Question : Issues with SBS 2003 Domain

Sorry this is going to be long but not sure was is relevant to our problem and wanted to make sure I provided enough details.

Up until a few weeks ago we were not having any problems at work with our server.  We recently moved from using McAfee to using Trend Micro's product.  

Our setup is a small company with one Small Business Server 2003 and around 30 computers connecting to the domain.  The SBS acts as our file server, Exchange server, virus central administration, etc.  We allow users to connect to the Exchange server locally or through RPC over HTTP (when using their laptops out of the office).

A couple weeks ago I started noticing some issues when I would take my laptop to school then bring it back to the office and hook back into the network.  When I would come into the office, plug in the ethernet, boot up the computer, it would allow me to input my username/password but then would sit there forever trying to login.  After around 30 minutes, the computer would eventually log on.  I would then try to access the Exchange server and sometimes I would be able to, while other times it would just try to connect forever.  When this would occur, accessing the shares on the server would take quite a long time to pull them up and browsing through them would take soo long!  Even times when it wouldn't access the Exchange server, it was still resolving/pinging the server internally.

While the laptop was having all these issues, every other computer in the office that stayed connected to the ethernet did not have any issues and was able to logon properly.  One other computer started having this problem off and on for a week or so (it being taken out of the office on a small road trip then would come back into the office and plug back into the network) but eventually the problem went away and it quit experiencing the issues.

For awhile we thought the problem went away because both laptops stopped experiencing the problem.  About 2 weeks ago, the problem came back with the original laptop that had the problem (the laptop goes in and out of the office all week).  

Thinking that it could be just an issue with the laptop, it was time to reformat Windows and start fresh.  Once Windows reinstalled, updates were applied, etc, the laptop was hooked back up to the network and attempted to join it to the domain.  We do this by using the HTTP process (http://sbs/connectcomputer) to join it to the domain.  Once it got to the end, it locked up IE for around 5 minutes then proceeded to tell me it wanted to reboot.  It finally rebooted the computer, made its configuration changes, rebooted the computer again, then was at the username/password dialog to log into the domain.  When I put in the username/password and hit log on, the same problems started all over again.  It takes around 30 minutes to log on and once on, it does not allow me to access the Exchange server but am still able to ping and resolve the server internally (What I mean when I say it doesn't access the Exchange server is that I'm attempting to setup an email account in Outlook to use an Exchange server but when I put in the Exchange server address and put in the Mail Box name and hit Check name, it takes about 5 minutes to say an Exchange server is unavailable).  When I try to access the shares, it takes a good 5 minutes before the username/password dialog even pops up then takes ages to browse through (when you logon to a computer using the username/password and try to access the shares, it doesn't ask for the username/password again, it just opens the shares since you are already authenticated).  

After letting the laptop sit over the weekend while still plugged into the network, quite a few errors built up in the logs (see at very bottom of post for the events).  The events that show up the most in the Application log is event 1053 and it appears every couple hours all day long.  In between all those 1053 errors, a 1704 error shows up about once a day.  In the System logs, it is full with tons of 40960 and 40961 events (mostly all relating to LDAP but some relating to CIFS).

Thinking it was just relating to the laptop and since I had a brand new desktop computer sitting next to me, I followed the same exact process and joined the computer to the domain (using the same http://sbs/connectcomputer method).  Just like mentioned above with the laptop, the desktop computer made it to the final task then froze Internet Explorer for about 5 minutes then proceeded with the reboot.  Once configured and username/password inputted then it makes its attempt to log on but takes 30-45 minutes.  Once it finally logs on, it is unable to access the Exchange server like mentioned above and when you try to access the shares, it also takes about 5 minutes to even ask for a username/password (which it shouldn't).  The desktop computer also sat on the network over the weekend and had the same events in the Event logs as on the laptop.  

So in other words, I am now unable to rejoin ANY new computer or freshly formatted computer to the domain.  Please note that all computers previously joined to the domain are still continuing the stay connected to the domain and users have absolutely no issues logging onto the domain and accessing Exchange/Shares.  Other laptop users are also removing their computer from the network, bringing it home, then coming back to the office and hooking back into the network without any issues.  

I'm sure there will be a lot of questions to be answered so I will be watching this post off and on and responding in a timely manner.  Thanks in advanced.



Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            1/3/2006
Time:            8:39:57 AM
User:            NT AUTHORITY\SYSTEM
Computer:      TESLA01-LT
Description:
Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Information
Event Source:      SceCli
Event Category:      None
Event ID:      1704
Date:            1/2/2006
Time:            9:05:19 AM
User:            N/A
Computer:      TESLA01-LT
Description:
Security policy in the Group policy objects has been applied successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Date:            1/3/2006
Time:            10:25:57 AM
User:            N/A
Computer:      TESLA01-LT
Description:
The Security System could not establish a secured connection with the server LDAP/sbs.XXXXXXXXX.com.  No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            1/3/2006
Time:            10:25:57 AM
User:            N/A
Computer:      TESLA01-LT
Description:
The Security System detected an attempted downgrade attack for server LDAP/sbs.XXXXXXXXX.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Date:            1/3/2006
Time:            9:35:47 AM
User:            N/A
Computer:      TESLA01-LT
Description:
The Security System could not establish a secured connection with the server cifs/sbs.XXXXXXXXX.com.  No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            1/3/2006
Time:            9:35:47 AM
User:            N/A
Computer:      TESLA01-LT
Description:
The Security System detected an attempted downgrade attack for server cifs/sbs.XXXXXXXXX.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Answer : Issues with SBS 2003 Domain

If that fails too, then the problem is likely here:

Open DHCP console.
Right-click the Domain and select Properties.
On the Advanced tab there is a button for Credentials.  Select it.
Make sure the Administrator account is being used and re-enter the password.
Make sure the Administrator account is also in the DNSUpdateProxy group.

Keep us posted.