Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Attempt to determine whether user and machine accounts are in the same forest failed (There are currently no logon servers available to service the logon request. ).
|English: Request a translation of the event description in plain English.|
We have from time to time on Windows 2003 SP with Citrix 4.5. In our case this event is in the moment when Net Log service is not working after automatically restart of the server (Event ID: 3056 source: Netlogon). Start Net Logon and Windows Time service is solving problem.
In my case, I solved the problem by running “sfc /scannow”.
In my case, this event was being generated along with EventID 1053 from source Userenv. The PC was not logging to the domain and I was not able to re-join the PC to the domain because the "Network ID" button under the "System Properties" computer name tab was grayed out. In addition, the following services failed to start "Computer browser service", "Net logon Service", "Workstation Service", and "Messenger Service".
The PC had internet connectivity but was not able to authenticate with the domain and therefore was not able to access network resources. I was able to fix this issue when I realized that my "wkssvc.dll" file, which normally resides in "C:\WINDOWS\system32" got mysteriously deleted. Once I replaced the missing "wkssvc.dll" file by copying it from another XP (Professional) machine and rebooted all went back to normal.
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode. Otherwise, investigate further.
In my case, I found that this error was related to EventID 7 from source Kerberos. In spite of what Microsoft says about this Kerberos error, the domain controller was not down. Running nltest.exe on the domain controller also found no problems. What appears to have caused the problem was a policy setting in Group policy objects. If in either the domain controller policy or the domain policy - Security Settings -> Local policies -> Security options, "Domain Member: Digitally encrypt or sign secure channel (always)" is enabled, it will cause this problem. If you disable this policy in both areas, this problem will go away. (Note: it may take up to 2 hours to notice if it has taken).
|Private comment: Subscribers only. See example of private comment|
|Links: EventID 7 from source Kerberos, EventID 1053 from source Userenv|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated