.. mycompanyname.local
Description..................... HP NC7170 Dual Gigabit Server
Adapter #2
Physical Address................ 00-02-A5-4D-91-CB
DHCP Enabled.................... Yes
Autoconfiguration Enabled....... Yes
IP Address...................... 10.0.0.158
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DHCP Server..................... 10.0.0.100
DNS Servers..................... 10.0.0.100
208.67.222.222
208.67.220.220
Lease Obtained.................. Sunday, ...
Leas Expires.................... Thursday, ...

Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix.. mycompanyname.local
Description..................... HP NC7170 Dual Gigabit Server
Adapter #2
Physical Address................ 00-02-A5-4D-91-CA
DHCP Enabled.................... No
IP Address...................... 10.0.0.100
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DNS Servers..................... 10.0.0.100



FROM CLIENT WORKSTATION:

Windows IP Configuration
Host name....................... mywrkstn
Primary DNS Suffix.............. mycompanyname.local
Node Type....................... Hybrid
IP Routing Enabled.............. No
WINS Proxy Enabled.............. No
DNS Suffix Search List.......... mycompanyname.local
mycompanyname.local

Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix.. mycompanyname.local
Description..................... Broadcom NetXtreme Gigabit
Ethernet for hp
Physical Address................ 00-30-6E-B6-F5-8C
DHCP Enabled.................... Yes
Autoconfiguration Enabled....... Yes
IP Address...................... 10.0.0.153
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DHCP Server..................... 10.0.0.100
DNS Servers..................... 10.0.0.100
208.67.222.222
208.67.220.220
Lease Obtained.................. Sunday, ...
Leas Expires.................... Thursday, ...
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164364 is a reply to message #164363] Sun, 21 June 2009 17:14 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

Your server should look like this, only one NIC in use, disable the other
one, that's your conflict:

DHCP Enabled.................... NO
Autoconfiguration Enabled....... Yes
IP Address...................... 10.0.0.100
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DNS Servers..................... 10.0.0.100

The 208.67.222.222 and 208.67.220.220 have not to be used on the NIC, i assume
these are the ISPs DNS server. That ones you have to configure as FORWARDERS
under the DNS server properties, in the DNS management console.

If reconfigured, remove the not needed ip addresses from the DNS zones and
DNS server/zones properties, check all tabs. After that run ipconfig /flushdns
and ipconfig /registerdns and restart the netlogon service on the DC.

A server, especially Domain controller should never use DHCP, always give
it a fixed ip address, that's the reason for the x.x.x.100 in my example
above. Do NOT stop the DHCP client service, this is needed for DNS registration,
even if fixed ips are used. You can use of course ip addresses for your needs.

The second NIC disable, you don't need it. What you can do is to use both
NICs with the HP teaming software, this creates a virtual NIC with virtual
MAC address and you can configure it for loadbalance or failover, again the
teamed NIC needs ONE ip address.

For the client it is the same, remove the ISPs DNS server and use the domain
internal DNS server. The DNS server will use the forwarders if it can not
resolve a name, so internet will still work.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


>> Ok, good that you mention that. It is relevant. A server, especially
>> Domain controller should never be mlutihomed. What is the reason that
>> you did this? Please post the unedited ipconfig /all from the server
>> and the client. GPOs will not be apllied correct, slow logons and
>> many more thinks will happen that you don't want to have.
>>
> When we started having the network interruptions, I suspected hardware
> failure somewhere, so replaced network switches and server's NIC
> (disabled built-in dual-NIC and added hp replacement dual- NIC card).
> I thought I was replicating the prior settings, but perhaps got
> something wrong. Per your suggestion, I ran ipconfig /all on the
> Win2K server and my workstation. See results below (The only editing
> I did was to substitute generic "myserver" and "mycompanyname.local"
> and "mywrkstn")
>
> Thanks for checking this out.
>
> Regards,
> Erik
> FROM SERVER:
>
> Windows 2000 IP Configuration
> Host name....................... myserver
> Primary DNS Suffix.............. mycompanyname.local
> Node Type....................... Broadcast
> IP Routing Enabled.............. No
> WINS Proxy Enabled.............. No
> DNS Suffix Search List.......... mycompanyname.local
> Ethernet adapter Local Area Connection 3:
> Connection-specific DNS Suffix.. mycompanyname.local
> Description..................... HP NC7170 Dual Gigabit Server
> Adapter #2
> Physical Address................ 00-02-A5-4D-91-CB
> DHCP Enabled.................... Yes
> Autoconfiguration Enabled....... Yes
> IP Address...................... 10.0.0.158
> Subnet Mask..................... 255.255.255.0
> Default Gateway................. 10.0.0.1
> DHCP Server..................... 10.0.0.100
> DNS Servers..................... 10.0.0.100
> 208.67.222.222
> 208.67.220.220
> Lease Obtained.................. Sunday, ...
> Leas Expires.................... Thursday, ...
> Ethernet adapter Local Area Connection 2:
> Connection-specific DNS Suffix.. mycompanyname.local
> Description..................... HP NC7170 Dual Gigabit Server
> Adapter #2
> Physical Address................ 00-02-A5-4D-91-CA
> DHCP Enabled.................... No
> IP Address...................... 10.0.0.100
> Subnet Mask..................... 255.255.255.0
> Default Gateway................. 10.0.0.1
> DNS Servers..................... 10.0.0.100
> FROM CLIENT WORKSTATION:
>
> Windows IP Configuration
> Host name....................... mywrkstn
> Primary DNS Suffix.............. mycompanyname.local
> Node Type....................... Hybrid
> IP Routing Enabled.............. No
> WINS Proxy Enabled.............. No
> DNS Suffix Search List.......... mycompanyname.local
> mycompanyname.local
> Ethernet adapter Local Area Connection 3:
> Connection-specific DNS Suffix.. mycompanyname.local
> Description..................... Broadcom NetXtreme Gigabit
> Ethernet for hp
> Physical Address................ 00-30-6E-B6-F5-8C
> DHCP Enabled.................... Yes
> Autoconfiguration Enabled....... Yes
> IP Address...................... 10.0.0.153
> Subnet Mask..................... 255.255.255.0
> Default Gateway................. 10.0.0.1
> DHCP Server..................... 10.0.0.100
> DNS Servers..................... 10.0.0.100
> 208.67.222.222
> 208.67.220.220
> Lease Obtained.................. Sunday, ...
> Leas Expires.................... Thursday, ...
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164367 is a reply to message #164364] Sun, 21 June 2009 20:26 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Thank you so much! I will implement your suggestions and report back
on the results.

Regards,
Erik
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164368 is a reply to message #164367] Sun, 21 June 2009 21:00 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Erik Wogstad" <erik@downhomesolutions.com> wrote in message
news:crjt35tahtk5ml5t7e6kl3uf8cpuv26q2n@4ax.com...
> Thank you so much! I will implement your suggestions and report back
> on the results.
>
> Regards,
> Erik
>

Erik,

Why not just team the NICs so they act together as one NIC? They are the
same exact model numbers, so with the HP software, you can team them. This
will offer load balancing and fault tolerance, and it will only use one IP
on the network. The following is HP's White Paper on Teaming:

HP ProLiant Network Adapter Teaming White PaperFile Format: PDF
This white paper specifically discusses HP ProLiant Network Adapter Teaming
for Microsoft Windows ...
http://h20000.www2.hp.com/bc/docs/support/.../c01415139.pdf

As for the 208.x.x.x ISP's DNS addresses, definitely follow Meinolf's
suggestions.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among
responding engineers, as well as to help others benefit from your
resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164406 is a reply to message #164364] Mon, 22 June 2009 14:42 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Hi Meinolf,

I've tried to implement your instructions. I disabled all but one
server NIC, and made sure DHCP was not enabled on it, so there is only
one static IP address for the server, 10.0.0.100.

I'm not sure what to change on the workstation, however. I have
copied latest ipcofing /all results for both the server and my own
workstation (see below). I don't know how important this is, but
you'll see that the 208.67... IP addrresses (for my ISP?) still show
up on ipconfig info for the workstation, DNS Servers list. These
addresses do not correspond to the addresses listed on the server's
DNS Forwarders list. Rather, I found these addresses listed in the
DHCP console, Scope optins > DNS Servers list. All think all of this
dates back to when server was first set up.

In any case, my initial problem still remains: I encoutered a network
interruptiong this am, coinciding with SceCli event log ID 1704. What
am I missing?

Thanks again.

Regards,
Erik


FROM SERVER:

Windows 2000 IP Configuration
Host name....................... myserver
Primary DNS Suffix.............. mycompanyname.local
Node Type....................... Broadcast
IP Routing Enabled.............. No
WINS Proxy Enabled.............. No
DNS Suffix Search List.......... mycompanyname.local

Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix.. mycompanyname.local
Description..................... HP NC7170 Dual Gigabit Server
Adapter
Physical Address................ 00-02-A5-4D-91-CA
DHCP Enabled.................... No
IP Address...................... 10.0.0.100
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DNS Servers..................... 10.0.0.100


FROM CLIENT WORKSTATION:

Windows IP Configuration
Host name....................... mywrkstn
Primary DNS Suffix.............. mycompanyname.local
Node Type....................... Hybrid
IP Routing Enabled.............. No
WINS Proxy Enabled.............. No
DNS Suffix Search List.......... mycompanyname.local
mycompanyname.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix.. mycompanyname.local
Description..................... Broadcom NetXtreme Gigabit
Ethernet for hp
Physical Address................ 00-30-6E-B6-F5-8C
Dhcp Enabled.................... Yes
Autoconfiguration Enabled....... Yes
IP Address...................... 10.0.0.153
Subnet Mask..................... 255.255.255.0
Default Gateway................. 10.0.0.1
DHCP Server..................... 10.0.0.100
DNS Servers..................... 10.0.0.100
208.67.222.222
208.67.220.220
Lease Obtained.................. Sunday, ...
Leas Expires.................... Thursday, ...


On Sun, 21 Jun 2009 21:14:09 +0000 (UTC), Meinolf Weber [MVP-DS]
<meiweb(nospam)@gmx.de> wrote:

>Hello Erik,
>
>Your server should look like this, only one NIC in use, disable the other
>one, that's your conflict:
>
>DHCP Enabled.................... NO
>Autoconfiguration Enabled....... Yes
>IP Address...................... 10.0.0.100
>Subnet Mask..................... 255.255.255.0
>Default Gateway................. 10.0.0.1
>DNS Servers..................... 10.0.0.100
>
>The 208.67.222.222 and 208.67.220.220 have not to be used on the NIC, i assume
>these are the ISPs DNS server. That ones you have to configure as FORWARDERS
>under the DNS server properties, in the DNS management console.
>
>If reconfigured, remove the not needed ip addresses from the DNS zones and
>DNS server/zones properties, check all tabs. After that run ipconfig /flushdns
>and ipconfig /registerdns and restart the netlogon service on the DC.
>
>A server, especially Domain controller should never use DHCP, always give
>it a fixed ip address, that's the reason for the x.x.x.100 in my example
>above. Do NOT stop the DHCP client service, this is needed for DNS registration,
>even if fixed ips are used. You can use of course ip addresses for your needs.
>
>The second NIC disable, you don't need it. What you can do is to use both
>NICs with the HP teaming software, this creates a virtual NIC with virtual
>MAC address and you can configure it for loadbalance or failover, again the
>teamed NIC needs ONE ip address.
>
>For the client it is the same, remove the ISPs DNS server and use the domain
>internal DNS server. The DNS server will use the forwarders if it can not
>resolve a name, so internet will still work.
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>>> Ok, good that you mention that. It is relevant. A server, especially
>>> Domain controller should never be mlutihomed. What is the reason that
>>> you did this? Please post the unedited ipconfig /all from the server
>>> and the client. GPOs will not be apllied correct, slow logons and
>>> many more thinks will happen that you don't want to have.
>>>
>> When we started having the network interruptions, I suspected hardware
>> failure somewhere, so replaced network switches and server's NIC
>> (disabled built-in dual-NIC and added hp replacement dual- NIC card).
>> I thought I was replicating the prior settings, but perhaps got
>> something wrong. Per your suggestion, I ran ipconfig /all on the
>> Win2K server and my workstation. See results below (The only editing
>> I did was to substitute generic "myserver" and "mycompanyname.local"
>> and "mywrkstn")
>>
>> Thanks for checking this out.
>>
>> Regards,
>> Erik
>> FROM SERVER:
>>
>> Windows 2000 IP Configuration
>> Host name....................... myserver
>> Primary DNS Suffix.............. mycompanyname.local
>> Node Type....................... Broadcast
>> IP Routing Enabled.............. No
>> WINS Proxy Enabled.............. No
>> DNS Suffix Search List.......... mycompanyname.local
>> Ethernet adapter Local Area Connection 3:
>> Connection-specific DNS Suffix.. mycompanyname.local
>> Description..................... HP NC7170 Dual Gigabit Server
>> Adapter #2
>> Physical Address................ 00-02-A5-4D-91-CB
>> DHCP Enabled.................... Yes
>> Autoconfiguration Enabled....... Yes
>> IP Address...................... 10.0.0.158
>> Subnet Mask..................... 255.255.255.0
>> Default Gateway................. 10.0.0.1
>> DHCP Server..................... 10.0.0.100
>> DNS Servers..................... 10.0.0.100
>> 208.67.222.222
>> 208.67.220.220
>> Lease Obtained.................. Sunday, ...
>> Leas Expires.................... Thursday, ...
>> Ethernet adapter Local Area Connection 2:
>> Connection-specific DNS Suffix.. mycompanyname.local
>> Description..................... HP NC7170 Dual Gigabit Server
>> Adapter #2
>> Physical Address................ 00-02-A5-4D-91-CA
>> DHCP Enabled.................... No
>> IP Address...................... 10.0.0.100
>> Subnet Mask..................... 255.255.255.0
>> Default Gateway................. 10.0.0.1
>> DNS Servers..................... 10.0.0.100
>> FROM CLIENT WORKSTATION:
>>
>> Windows IP Configuration
>> Host name....................... mywrkstn
>> Primary DNS Suffix.............. mycompanyname.local
>> Node Type....................... Hybrid
>> IP Routing Enabled.............. No
>> WINS Proxy Enabled.............. No
>> DNS Suffix Search List.......... mycompanyname.local
>> mycompanyname.local
>> Ethernet adapter Local Area Connection 3:
>> Connection-specific DNS Suffix.. mycompanyname.local
>> Description..................... Broadcom NetXtreme Gigabit
>> Ethernet for hp
>> Physical Address................ 00-30-6E-B6-F5-8C
>> DHCP Enabled.................... Yes
>> Autoconfiguration Enabled....... Yes
>> IP Address...................... 10.0.0.153
>> Subnet Mask..................... 255.255.255.0
>> Default Gateway................. 10.0.0.1
>> DHCP Server..................... 10.0.0.100
>> DNS Servers..................... 10.0.0.100
>> 208.67.222.222
>> 208.67.220.220
>> Lease Obtained.................. Sunday, ...
>> Leas Expires.................... Thursday, ...
>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164410 is a reply to message #164406] Mon, 22 June 2009 15:59 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Erik Wogstad" <erik@downhomesolutions.com> wrote in message
news:6qgv35lv77p17kjs42ppd87935lqmiusm5@4ax.com...
> Hi Meinolf,
>
> I've tried to implement your instructions. I disabled all but one
> server NIC, and made sure DHCP was not enabled on it, so there is only
> one static IP address for the server, 10.0.0.100.
>
> I'm not sure what to change on the workstation, however. I have
> copied latest ipcofing /all results for both the server and my own
> workstation (see below). I don't know how important this is, but
> you'll see that the 208.67... IP addrresses (for my ISP?) still show
> up on ipconfig info for the workstation, DNS Servers list. These
> addresses do not correspond to the addresses listed on the server's
> DNS Forwarders list. Rather, I found these addresses listed in the
> DHCP console, Scope optins > DNS Servers list. All think all of this
> dates back to when server was first set up.
>
> In any case, my initial problem still remains: I encoutered a network
> interruptiong this am, coinciding with SceCli event log ID 1704. What
> am I missing?

Hi Erik,

The 208.x.x.x addresses need to be removed from your client machines, too.
In DHCP Option 006, simply remove them. Once that is done, and the clients
restarted, the errors should disappear.

Don't forget to create a forwarder to those two 208.x.x.x addresses in DNS
properties.

Ace
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164415 is a reply to message #164410] Mon, 22 June 2009 19:30 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Ace,

Thanks. I removed both 208.67... refernces from DHCP Option 006 and
added same to DNS forwarder entries. I can confirm that ipconfig
/all no longer shows these entires on the DNS servers list.

I'll let you know if interruption errors stop over next 24 hrs. ( BTW,
for testing purposes, is there a way to force the SceCli event 1704
Group Policy Update to fire?)

Thanks much,
Erik


>Hi Erik,
>
>The 208.x.x.x addresses need to be removed from your client machines, too.
>In DHCP Option 006, simply remove them. Once that is done, and the clients
>restarted, the errors should disappear.
>
>Don't forget to create a forwarder to those two 208.x.x.x addresses in DNS
>properties.
>
>Ace
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164418 is a reply to message #164415] Mon, 22 June 2009 23:03 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Erik Wogstad" <erik@downhomesolutions.com> wrote in message
news:hc40459a3vhn4pu4ab34s40u06ov0mc6jb@4ax.com...
>
> Ace,
>
> Thanks. I removed both 208.67... refernces from DHCP Option 006 and
> added same to DNS forwarder entries. I can confirm that ipconfig
> /all no longer shows these entires on the DNS servers list.
>
> I'll let you know if interruption errors stop over next 24 hrs. ( BTW,
> for testing purposes, is there a way to force the SceCli event 1704
> Group Policy Update to fire?)
>
> Thanks much,
> Erik


HI Erik,

That fires up at the GPO refresh interval. So simply waiting for the refresh
(+_ 90 min) or simply restart the machine. You can force GPOs to refresh
using the gpupdate or "gpudate /force." Using the /force will probably
require a restart, depending on what;s in the GPO.

Curious, were these machines imaged with sysprep?

For more info, check this link:
http://eventid.net/display.asp?eventid=1704&eventno=134& amp;source=SceCli&phase=1

Give it some time and just monitor your machines to make sure they are all
working.

Ace
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164421 is a reply to message #164415] Tue, 23 June 2009 01:49 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

Ace already gave you the latest infos. Nice to hear that it goes forward.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Ace,
>
> Thanks. I removed both 208.67... refernces from DHCP Option 006 and
> added same to DNS forwarder entries. I can confirm that ipconfig
> /all no longer shows these entires on the DNS servers list.
>
> I'll let you know if interruption errors stop over next 24 hrs. ( BTW,
> for testing purposes, is there a way to force the SceCli event 1704
> Group Policy Update to fire?)
>
> Thanks much,
> Erik
>> Hi Erik,
>>
>> The 208.x.x.x addresses need to be removed from your client machines,
>> too. In DHCP Option 006, simply remove them. Once that is done, and
>> the clients restarted, the errors should disappear.
>>
>> Don't forget to create a forwarder to those two 208.x.x.x addresses
>> in DNS properties.
>>
>> Ace
>>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164422 is a reply to message #164418] Tue, 23 June 2009 02:09 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Ace,

The Win2K server did not recognize the command "gpudate /force", but
the link you gave me suggested "secedit /refreshpolicy machine_policy"
which did fire (with the message that the GPO update may take several
minutes to complete). After a few minutes my system experienced
another interruption. I checked the log and found a new error:

Source: Userenv
Event ID 1000
User: NT AUTHORITY\SYSTEM
"Windows cannot access the file gpt.ini for GPO. the file must be
present at the location <>. (). Group Poicy processing aborted.

This was followed up by another Event ID 1000 entry with further text:
"Windows cannot query for the list of Group Policy Objects. A message
that describes the reason for this was previously logged by this
policy engine."

I found a couple of warning entries from earlier in the day, but these
could have taken place when I was re-setting NICs and DNS server
settings:
Source: WinMgmt
Event ID: 35
WMI ADP was unable to load the ASP.NET performance library becaue it
returned invalid data: 0x0
And a follow-on Event ID 35:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library
becuae it returned invalid data: 0x0

What does all this mean?

Thanks,
Erik

>That fires up at the GPO refresh interval. So simply waiting for the refresh
>(+_ 90 min) or simply restart the machine. You can force GPOs to refresh
>using the gpupdate or "gpudate /force." Using the /force will probably
>require a restart, depending on what;s in the GPO.
>
>Curious, were these machines imaged with sysprep?
>
>For more info, check this link:
> http://eventid.net/display.asp?eventid=1704&eventno=134& amp;source=SceCli&phase=1
>
>Give it some time and just monitor your machines to make sure they are all
>working.
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164423 is a reply to message #164418] Tue, 23 June 2009 02:17 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
>Curious, were these machines imaged with sysprep?

Oops. Forgot to answer your Q: No, sysprep not used.

Regards,
Erik
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164424 is a reply to message #164423] Tue, 23 June 2009 02:37 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Erik,

Machines created from images MUST be sysprepped to remove the SID and some
other MS settings. If that are the same if you just clone a computer this
will result in errors in the domain.

So run sysprep on all workstations to change the needed settings. Unfortunal
this requires to change the computername etc. See here about sysprep:
http://support.microsoft.com/kb/298491

http://www.microsoft.com/DownLoads/details.aspx?familyid=0C4 BFB06-2824-4D2B-ABC1-0E2223133AFB&displaylang=en

I assume also the event id 1000 will belong to that.

The other one is just a warning if i am correct which has no functional influence,
so keep that until the end or use this tool to disable the performance counters
for them.
http://www.microsoft.com/downloads/details.aspx?familyid=7ff 99683-b7ec-4da6-92ab-793193604ba4&displaylang=en

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


>> Curious, were these machines imaged with sysprep?
>>
> Oops. Forgot to answer your Q: No, sysprep not used.
>
> Regards,
> Erik
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164431 is a reply to message #164422] Tue, 23 June 2009 10:40 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Erik Wogstad" <erik@downhomesolutions.com> wrote in message
news:d5r0455s2nh7uq0gfep32rodvg90inlqih@4ax.com...
> Ace,
>
> The Win2K server did not recognize the command "gpudate /force", but
> the link you gave me suggested "secedit /refreshpolicy machine_policy"
> which did fire (with the message that the GPO update may take several
> minutes to complete). After a few minutes my system experienced
> another interruption. I checked the log and found a new error:
>
> Source: Userenv
> Event ID 1000
> User: NT AUTHORITY\SYSTEM
> "Windows cannot access the file gpt.ini for GPO. the file must be
> present at the location <>. (). Group Poicy processing aborted.
>
> This was followed up by another Event ID 1000 entry with further text:
> "Windows cannot query for the list of Group Policy Objects. A message
> that describes the reason for this was previously logged by this
> policy engine."
>
> I found a couple of warning entries from earlier in the day, but these
> could have taken place when I was re-setting NICs and DNS server
> settings:
> Source: WinMgmt
> Event ID: 35
> WMI ADP was unable to load the ASP.NET performance library becaue it
> returned invalid data: 0x0
> And a follow-on Event ID 35:
> WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library
> becuae it returned invalid data: 0x0
>
> What does all this mean?
>
> Thanks,
> Erik

I wouldn't worry too much about the EventID 35 error, but rather find out
what's going on with the GPOs. And I agree with Meinolf, if these machines
were imaged, but without using sysprep, it can introduce numerous 'ghost'
issues. Matter of fact, I had a friend of mine call me yesterday with a
problem wtih one of his clients. He just image-down a new workstation for a
user and his home folder and other mapped drives wound up not staying
connected with access-denied errors. I asked him if he used sysprep, and he
said no. I suggested to disjoin the machine, run NewSID, and rejoin it. The
errors went away after he did so.

And sorry, I thought you were talking about 2003, hence the gpupdate
suggestions. Glad you figured that one out.

Ace
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164432 is a reply to message #164431] Tue, 23 June 2009 10:49 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Ace Fekay [Microsoft Certified Trainer],

I suggest to not use NewSID, because this will only change the SID and will
not remove also some other MS settigns that happens during sysprep. Unfortunal
i don't find the article where the other MS settings are described in the
moment.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Erik Wogstad" <erik@downhomesolutions.com> wrote in message
> news:d5r0455s2nh7uq0gfep32rodvg90inlqih@4ax.com...
>
>> Ace,
>>
>> The Win2K server did not recognize the command "gpudate /force", but
>> the link you gave me suggested "secedit /refreshpolicy
>> machine_policy" which did fire (with the message that the GPO update
>> may take several minutes to complete). After a few minutes my system
>> experienced another interruption. I checked the log and found a new
>> error:
>>
>> Source: Userenv
>> Event ID 1000
>> User: NT AUTHORITY\SYSTEM
>> "Windows cannot access the file gpt.ini for GPO. the file must be
>> present at the location <>. (). Group Poicy processing aborted.
>> This was followed up by another Event ID 1000 entry with further
>> text: "Windows cannot query for the list of Group Policy Objects. A
>> message that describes the reason for this was previously logged by
>> this policy engine."
>>
>> I found a couple of warning entries from earlier in the day, but
>> these
>> could have taken place when I was re-setting NICs and DNS server
>> settings:
>> Source: WinMgmt
>> Event ID: 35
>> WMI ADP was unable to load the ASP.NET performance library becaue it
>> returned invalid data: 0x0
>> And a follow-on Event ID 35:
>> WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library
>> becuae it returned invalid data: 0x0
>> What does all this mean?
>>
>> Thanks,
>> Erik
> I wouldn't worry too much about the EventID 35 error, but rather find
> out what's going on with the GPOs. And I agree with Meinolf, if these
> machines were imaged, but without using sysprep, it can introduce
> numerous 'ghost' issues. Matter of fact, I had a friend of mine call
> me yesterday with a problem wtih one of his clients. He just
> image-down a new workstation for a user and his home folder and other
> mapped drives wound up not staying connected with access-denied
> errors. I asked him if he used sysprep, and he said no. I suggested to
> disjoin the machine, run NewSID, and rejoin it. The errors went away
> after he did so.
>
> And sorry, I thought you were talking about 2003, hence the gpupdate
> suggestions. Glad you figured that one out.
>
> Ace
>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164442 is a reply to message #164424] Tue, 23 June 2009 13:13 Go to previous messageGo to next message
Erik Wogstad  is currently offline Erik Wogstad  United States
Messages: 10
Registered: June 2009
Junior Member
Meinolf and Ace,

Just to be clear, none of our wokstations were created from images.
All are off-the shelf hp workstations, with XP factory preinstalled.
The Win2K server OS was installed from scratch using original MS
installation CD (Wn2K advanced server) onto HP Proliant ML370-G3
server. So I don't think any imaging issues are relevant to my
problem.

That said, I'm not sure we've conquered the problem yet. For testing
purposes, I've deliberately left programs open with files in use to
test for interruptions. I also left open a terminal services session
from my workstation to the server. Another interruption last night,
wth terminal session lost and applications reporting unexpected lost
connections. I reopened TS noted saw this am that SceCli EventID 1704
was logged around 2:00 am.

For good measure, I will reboot server and workstations and see what
happens. Prior pattern suggests another interruption will hit at 7:00
pm this eve when security policies are scheduled to update again.

So what all hapens in the background when "security policy in GPO are
applied". What other settings can I check? Can objects get
corrupted? Rebuilt? Other factors to consider?

Regards,
Erik

On Tue, 23 Jun 2009 06:37:37 +0000 (UTC), Meinolf Weber [MVP-DS]
<meiweb(nospam)@gmx.de> wrote:

>Hello Erik,
>
>Machines created from images MUST be sysprepped to remove the SID and some
>other MS settings. If that are the same if you just clone a computer this
>will result in errors in the domain.
>
>So run sysprep on all workstations to change the needed settings. Unfortunal
>this requires to change the computername etc. See here about sysprep:
>http://support.microsoft.com/kb/298491
>
> http://www.microsoft.com/DownLoads/details.aspx?familyid=0C4 BFB06-2824-4D2B-ABC1-0E2223133AFB&displaylang=en
>
>I assume also the event id 1000 will belong to that.
>
>The other one is just a warning if i am correct which has no functional influence,
>so keep that until the end or use this tool to disable the performance counters
>for them.
> http://www.microsoft.com/downloads/details.aspx?familyid=7ff 99683-b7ec-4da6-92ab-793193604ba4&displaylang=en
>
>Best regards
>
>Meinolf Weber
>Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>no rights.
>** Please do NOT email, only reply to Newsgroups
>** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>>> Curious, were these machines imaged with sysprep?
>>>
>> Oops. Forgot to answer your Q: No, sysprep not used.
>>
>> Regards,
>> Erik
>
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164448 is a reply to message #164432] Tue, 23 June 2009 15:42 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662830d8cbc239bfb4cf60@msnews.microsoft.com...
> Hello Ace Fekay [Microsoft Certified Trainer],
>
> I suggest to not use NewSID, because this will only change the SID and
> will not remove also some other MS settigns that happens during sysprep.
> Unfortunal i don't find the article where the other MS settings are
> described in the moment.
>
>

I don't like it either, but that customer needed a quick fix, and that was
the only thing I can think of. Believe me, I know exactly what you're
talking about. I hate NewSID, but the guy was kind of desperate. There are
numerous places in the reg, etc, that NewSID or any other SID changer
doesn't do the trick correctly. I think it's junk, but that's my opinion. I
would rather sysprep the machine, then restart and trap the restart to image
it.

I told him to not image any more machines until we can schedule a time so I
can sysprep his image for him on a weekend or something.

Ace
Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704) [message #164449 is a reply to message #164442] Tue, 23 June 2009 15:46 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Erik Wogstad" <erik@downhomesolutions.com> wrote in message
news:981245tc0fl33d63uuf7ujre8lrjua1oi6@4ax.com...
> Meinolf and Ace,
>
> Just to be clear, none of our wokstations were created from images.
> All are off-the shelf hp workstations, with XP factory preinstalled.
> The Win2K server OS was installed from scratch using original MS
> installation CD (Wn2K advanced server) onto HP Proliant ML370-G3
> server. So I don't think any imaging issues are relevant to my
> problem.
>
> That said, I'm not sure we've conquered the problem yet. For testing
> purposes, I've deliberately left programs open with files in use to
> test for interruptions. I also left open a terminal services session
> from my workstation to the server. Another interruption last night,
> wth terminal session lost and applications reporting unexpected lost
> connections. I reopened TS noted saw this am that SceCli EventID 1704
> was logged around 2:00 am.
>
> For good measure, I will reboot server and workstations and see what
> happens. Prior pattern suggests another interruption will hit at 7:00
> pm this eve when security policies are scheduled to update again.
>
> So what all hapens in the background when "security policy in GPO are
> applied". What other settings can I check? Can objects get
> corrupted? Rebuilt? Other factors to consider?
>


I'm trying to read back in the thread. There are numerous posts, so maybe if
I can ask you, is how many GPOs are created in the domain? If anything other
than the default policies, what settings are in them? Have the default
policies been changed?

What DNS address is the TS machine using?

Here are some links to look at to help troubleshoot GPOs:

Group Policy Troubleshooting


Assuming all the DCs, servers and client machines are only using the
internal DNS servers, and you feel the DNS infrastructure is running clean,
all machines can resolve all internal DCs, no services are disabled on any
DCs (such as the DHCP Client service), etc, and there are no errors in the
DC event viewers, or the client machines that this is occuring on, then I
think you will need to dig a little deeper with GPO logging.

Try creating a separate OU, link the GPO to it, then move that user into it.
Then enable logging and see what is happening. Please take a look at the
following links to help guide you.

Fixing Group Policy problems by using log files
http://technet.microsoft.com/en-us/library/cc775423.aspx

Enable Logging for Group Policy Object Editor Client Side Extensions
http://technet.microsoft.com/en-us/library/cc759167.aspx

Troubleshooting Group Policy application problems
http://support.microsoft.com/kb/250842

Enable Verbose Global Policy Logging
http://www.windowsnetworking.com/kbase/WindowsTips/Windows20 00/RegistryTips/Miscellaneous/EnableVerboseGlobalPolicyLoggi ng.html

JSI Tip 3100. How do enable Group Policy debug logging on a Windows 2000
Server?
http://windowsitpro.com/article/articleid/74419/jsi-tip-3100 -how-do-enable-group-policy-debug-logging-on-a-windows-2000- server.html


Ace
Previous Topic:Can't Get DC List W32tm /monitor
Next Topic:Exporting WSUS clients
Goto Forum:
  


Current Time: Sat Aug 19 05:18:06 EDT 2017

Total time taken to generate the page: 0.03503 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software