Event ID 1053 Source Userenv
| Event ID | 1053 |
| Source | Userenv |
| Type | Error |
| Description | Windows cannot determine the user or computer name. (<error description>). Group Policy processing aborted. |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Concepts to understand |
What is the Group Policy? How does Windows determine computer names? How does Windows determine user names? What is the role of Userenv? |
| Comments |
Adrian Grigorof
This event is the equivalent for XP of one of the instances of Event ID 1000 on Windows 2000. See the link to this event for various suggestions in regards to different error codes. Error: "The RPC server is unavailable" - See the Error code 1722. Anonymous I've got almost the same situation as described by contributor Rich Ailes. In my case, the user who had changed his password was still logged in. Logging him off solved the problem. Anonymous In my case I found out that the "Client for Microsoft Netwoks" (in the property of the local Area Network) had disappeared for some reason. I reinstalled it and all was OK (I had 1054 from Userenv and 40961 from LsaSrv error messages, too). Markr In our case, this was related to the server in question having an AMD processor. Ping reponses were in negative time (-1ms). We resolved it by adding the /usepmtimer switch in boot.ini as per M895980. Rich Ailes I had this error crop up with a companion error in the system log: The Security System detected an authentication error for the server cifs/FQDNservername. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.(0xc0000072)". Turned out to be a user on a Terminal Server who'd been let go by the company, whose account had been deactivated. Their session was still running. Once I logged off the user using TS Manager, all was well. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Anonymous This happened on two different Win XP Pro SP3 computers. After trying other solutions, I was able to resolve the issue by removing the ''Client For Microsoft Networks'', rebooting, then adding the client back in, and rebooting again. Anonymous In my case this event was a result of the server pointing to an incorrect DNS server. Mihai Andrei See the links to "Troubleshooting network problems" and "ADS Known Issues" for information on fixing this problem. - Error: "Not enough storage is available to complete this operation" - See M937535 and M955410. - Error: "No mapping between account names and security IDs was done" (Error code 1332) - See "JSI Tip 8516". - Error: "The specified domain either does not exist or could not be contacted" - From a newsgroup post: "I have spanningtree running on my network. When the Intel Pro Nic in my server came up, it did not wait for spanningtree to put the port in forwarding mode, causing errors related to the temporary disconnect. When I put the server's switch port into portfast mode on my Cisco 6500 series switch, the issue was resolved". In another post: "Apparently, the user of this machine configured his TCP/IP settings with static addresses and did not include the proper IP address of the domain controller for his DNS server". John Currie In my case it was the "Receive Side Window Scaling" issue that crops up with Windows Server 2003 SP2 & Broadcom NICs. I turned off "Receive Side Window Scaling" in the Broadcom settings to restore full functionality. See M948496 from Microsoft for more details on this issue. Guido Holly In our case, the Firewall blocked the communication from our Terminal Server to the domain controller on port TCP 1026. After allowing it, the problem was gone. Erin Carter One of our workstations would not log onto the domain and was showing this event ID. Removing it from the domain, joining it to a workgroup for half an hour (our servers replicate every 20 minutes), deleting it's AD machine account, then finally re-adding it to the domain resolved this issue. Rafael Castro I found this problem in a network which lost performance every time this event occurred. I found that rebooting leaves the network fine for a while. Finally, I found a computer that joined to the domain with a "_" character in the name. Renaming it solved the problem and the event no longer occurred. Martin Latteier - Error: "The specified domain either does not exist or could not be contacted" - In my case, switching the network interface duplex mode from "auto sensing" to "100 MBit / full duplex" solved the problem. Anonymous - Error: "An internal error occurred" (Error code 1359) - In my case, the Workstation was running all the time and the user had time restriction on his account. He was not allowed to logon the hour before midnight and only in this period the error showed up. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Alex Rogachevsky This error was showing up on our Windows XP clients; users were not able to authenticate in the 2003 AD domain. The DC event viewer did not show any relevant information. The cause was traced to an Anti-Virus/Firewall program (AVG 7.5 Server) running on the DC. The AVG was updated and inadvertently reset to the default Firewall settings, blocking authentication traffic on our internal network. We opened the firewall to allow client authentication and the problem was solved. Anonymous In my case, increasing the Kerberos Token size worked on my W2K3 standard server. See M277741 for details on how to do that. Nick Garrett - Error: "Access is denied" (Error code 5) - If you have multiple DCs, check your AD replication. I have had this issue when AD did not replicate because a password was changed on one server and the other DC answered the logon request and denied the account access. Sebastian In my case, this event was being generated along with EventID 1110 from source Userenv. The PC was not logging to the domain and I was not able to re-join the PC to the domain because the "Network ID" button under the "System Properties" computer name tab was grayed out. In addition, the following services failed to start "Computer browser service", "Net logon Service", "Workstation Service", and "Messenger Service". The PC had internet connectivity but was not able to authenticate with the domain and therefore was not able to access network resources. I was able to fix this issue when I realized that my "wkssvc.dll" file, which normally resides in "C:\WINDOWS\system32" got mysteriously deleted. Once I replaced the missing "wkssvc.dll" file by copying it from another XP (Professional) machine and rebooted all went back to normal. Peter Hayden - Error: "A socket operation was attempted to an unreachable host" - In one case, this Event ID appeared at boot up on a computer running on Windows 2003 SP1. It was a domain controller that that had been restored from an image for testing purposes. The network configuration was correct but it was being used stand-alone and was not connected to a network. This Event ID stopped appearing at boot up when the computer was cabled to a switch. - Error: "The network location cannot be reached" - In one case, this Event ID appeared at boot up on a computer running on Windows 2003 SP1. It was a domain controller that that had been restored from an image for testing purposes. The network configuration had been cleared when TCP/IP was reinstalled. See M325356. It was being used stand-alone and was not connected to a network. This Event ID stopped appearing at boot up when the network configuration was entered and the computer was cabled to a switch. Dale Smith In my case, a WinXP workstation logged events 40960 and 40961 from source LsaSrv as well as event 1053 from source UserEnv. The problem was corrected by updating the Intel Gigabit NIC driver on the server. Mike Pastore We received this event along with event 40960, 40961, and 1219 in the application log. The server lost connection to the DC and all accounts in the admin group showed just as their SIDs. We found that restarting the Site Server Content Deployment (CRS) service fixed the problem. Anonymous If you are running a dual-port NIC, make sure your drivers are correct. The Intel PRO 1000 MT series must be teamed in order to work properly with Server 2K3. Make sure you get the latest driver set and install it manually. You will know when you have the right set when you get the advanced tab on the connection properties page. There will be an option that allows you to team the ports. Use it! AD will not work otherwise. PaulD - Error: "Not enough storage is available to complete this operation" - In my case, this error was caused by Backup Exec 10 agent memory leaks. This led to general unstable system behavior. See "JSI Tip 4792" for information on how to troubleshoot kernel-mode memory leaks. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Thomas Wurm Jr. In my case, this was happening for roaming notebook users when they were not connected to the domain in the office. Anonymous When logging onto a 2k3 terminal server, we would get the "The RPC server is unavailable" message. I restarted the netlogon service and this solved my problem. Roy Nicholson We were getting Event Id 1053 in the Application event log "Windows cannot determine the computer or user name. (Access is denied.). Group Policy processing aborted.". We discovered that the error started to happen after a reboot of a Windows Server 2003 DC. The DC had Event Id 529 logged after it's reboot. The information in the 529 event contained the reason "Unknown user name or bad password", a logon type of 3, and the logon process and authentication process set to Kerberos. We had the following group policy enabled in the Security settings "Audit: Shut down system immediately if unable to log security alerts". The GPO settings for the security event log were set to "Do not overwrite events (clear log manually)". When the DC was rebooted, Windows Server 2003 was setting the Crash On Audit Fail registry key (HKLM\System\CurrentControlSet\Control\Lsa\crashonauditfail) to 2. Note that no Crash On Audit Fail blue screen appeared and the security event log was not full so there was no related message shown. We therefore had no indication that the crash on audit fail registry key had been set to 2. With this registry key set to 2 only administrators can log on to the DC. Setting the value of this key to 0, changing the GPO's to disable "Audit: Shut down system immediately if unable to log security alerts", and changing the retention method of the security event log to "Overwrite events as needed" solved the problem. Anonymous I had this problem on a Windows 2003 Terminal Server that was a domain member. The Local Admin account had been disabled. After I enabled the account, the problem disappeared instantly. Ionut Marin - Error: "Access is denied" (Error code 5) - See M262958. - Error: "There are no more endpoints available from the endpoint mapper" (Error code 1753) - See M839880. - Error: "The remote procedure call failed" (Error code 1726) - From a newsgroup post: "The problem was cause by a wrong configured Exchange RPC rule, which also worked on the internal interface. After reconfiguring this rule to work only on the external interface the problem was solved". - Error: "No mapping between account names and security IDs was done" (Error code 1332) - See M883271. From a newsgroup post: "I solved the problem. Something really odd was happening in the DNS configuration. While in the DNS console everything looked fine, in the SBS administration console, Computer management (local), Service and application, DNS there was something different: The zone was pointing to another address. I had to delete zone and recreate the reverse lookup zone manually. Then stop logon service, flush DNS and register DNS again with ipconfig /registerdns". As per MSW2KDB, a network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed. See MSW2KDB for details on troubleshooting this problem. Anonymous We got this error every 5 minutes after we changed the DNS entry for the server. A reboot fixed it. Anonymous In my case, this problem was fixed by deleting and re-creating the Active Directory connections on all the DCs. Rikard Ståhl After applying the recommended security settings from Microsoft this event started to occur on the member servers running Windows 2003. The problem in our case was that the security settings were too hard. The security had to be loosened. Authenticated Users needs Read and System needs Full Control on the OU where the servers are located. Anonymous In our case, an apparently corrupt OU caused the servers in it to create the event ID 1000 (Userenv) with message: "Windows cannot determine the user or computer name. Return value (1317)", on Windows 2000 servers, and event ID 1053 (Userenv) with message "Windows cannot determine the user or computer name. (The specified user does not exist). Group Policy processing aborted", on Windows 2003 servers. In each case, the event appeared every 60 to 120 minutes (the machine’s policy update interval). Moving the servers back to “Computers” stopped the event. The OU looked and behaved normal otherwise. Deleting and creating the OU again (even with the same name) solved the problem. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Adrian Florin Moisei Error: "Access is denied" (Error code 5) - From a newsgroup post: "The error occurred on WinXp Pro connected to W2K Server with active directory installed and running. The cause was I had my network settings for my internal nic screwed up. I disabled lmhost and netbui over tcp/ip." Error: "The specified domain either does not exist or could not be contacted" (Error code 1355) - From a newsgroup post: "Make sure that your primary DNS server is the one authorative for the domain you are logging in to. To check this, at a command prompt (Start > Run > cmd) type "ipconfig /all". Review your DNS servers." If the error occurred when you attempt to join a Microsoft Windows 2000-based client to a Microsoft Windows NT 4.0-based or Windows 2000-based domain see M256083. Anonymous If you are using DHCP, make sure the DNS Server option (006) is set in your scope options. Craig Curtis Error: "The specified user does not exist" (Error code 1317) - Verify the DNS Settings. This will occur if your DNS server is unable to resolve information about your domain. Anonymous - Error: "An internal error occurred" (Error code 1359) - No information. - Error: "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you" - No information. Sorin Ciulpan From the newsgroup microsoft.public.windowsxp.basics, for the error "Not enough storage is available to complete this operation": "As per M263693, you need to either install the hotfix or the latest SP, and "increase the Kerberos Token size" on all of your machines by making the mentioned registry changes. The Q article doesn't contain the error message we are getting, but I have spoken to MS tech support, and this is the fix." |
| Links | M256083, M262958, M263693, M277741, M325356, M839880, M883271, M937535, M948496, M955410, Event ID 1000 on Windows 2000, Error code 5, Error code 1317, Error code 1332, Error code 1355, Error code 1359, Error code 1722, Error code 1726, Error code 1753, EventID 529 from source Security, Troubleshooting network problems, ADS Known Issues, JSI Tip 8516, JSI Tip 4700, EventID 1110 from source Userenv, MSW2KDB, M895980 |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |