Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: Userenv

Windows cannot obtain the domain controller name for your computer network. Return value (<error code>).
- Error code: 59 (Error code 59) - We received this error after upgrading our server to W2K3 SP1. We experienced extremely slow logon times because the group policy could not be updated, but only for some users. It turned out some of the packets post 2k3-SP1 were fragmented and our router was dropping them. Allowing fragmented packets to pass through the VPN router solved the problem.
In my case, the ICMP requests were not going through. The firewall in question however was not the issue. The servers are multi-homed servers that separate domain traffic from other network traffic, and I needed to add a static persistent route for the domain traffic. Once I added the route, the issue was resolved.
From a newsgroup post: "DNS logs will not reflect AD functionality. I would look for NTDS and Replication errors. This problem is usually due to using your ISP's DNS in your machines (DCs and client's) IP properties. You must only use your internal DNS and configure a forwarder for efficient Internet resolution. Otherwise, numerous errors are guaranteed to result.

In addition, single label name domains will cause this as well. See ME300684 for information on single label domains".
- Error code: 59 - After upgrading the NIC drivers, the problem was solved. Before the driver upgrade a ping to the domain controller with packet size larger than the MTU resulted in a "Request Timed Out" message. After the driver upgrade the same ping resulted in a "packet needs to be fragmented but DF set" message.
Error: 1722 - Our company was receiving this error on all devices in one of our remote sites. I found out after 4 days of investigation that the WAN router for that site had an ACL that was blocking port 135-139. This caused group policy to fail during logons.

In my case this error was due to a firewall that was blocking ICMP messages (ping) from the member server to the domain controller. Windows 2000 does a ping to the domain controller and if it doesn’t get trough, this message gets logged once in a while. I think the ping is used to determine the speed of the connection when loading profiles.
- 59 = "An unexpected network error occurred." - This may indicate a problem with the physical network (cables, fault NICs or hubs). See also the link to Error code 59.
- 2146 = "The specified component could not be found in the configuration information." See the link for Error code 2146 for a generic explanation of this error.

From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly (from the DOS prompt):
set type=srv

You should see something like this:
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM internet address =
server2.YOURDOMAIN.COM nternet address =

If you don't, then you definitely have a DNS problem. I would also recommend running the dcdiag and netdiag utilities on your domain controllers. If you find that the servers aren't in DNS, then make sure dynamic updates are enabled on your DNS server and restart the netlogon server on each of your DCs.

Event ID 1054 generated on Windows XP is quite similar to this one. See also the suggestions listed there.
Error code 59: It comes from the BlackICE firewall which I installed on the Windows 2000 Terminal Server. It blocks the loopback test and the dc-lookup test and by default the traffic from See also the link to Error code 59.
Account:NT AUTHORITY\SYSTEM. I have also run into this issue when migrating to Active Directory. After a support call to Microsoft, it seems the issue is with downlevel DCs (NT 4.0 BDCs) authenticating users to the domain. There is a bug that is corrected in both SRP1 and SP3 that addresses the problem, however you must reconfigure clients/servers to authenticate to the domain via a Windows 2000 DC.
Steps to fix the issue:
- Apply the SRP1 or SP3 to your Windows 2K domain controllers and clients.
- Stop and Disable the NETLOGON service on all downlevel domain controllers.
- Login and verify the the authenticating domain controller using the SET command.
- This applies to anything that uses NT authentication (Services, Applications, ODBC System DSNs, etc.)
- If your still having the problem, make certain that the given account is not logged into another machine(s) on the network.
The interesting part about this is that it doesn't happen immediately after promoting the initial AD domain controller. I have had it happen at several client sites and in each case, the problem did not surface until several days after the migration. I suggest once the AD controller comes online, disable the NETLOGON service on the downlevel DCs.
Finally, make very certain that your clients/servers are configured correctly for DNS.
Error code: 10106 - Also had the NetLogon and Kerberos services failed. The article ME299451 helped me to solve the problem. The cause was corrupted TCP/IP stack.
In my case, this started after I installed Norton Internet Security. I removed it and everything went back to normal.
Error 2146 = "The specified component could not be found in the configuration information." I found this on my Domain Controller event log, it turned out to be related to some stress testing software installed on 4 PCs. A fith PC had the server version of this software installed. The four "client" PCs had this software in their startup folder. These four PCs were booted up and logged onto the network (the errors where at the same time thses PCs were logged onto before the fith pc had. Thus, they could not find the PC that they had been configured to point at and this error occured on the domain controller. I've removed the shortcut form their startup folder and the errors have gone.
See also the link to Error code 2146.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.