R
RM-admin
Slow logon XP Event IDs 15 1807 32077 0 1517 1053 1003 8035 8021 16 29 11191
11197 4201 4202
Issue: Slow logon (3 min) on two laptops (two other XPProSP2 laptops ok,
and so are 3 other desktops
Win200oProx2 and 1-XPProSP2)
OS: WinXPProSP2
Issue appears whether logging on locally (cached credentials) or when
logging on to Win2000 native mode domain.
Domain controller: DC1.domainabc.COM 192.168.1.102
DHCP Server: Linksys router 192.168.1.1
DNS client points to local DC/DNS
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.128:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Windows IP Configuration
Host Name . . . . . . . . . . . . : laptop1
Primary Dns Suffix . . . . . . . : domainabc.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainabc.COM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
Physical Address. . . . . . . . . : 00-0E-7B-E9-93-1B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.128
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.102
Lease Obtained. . . . . . . . . . : Tuesday, November 27, 2007
5:40:30 P
M
Lease Expires . . . . . . . . . . : Thursday, November 29, 2007
5:40:30
PM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Network
Connection
Physical Address. . . . . . . . . : 00-0E-35-5F-B3-A5
Event log shows:
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 11/26/2007
Time: 8:40:14 AM
User: N/A
Computer: laptop1
Description:
Automatic certificate enrollment for local system failed to contact the
active directory
(0x8007054b). The specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1807
Date: 11/20/2007
Time: 12:35:52 PM
User: N/A
Computer: laptop1
Description:
The Security Center service has been stopped. It was prevented from running
by a software group
policy.
Event Type: Warning
Event Source: Microsoft Fax
Event Category: Initialization/Termination
Event ID: 32077
Date: 11/20/2007
Time: 12:35:49 PM
User: N/A
Computer: laptop1
Description:
Failed to create the activity logging schema file. File name: 'C:\Documents
and Settings\All
Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\schema.ini'.
The schema information
file provides the ODBC 'Microsoft Text Driver' with information about the
general format of the DB
file, the column name, data type, and a number of other data
characteristics. Verify that the
Activity Logging directory exists and is writable. If the schema.ini file
exists, verify that it is
not used by other applications. The following error occurred: 32. This error
code indicates the cause
of the error.
Event Type: Information
Event Source: RegSrvc
Event Category: None
Event ID: 0
Date: 11/20/2007
Time: 12:35:40 PM
User: N/A
Computer: laptop1
Description:
The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found.
The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description see Help and
Support for details. The following information is part of the event: Service
started.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/20/2007
Time: 12:31:45 PM
User: NT AUTHORITY\SYSTEM
Computer: laptop1
Description:
Windows saved user domainabc\user1 registry while an application or service
was still using the registry during log off. The memory used by the user's
registry has not been freed. The registry will be unloaded when it is no
longer in use. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or
NetworkService account.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 11/19/2007
Time: 9:52:51 AM
User: NT AUTHORITY\SYSTEM
Computer: laptop1
Description:
Windows cannot determine the user or computer name. (The specified domain
either does not exist or
could not be contacted. ). Group Policy processing aborted.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 11/19/2007
Time: 9:52:49 AM
User: N/A
Computer: laptop1
Description:
Automatic certificate enrollment for local system failed to contact the
active directory
(0x8007054b). The specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 11/27/2007
Time: 8:40:46 AM
User: N/A
Computer: laptop1
Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the
Network Card with network address 000E7BE9931B. The following error
occurred:
The semaphore timeout period has expired. . Your computer will continue to
try and obtain an address
on its own from the network address (DHCP) server.
Data:
0000: 79 00 00 00 y...
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Date: 11/26/2007
Time: 8:55:17 AM
User: N/A
Computer: laptop1
Description:
The time service is now synchronizing the system time with the time source
DC1.domainabc.COM
(ntp.d|192.168.1.128:123->192.168.1.102:123).
Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 11/26/2007
Time: 8:54:42 AM
User: N/A
Computer: laptop1
Description:
The browser service has failed to retrieve the backup list too many times on
transport
\Device\NetBT_Tcpip_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}. The backup
browser is stopping.
Data:
0000: 40 00 00 00 @...
Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 11/26/2007
Time: 8:52:42 AM
User: N/A
Computer: laptop1
Description:
The browser was unable to retrieve a list of servers from the browser master
\\DC1 on the network
\Device\NetBT_Tcpip_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}. The data is the
error code.
Data:
0000: 40 00 00 00 @...
Event Type: Error
Event Source: Windows Update Agent
Event Category: Software Sync
Event ID: 16
Date: 11/26/2007
Time: 8:40:21 AM
User: N/A
Computer: laptop1
Description:
Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot
download and install updates according to the set schedule. Windows will
continue to try to establish
a connection.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 30 sult=0x0
0010: 30 30 30 30 30 30 30 20 0000000
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 30 30 30 30 30 30 ={000000
0028: 30 30 2d 30 30 30 30 2d 00-0000-
0030: 30 30 30 30 2d 30 30 30 0000-000
0038: 30 2d 30 30 30 30 30 30 0-000000
0040: 30 30 30 30 30 30 7d 20 000000}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 30 Number=0
0058: 20 00 .
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 11/26/2007
Time: 8:40:17 AM
User: N/A
Computer: laptop1
Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none
of the sources are currently accessible. No attempt to contact a source
will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 14
Date: 11/26/2007
Time: 8:40:17 AM
User: N/A
Computer: laptop1
Description:
The time provider NtpClient was unable to find a domain controller to use as
a time source. NtpClient
will try again in 15 minutes.
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4201
Date: 11/26/2007
Time: 8:40:11 AM
User: N/A
Computer: laptop1
Description:
The system detected that network adapter
\DEVICE\TCPIP_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF} was
connected to the network, and has initiated normal operation over the
network adapter.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 69 10 00 40 ....i..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11191
Date: 11/23/2007
Time: 10:10:13 AM
User: N/A
Computer: laptop1
Description:
The system failed to update and remove pointer (PTR) resource records (RRs)
for network adapter
with settings:
Adapter Name : {C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}
Host Name : laptop1
Adapter-specific Domain Suffix : domainabc.COM
DNS server list :
192.168.1.102
Sent update to server : <?>
IP Address : 192.1.1.1
The system could not remove these PTR RRs because because of a system
problem. For specific error
code, see the record data displayed below.
Data:
0000: 51 27 00 00 Q'..
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 11/23/2007
Time: 10:10:09 AM
User: N/A
Computer: laptop1
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter
with settings:
Adapter Name : {C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}
Host Name : laptop1
Primary Domain Suffix : domainabc.COM
DNS server list :
192.168.1.102
Sent update to server : 192.1.1.1
IP Address(es) :
192.168.1.128
The reason the update request failed was because of a system problem. For
specific error code, see
the record data displayed below.
Data:
0000: 51 27 00 00 Q'..
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4202
Date: 11/20/2007
Time: 2:37:42 PM
User: N/A
Computer: laptop1
Description:
The system detected that network adapter
\DEVICE\TCPIP_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF} was
disconnected from the network, and the adapter's network configuration has
been released. If the
network adapter was not disconnected, this may indicate that it has
malfunctioned. Please contact
your vendor for updated drivers.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 6a 10 00 40 ....j..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Intel(R) PRO/100 VE Network
Driver Intel Date 12/29/2003 ver 7.1.8.22 not signed
still trying to find updated driver
not sure where issue resides, anyone else having similar issues?
--
RM Administrator
Austin Texas ---- Yee-Haw!!
"The are no stupid questions, only stupid people"
"Only robots reboot"
11197 4201 4202
Issue: Slow logon (3 min) on two laptops (two other XPProSP2 laptops ok,
and so are 3 other desktops
Win200oProx2 and 1-XPProSP2)
OS: WinXPProSP2
Issue appears whether logging on locally (cached credentials) or when
logging on to Win2000 native mode domain.
Domain controller: DC1.domainabc.COM 192.168.1.102
DHCP Server: Linksys router 192.168.1.1
DNS client points to local DC/DNS
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Reply from 192.168.1.128: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.128:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Windows IP Configuration
Host Name . . . . . . . . . . . . : laptop1
Primary Dns Suffix . . . . . . . : domainabc.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainabc.COM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
Physical Address. . . . . . . . . : 00-0E-7B-E9-93-1B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.128
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.102
Lease Obtained. . . . . . . . . . : Tuesday, November 27, 2007
5:40:30 P
M
Lease Expires . . . . . . . . . . : Thursday, November 29, 2007
5:40:30
PM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Network
Connection
Physical Address. . . . . . . . . : 00-0E-35-5F-B3-A5
Event log shows:
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 11/26/2007
Time: 8:40:14 AM
User: N/A
Computer: laptop1
Description:
Automatic certificate enrollment for local system failed to contact the
active directory
(0x8007054b). The specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1807
Date: 11/20/2007
Time: 12:35:52 PM
User: N/A
Computer: laptop1
Description:
The Security Center service has been stopped. It was prevented from running
by a software group
policy.
Event Type: Warning
Event Source: Microsoft Fax
Event Category: Initialization/Termination
Event ID: 32077
Date: 11/20/2007
Time: 12:35:49 PM
User: N/A
Computer: laptop1
Description:
Failed to create the activity logging schema file. File name: 'C:\Documents
and Settings\All
Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\schema.ini'.
The schema information
file provides the ODBC 'Microsoft Text Driver' with information about the
general format of the DB
file, the column name, data type, and a number of other data
characteristics. Verify that the
Activity Logging directory exists and is writable. If the schema.ini file
exists, verify that it is
not used by other applications. The following error occurred: 32. This error
code indicates the cause
of the error.
Event Type: Information
Event Source: RegSrvc
Event Category: None
Event ID: 0
Date: 11/20/2007
Time: 12:35:40 PM
User: N/A
Computer: laptop1
Description:
The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found.
The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description see Help and
Support for details. The following information is part of the event: Service
started.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/20/2007
Time: 12:31:45 PM
User: NT AUTHORITY\SYSTEM
Computer: laptop1
Description:
Windows saved user domainabc\user1 registry while an application or service
was still using the registry during log off. The memory used by the user's
registry has not been freed. The registry will be unloaded when it is no
longer in use. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or
NetworkService account.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 11/19/2007
Time: 9:52:51 AM
User: NT AUTHORITY\SYSTEM
Computer: laptop1
Description:
Windows cannot determine the user or computer name. (The specified domain
either does not exist or
could not be contacted. ). Group Policy processing aborted.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 11/19/2007
Time: 9:52:49 AM
User: N/A
Computer: laptop1
Description:
Automatic certificate enrollment for local system failed to contact the
active directory
(0x8007054b). The specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 11/27/2007
Time: 8:40:46 AM
User: N/A
Computer: laptop1
Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the
Network Card with network address 000E7BE9931B. The following error
occurred:
The semaphore timeout period has expired. . Your computer will continue to
try and obtain an address
on its own from the network address (DHCP) server.
Data:
0000: 79 00 00 00 y...
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Date: 11/26/2007
Time: 8:55:17 AM
User: N/A
Computer: laptop1
Description:
The time service is now synchronizing the system time with the time source
DC1.domainabc.COM
(ntp.d|192.168.1.128:123->192.168.1.102:123).
Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 11/26/2007
Time: 8:54:42 AM
User: N/A
Computer: laptop1
Description:
The browser service has failed to retrieve the backup list too many times on
transport
\Device\NetBT_Tcpip_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}. The backup
browser is stopping.
Data:
0000: 40 00 00 00 @...
Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 11/26/2007
Time: 8:52:42 AM
User: N/A
Computer: laptop1
Description:
The browser was unable to retrieve a list of servers from the browser master
\\DC1 on the network
\Device\NetBT_Tcpip_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}. The data is the
error code.
Data:
0000: 40 00 00 00 @...
Event Type: Error
Event Source: Windows Update Agent
Event Category: Software Sync
Event ID: 16
Date: 11/26/2007
Time: 8:40:21 AM
User: N/A
Computer: laptop1
Description:
Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot
download and install updates according to the set schedule. Windows will
continue to try to establish
a connection.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 30 sult=0x0
0010: 30 30 30 30 30 30 30 20 0000000
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 30 30 30 30 30 30 ={000000
0028: 30 30 2d 30 30 30 30 2d 00-0000-
0030: 30 30 30 30 2d 30 30 30 0000-000
0038: 30 2d 30 30 30 30 30 30 0-000000
0040: 30 30 30 30 30 30 7d 20 000000}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 30 Number=0
0058: 20 00 .
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 11/26/2007
Time: 8:40:17 AM
User: N/A
Computer: laptop1
Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none
of the sources are currently accessible. No attempt to contact a source
will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 14
Date: 11/26/2007
Time: 8:40:17 AM
User: N/A
Computer: laptop1
Description:
The time provider NtpClient was unable to find a domain controller to use as
a time source. NtpClient
will try again in 15 minutes.
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4201
Date: 11/26/2007
Time: 8:40:11 AM
User: N/A
Computer: laptop1
Description:
The system detected that network adapter
\DEVICE\TCPIP_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF} was
connected to the network, and has initiated normal operation over the
network adapter.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 69 10 00 40 ....i..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11191
Date: 11/23/2007
Time: 10:10:13 AM
User: N/A
Computer: laptop1
Description:
The system failed to update and remove pointer (PTR) resource records (RRs)
for network adapter
with settings:
Adapter Name : {C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}
Host Name : laptop1
Adapter-specific Domain Suffix : domainabc.COM
DNS server list :
192.168.1.102
Sent update to server : <?>
IP Address : 192.1.1.1
The system could not remove these PTR RRs because because of a system
problem. For specific error
code, see the record data displayed below.
Data:
0000: 51 27 00 00 Q'..
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 11/23/2007
Time: 10:10:09 AM
User: N/A
Computer: laptop1
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter
with settings:
Adapter Name : {C1F84C85-373B-4DEE-928A-75EFDF8BB0FF}
Host Name : laptop1
Primary Domain Suffix : domainabc.COM
DNS server list :
192.168.1.102
Sent update to server : 192.1.1.1
IP Address(es) :
192.168.1.128
The reason the update request failed was because of a system problem. For
specific error code, see
the record data displayed below.
Data:
0000: 51 27 00 00 Q'..
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4202
Date: 11/20/2007
Time: 2:37:42 PM
User: N/A
Computer: laptop1
Description:
The system detected that network adapter
\DEVICE\TCPIP_{C1F84C85-373B-4DEE-928A-75EFDF8BB0FF} was
disconnected from the network, and the adapter's network configuration has
been released. If the
network adapter was not disconnected, this may indicate that it has
malfunctioned. Please contact
your vendor for updated drivers.
Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 6a 10 00 40 ....j..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Intel(R) PRO/100 VE Network
Driver Intel Date 12/29/2003 ver 7.1.8.22 not signed
still trying to find updated driver
not sure where issue resides, anyone else having similar issues?
--
RM Administrator
Austin Texas ---- Yee-Haw!!
"The are no stupid questions, only stupid people"
"Only robots reboot"