From: Meinolf Weber [MVP-DS] on
Hello Jancso,

So only one DNS server exists and all TS are configured to use that one only
as DNS server on the NIC? I ask because this isn't the complete ipconfig
/all output. The error message "(The specified user does not exist)" mostly
belongs to a DNS problem. Also you should better use the real ip addresses
on the servers instead of the loopback ip 127.0.0.1

Are the firewalls disabled or enabled on the servers?

Are they suing the latest SP and available patches?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thank you again for your reply.
>
> DC/DNS Server:
>
> Hostname: <servername>
> Primary DNS-Suffix: ASPSYZ.ch
> Node Type: unknown
> IP Routing Enabled: No
> WINS Proxy Enabled: No
> DNS Suffix Search List: ASPSYZ.ch
> DHCP enabled: No
> IP address: 10.2.1.2
> Subnet Mask: 255.255.255.0
> Default Gateway: 10.2.1.1
> DNS Server: 127.0.0.1
> Terminal Server:
>
> Hostname: <servername>
> Primary DNS-Suffix: ASPSYZ.ch
> Node Type: Hybrid
> IP Routing Enabled: No
> WINS Proxy Enabled: No
> DNS Suffix Search List: ASPSYZ.ch
> DHCP enabled: No
> Autoconfiguration Enabled: Yes
> IPv4 Address: 10.2.1.9<Preferred>
> Subnet Mask: 255.255.255.0
> Default Gateway: 10.2.1.1
> DNS Server: 10.2.1.2
> NetBIOS over Tcpip: Enabled
> Are they ok?
>
> Best regards,
> Chris
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Jancso,
>>
>> Please post an unedited ipconfig /all from your TS and the DC/DNS
>> server, so we can exclude DNS as one problem.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi Meinolf
>>>
>>> Thank you very much for your reply. Terminal Server users are in
>>> security groups depending on the company they are working for. For
>>> each company I have a different GPO.
>>>
>>> When I open GroupPolicy Management I can see my GPOs. In each GPO is
>>> a section called security filtering. In this section I inserted the
>>> corresponding security group. Therefore I don't have to add each
>>> user of this.
>>>
>>> I hope this is more understandable now.
>>>
>>> Thank you for your help!
>>> Chris
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>> Hello Jancso,
>>>>
>>>> GPOs are applied to users or computers, not security groups. Or do
>>>> you use security filtering on the OU where the user accounts are
>>>> located, as you are talking about client groups? Please clarify
>>>> this a bit more.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Dear all
>>>>>
>>>>> I have the following situation:
>>>>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows
>>>>> Server
>>>>> 2003
>>>>> and 2 Terminal Server with Windows Server 2008.
>>>>> For different clients I have different GPOs.
>>>>> When I login as user A (from client group A with GPO A) to each of
>>>>> these 3 Terminal Server the GPO applies successfully.
>>>>> When I login as user B (from client group B with GPO B) to each of
>>>>> those 3 Terminal Server the GPO does not apply.
>>>>> I notice that I have the error in event viewer:
>>>>> 1053: Windows cannot determine the user or computer name. (The
>>>>> specified
>>>>> user does not exist)
>>>>> I have checked DNS which seems to be working correctly. The users
>>>>> are
>>>>> in the
>>>>> same OU so there should be no permission issue.
>>>>> I am able to see \\<domain name>\sysvol from the Terminal Server.
>>>>> I also checkt the group membership. This is also correct.
>>>>> Can anyone help me with this?
>>>>> TIA
>>>>> Chris
>>>> .
>>>>
>> .
>>


From: Jancso Christian on
Hello Meinolf

Yes there is only one DNS Server and all Terminal Server are configured to
use only this one.
I have changed the IP adress to the real address now as you said.
The firewall are turned off and the servers have the latest patches (done
yesterday).

I also have the log for userenv:

USERENV(824.1fc0) 13:59:51:068 LibMain: Process Name: C:\Program
Files\Microsoft Office\OFFICE11\EXCEL.EXE
USERENV(6b8.918) 13:59:59:006 ProcessGPOs:
USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
USERENV(6b8.918) 13:59:59:053 ProcessGPOs: Starting user Group Policy
(Background) processing...
USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Entering with
timeout 600000 and flags 0x0
USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: User critical
section has been claimed. Handle = 0x188
USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(6b8.918) 13:59:59:068 ProcessGPOs: Machine role is 2.
USERENV(6b8.918) 13:59:59:287 MyGetUserName: GetUserNameEx failed with 1317.
USERENV(6b8.918) 13:59:59:381 MyGetUserName: Retrying call to GetUserNameEx
in 1/2 second.
USERENV(6b8.918) 13:59:59:896 MyGetUserName: GetUserNameEx failed with 1317.
USERENV(6b8.918) 13:59:59:896 MyGetUserName: Retrying call to GetUserNameEx
in 1/2 second.
USERENV(6b8.918) 14:00:00:428 MyGetUserName: GetUserNameEx failed with 1317.
USERENV(6b8.918) 14:00:00:428 MyGetUserName: Retrying call to GetUserNameEx
in 1/2 second.
USERENV(6b8.918) 14:00:00:974 MyGetUserName: GetUserNameEx failed with 1317.
USERENV(6b8.918) 14:00:00:974 ProcessGPOs: MyGetUserName failed with 1317.
USERENV(6b8.918) 14:00:00:990 ProcessGPOs: No WMI logging done in this
policy cycle.
USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Processing failed with error 1317.
USERENV(6b8.918) 14:00:01:006 LeaveCriticalPolicySection: Critical section
0x188 has been released.
USERENV(6b8.918) 14:00:01:006 ProcessGPOs: User Group Policy has been applied.
USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Leaving with 0.
USERENV(6b8.918) 14:00:01:006 GPOThread: Next refresh will happen in 105
minutes
USERENV(2e50.28ac) 14:00:42:645 LibMain: Process Name:
C:\WINDOWS\system32\NOTEPAD.EXE
USERENV(2e50.28ac) 14:00:42:645 GetProfileType: Profile already loaded.
USERENV(2e50.28ac) 14:00:42:645 GetProfileType: ProfileFlags is 2

Does this help?

"Meinolf Weber [MVP-DS]" wrote:

> Hello Jancso,
>
> So only one DNS server exists and all TS are configured to use that one only
> as DNS server on the NIC? I ask because this isn't the complete ipconfig
> /all output. The error message "(The specified user does not exist)" mostly
> belongs to a DNS problem. Also you should better use the real ip addresses
> on the servers instead of the loopback ip 127.0.0.1
>
> Are the firewalls disabled or enabled on the servers?
>
> Are they suing the latest SP and available patches?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Thank you again for your reply.
> >
> > DC/DNS Server:
> >
> > Hostname: <servername>
> > Primary DNS-Suffix: ASPSYZ.ch
> > Node Type: unknown
> > IP Routing Enabled: No
> > WINS Proxy Enabled: No
> > DNS Suffix Search List: ASPSYZ.ch
> > DHCP enabled: No
> > IP address: 10.2.1.2
> > Subnet Mask: 255.255.255.0
> > Default Gateway: 10.2.1.1
> > DNS Server: 127.0.0.1
> > Terminal Server:
> >
> > Hostname: <servername>
> > Primary DNS-Suffix: ASPSYZ.ch
> > Node Type: Hybrid
> > IP Routing Enabled: No
> > WINS Proxy Enabled: No
> > DNS Suffix Search List: ASPSYZ.ch
> > DHCP enabled: No
> > Autoconfiguration Enabled: Yes
> > IPv4 Address: 10.2.1.9<Preferred>
> > Subnet Mask: 255.255.255.0
> > Default Gateway: 10.2.1.1
> > DNS Server: 10.2.1.2
> > NetBIOS over Tcpip: Enabled
> > Are they ok?
> >
> > Best regards,
> > Chris
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Jancso,
> >>
> >> Please post an unedited ipconfig /all from your TS and the DC/DNS
> >> server, so we can exclude DNS as one problem.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Hi Meinolf
> >>>
> >>> Thank you very much for your reply. Terminal Server users are in
> >>> security groups depending on the company they are working for. For
> >>> each company I have a different GPO.
> >>>
> >>> When I open GroupPolicy Management I can see my GPOs. In each GPO is
> >>> a section called security filtering. In this section I inserted the
> >>> corresponding security group. Therefore I don't have to add each
> >>> user of this.
> >>>
> >>> I hope this is more understandable now.
> >>>
> >>> Thank you for your help!
> >>> Chris
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Jancso,
> >>>>
> >>>> GPOs are applied to users or computers, not security groups. Or do
> >>>> you use security filtering on the OU where the user accounts are
> >>>> located, as you are talking about client groups? Please clarify
> >>>> this a bit more.
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> Dear all
> >>>>>
> >>>>> I have the following situation:
> >>>>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows
> >>>>> Server
> >>>>> 2003
> >>>>> and 2 Terminal Server with Windows Server 2008.
> >>>>> For different clients I have different GPOs.
> >>>>> When I login as user A (from client group A with GPO A) to each of
> >>>>> these 3 Terminal Server the GPO applies successfully.
> >>>>> When I login as user B (from client group B with GPO B) to each of
> >>>>> those 3 Terminal Server the GPO does not apply.
> >>>>> I notice that I have the error in event viewer:
> >>>>> 1053: Windows cannot determine the user or computer name. (The
> >>>>> specified
> >>>>> user does not exist)
> >>>>> I have checked DNS which seems to be working correctly. The users
> >>>>> are
> >>>>> in the
> >>>>> same OU so there should be no permission issue.
> >>>>> I am able to see \\<domain name>\sysvol from the Terminal Server.
> >>>>> I also checkt the group membership. This is also correct.
> >>>>> Can anyone help me with this?
> >>>>> TIA
> >>>>> Chris
> >>>> .
> >>>>
> >> .
> >>
>
>
> .
>
From: Meinolf Weber [MVP-DS] on
Hello Jancso,

Does all machines have the smae time zone and tim settings? Please check
the DCs with dcdiag /v, repadmin /showrepl and netdiag for errors.

Also make sure all machines are registered with there A record in the DNS
forward/reverse lookup zone.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Meinolf
>
> Yes there is only one DNS Server and all Terminal Server are
> configured to
> use only this one.
> I have changed the IP adress to the real address now as you said.
> The firewall are turned off and the servers have the latest patches
> (done
> yesterday).
> I also have the log for userenv:
>
> USERENV(824.1fc0) 13:59:51:068 LibMain: Process Name: C:\Program
> Files\Microsoft Office\OFFICE11\EXCEL.EXE
> USERENV(6b8.918) 13:59:59:006 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs: Starting user Group Policy
> (Background) processing...
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Entering
> with
> timeout 600000 and flags 0x0
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: User
> critical
> section has been claimed. Handle = 0x188
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Leaving
> successfully.
> USERENV(6b8.918) 13:59:59:068 ProcessGPOs: Machine role is 2.
> USERENV(6b8.918) 13:59:59:287 MyGetUserName: GetUserNameEx failed
> with 1317.
> USERENV(6b8.918) 13:59:59:381 MyGetUserName: Retrying call to
> GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 13:59:59:896 MyGetUserName: GetUserNameEx failed
> with 1317.
> USERENV(6b8.918) 13:59:59:896 MyGetUserName: Retrying call to
> GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 14:00:00:428 MyGetUserName: GetUserNameEx failed
> with 1317.
> USERENV(6b8.918) 14:00:00:428 MyGetUserName: Retrying call to
> GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 14:00:00:974 MyGetUserName: GetUserNameEx failed
> with 1317.
> USERENV(6b8.918) 14:00:00:974 ProcessGPOs: MyGetUserName failed with
> 1317.
> USERENV(6b8.918) 14:00:00:990 ProcessGPOs: No WMI logging done in this
> policy cycle.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Processing failed with
> error 1317.
> USERENV(6b8.918) 14:00:01:006 LeaveCriticalPolicySection: Critical
> section
> 0x188 has been released.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: User Group Policy has been
> applied.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Leaving with 0.
> USERENV(6b8.918) 14:00:01:006 GPOThread: Next refresh will happen in
> 105
> minutes
> USERENV(2e50.28ac) 14:00:42:645 LibMain: Process Name:
> C:\WINDOWS\system32\NOTEPAD.EXE
> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: Profile already
> loaded.
> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: ProfileFlags is 2
> Does this help?
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Jancso,
>>
>> So only one DNS server exists and all TS are configured to use that
>> one only as DNS server on the NIC? I ask because this isn't the
>> complete ipconfig /all output. The error message "(The specified user
>> does not exist)" mostly belongs to a DNS problem. Also you should
>> better use the real ip addresses on the servers instead of the
>> loopback ip 127.0.0.1
>>
>> Are the firewalls disabled or enabled on the servers?
>>
>> Are they suing the latest SP and available patches?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thank you again for your reply.
>>>
>>> DC/DNS Server:
>>>
>>> Hostname: <servername>
>>> Primary DNS-Suffix: ASPSYZ.ch
>>> Node Type: unknown
>>> IP Routing Enabled: No
>>> WINS Proxy Enabled: No
>>> DNS Suffix Search List: ASPSYZ.ch
>>> DHCP enabled: No
>>> IP address: 10.2.1.2
>>> Subnet Mask: 255.255.255.0
>>> Default Gateway: 10.2.1.1
>>> DNS Server: 127.0.0.1
>>> Terminal Server:
>>> Hostname: <servername>
>>> Primary DNS-Suffix: ASPSYZ.ch
>>> Node Type: Hybrid
>>> IP Routing Enabled: No
>>> WINS Proxy Enabled: No
>>> DNS Suffix Search List: ASPSYZ.ch
>>> DHCP enabled: No
>>> Autoconfiguration Enabled: Yes
>>> IPv4 Address: 10.2.1.9<Preferred>
>>> Subnet Mask: 255.255.255.0
>>> Default Gateway: 10.2.1.1
>>> DNS Server: 10.2.1.2
>>> NetBIOS over Tcpip: Enabled
>>> Are they ok?
>>> Best regards,
>>> Chris
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>> Hello Jancso,
>>>>
>>>> Please post an unedited ipconfig /all from your TS and the DC/DNS
>>>> server, so we can exclude DNS as one problem.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hi Meinolf
>>>>>
>>>>> Thank you very much for your reply. Terminal Server users are in
>>>>> security groups depending on the company they are working for. For
>>>>> each company I have a different GPO.
>>>>>
>>>>> When I open GroupPolicy Management I can see my GPOs. In each GPO
>>>>> is a section called security filtering. In this section I inserted
>>>>> the corresponding security group. Therefore I don't have to add
>>>>> each user of this.
>>>>>
>>>>> I hope this is more understandable now.
>>>>>
>>>>> Thank you for your help!
>>>>> Chris
>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>> Hello Jancso,
>>>>>>
>>>>>> GPOs are applied to users or computers, not security groups. Or
>>>>>> do you use security filtering on the OU where the user accounts
>>>>>> are located, as you are talking about client groups? Please
>>>>>> clarify this a bit more.
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Dear all
>>>>>>>
>>>>>>> I have the following situation:
>>>>>>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows
>>>>>>> Server
>>>>>>> 2003
>>>>>>> and 2 Terminal Server with Windows Server 2008.
>>>>>>> For different clients I have different GPOs.
>>>>>>> When I login as user A (from client group A with GPO A) to each
>>>>>>> of
>>>>>>> these 3 Terminal Server the GPO applies successfully.
>>>>>>> When I login as user B (from client group B with GPO B) to each
>>>>>>> of
>>>>>>> those 3 Terminal Server the GPO does not apply.
>>>>>>> I notice that I have the error in event viewer:
>>>>>>> 1053: Windows cannot determine the user or computer name. (The
>>>>>>> specified
>>>>>>> user does not exist)
>>>>>>> I have checked DNS which seems to be working correctly. The
>>>>>>> users
>>>>>>> are
>>>>>>> in the
>>>>>>> same OU so there should be no permission issue.
>>>>>>> I am able to see \\<domain name>\sysvol from the Terminal
>>>>>>> Server.
>>>>>>> I also checkt the group membership. This is also correct.
>>>>>>> Can anyone help me with this?
>>>>>>> TIA
>>>>>>> Chris
>>>>>> .
>>>>>>
>>>> .
>>>>
>> .
>>


From: Jancso Christian on
Hello Meinolf

I solved it. I don't know why but due to some reason the read permission on
"Computers" for Authenticated Users was not set anymore. After setting this
it seems to be working. I tested it with 3 users on 3 TS and it works.

Thank you very much for your help!!

Best,
Chris

"Jancso Christian" wrote:

> Hello Meinolf
>
> Yes there is only one DNS Server and all Terminal Server are configured to
> use only this one.
> I have changed the IP adress to the real address now as you said.
> The firewall are turned off and the servers have the latest patches (done
> yesterday).
>
> I also have the log for userenv:
>
> USERENV(824.1fc0) 13:59:51:068 LibMain: Process Name: C:\Program
> Files\Microsoft Office\OFFICE11\EXCEL.EXE
> USERENV(6b8.918) 13:59:59:006 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs: Starting user Group Policy
> (Background) processing...
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Entering with
> timeout 600000 and flags 0x0
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: User critical
> section has been claimed. Handle = 0x188
> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Leaving
> successfully.
> USERENV(6b8.918) 13:59:59:068 ProcessGPOs: Machine role is 2.
> USERENV(6b8.918) 13:59:59:287 MyGetUserName: GetUserNameEx failed with 1317.
> USERENV(6b8.918) 13:59:59:381 MyGetUserName: Retrying call to GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 13:59:59:896 MyGetUserName: GetUserNameEx failed with 1317.
> USERENV(6b8.918) 13:59:59:896 MyGetUserName: Retrying call to GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 14:00:00:428 MyGetUserName: GetUserNameEx failed with 1317.
> USERENV(6b8.918) 14:00:00:428 MyGetUserName: Retrying call to GetUserNameEx
> in 1/2 second.
> USERENV(6b8.918) 14:00:00:974 MyGetUserName: GetUserNameEx failed with 1317.
> USERENV(6b8.918) 14:00:00:974 ProcessGPOs: MyGetUserName failed with 1317.
> USERENV(6b8.918) 14:00:00:990 ProcessGPOs: No WMI logging done in this
> policy cycle.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Processing failed with error 1317.
> USERENV(6b8.918) 14:00:01:006 LeaveCriticalPolicySection: Critical section
> 0x188 has been released.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: User Group Policy has been applied.
> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Leaving with 0.
> USERENV(6b8.918) 14:00:01:006 GPOThread: Next refresh will happen in 105
> minutes
> USERENV(2e50.28ac) 14:00:42:645 LibMain: Process Name:
> C:\WINDOWS\system32\NOTEPAD.EXE
> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: Profile already loaded.
> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: ProfileFlags is 2
>
> Does this help?
>
> "Meinolf Weber [MVP-DS]" wrote:
>
> > Hello Jancso,
> >
> > So only one DNS server exists and all TS are configured to use that one only
> > as DNS server on the NIC? I ask because this isn't the complete ipconfig
> > /all output. The error message "(The specified user does not exist)" mostly
> > belongs to a DNS problem. Also you should better use the real ip addresses
> > on the servers instead of the loopback ip 127.0.0.1
> >
> > Are the firewalls disabled or enabled on the servers?
> >
> > Are they suing the latest SP and available patches?
> >
> > Best regards
> >
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> > no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >
> >
> > > Thank you again for your reply.
> > >
> > > DC/DNS Server:
> > >
> > > Hostname: <servername>
> > > Primary DNS-Suffix: ASPSYZ.ch
> > > Node Type: unknown
> > > IP Routing Enabled: No
> > > WINS Proxy Enabled: No
> > > DNS Suffix Search List: ASPSYZ.ch
> > > DHCP enabled: No
> > > IP address: 10.2.1.2
> > > Subnet Mask: 255.255.255.0
> > > Default Gateway: 10.2.1.1
> > > DNS Server: 127.0.0.1
> > > Terminal Server:
> > >
> > > Hostname: <servername>
> > > Primary DNS-Suffix: ASPSYZ.ch
> > > Node Type: Hybrid
> > > IP Routing Enabled: No
> > > WINS Proxy Enabled: No
> > > DNS Suffix Search List: ASPSYZ.ch
> > > DHCP enabled: No
> > > Autoconfiguration Enabled: Yes
> > > IPv4 Address: 10.2.1.9<Preferred>
> > > Subnet Mask: 255.255.255.0
> > > Default Gateway: 10.2.1.1
> > > DNS Server: 10.2.1.2
> > > NetBIOS over Tcpip: Enabled
> > > Are they ok?
> > >
> > > Best regards,
> > > Chris
> > > "Meinolf Weber [MVP-DS]" wrote:
> > >
> > >> Hello Jancso,
> > >>
> > >> Please post an unedited ipconfig /all from your TS and the DC/DNS
> > >> server, so we can exclude DNS as one problem.
> > >>
> > >> Best regards
> > >>
> > >> Meinolf Weber
> > >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> > >> confers
> > >> no rights.
> > >> ** Please do NOT email, only reply to Newsgroups
> > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> > >>> Hi Meinolf
> > >>>
> > >>> Thank you very much for your reply. Terminal Server users are in
> > >>> security groups depending on the company they are working for. For
> > >>> each company I have a different GPO.
> > >>>
> > >>> When I open GroupPolicy Management I can see my GPOs. In each GPO is
> > >>> a section called security filtering. In this section I inserted the
> > >>> corresponding security group. Therefore I don't have to add each
> > >>> user of this.
> > >>>
> > >>> I hope this is more understandable now.
> > >>>
> > >>> Thank you for your help!
> > >>> Chris
> > >>> "Meinolf Weber [MVP-DS]" wrote:
> > >>>> Hello Jancso,
> > >>>>
> > >>>> GPOs are applied to users or computers, not security groups. Or do
> > >>>> you use security filtering on the OU where the user accounts are
> > >>>> located, as you are talking about client groups? Please clarify
> > >>>> this a bit more.
> > >>>>
> > >>>> Best regards
> > >>>>
> > >>>> Meinolf Weber
> > >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> > >>>> and
> > >>>> confers
> > >>>> no rights.
> > >>>> ** Please do NOT email, only reply to Newsgroups
> > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> > >>>>> Dear all
> > >>>>>
> > >>>>> I have the following situation:
> > >>>>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows
> > >>>>> Server
> > >>>>> 2003
> > >>>>> and 2 Terminal Server with Windows Server 2008.
> > >>>>> For different clients I have different GPOs.
> > >>>>> When I login as user A (from client group A with GPO A) to each of
> > >>>>> these 3 Terminal Server the GPO applies successfully.
> > >>>>> When I login as user B (from client group B with GPO B) to each of
> > >>>>> those 3 Terminal Server the GPO does not apply.
> > >>>>> I notice that I have the error in event viewer:
> > >>>>> 1053: Windows cannot determine the user or computer name. (The
> > >>>>> specified
> > >>>>> user does not exist)
> > >>>>> I have checked DNS which seems to be working correctly. The users
> > >>>>> are
> > >>>>> in the
> > >>>>> same OU so there should be no permission issue.
> > >>>>> I am able to see \\<domain name>\sysvol from the Terminal Server.
> > >>>>> I also checkt the group membership. This is also correct.
> > >>>>> Can anyone help me with this?
> > >>>>> TIA
> > >>>>> Chris
> > >>>> .
> > >>>>
> > >> .
> > >>
> >
> >
> > .
> >
From: Meinolf Weber [MVP-DS] on
Hello Jancso,

Nice to hear that you solved it, thanks for the feedback.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Meinolf
>
> I solved it. I don't know why but due to some reason the read
> permission on "Computers" for Authenticated Users was not set anymore.
> After setting this it seems to be working. I tested it with 3 users on
> 3 TS and it works.
>
> Thank you very much for your help!!
>
> Best,
> Chris
> "Jancso Christian" wrote:
>
>> Hello Meinolf
>>
>> Yes there is only one DNS Server and all Terminal Server are
>> configured to
>> use only this one.
>> I have changed the IP adress to the real address now as you said.
>> The firewall are turned off and the servers have the latest patches
>> (done
>> yesterday).
>> I also have the log for userenv:
>>
>> USERENV(824.1fc0) 13:59:51:068 LibMain: Process Name: C:\Program
>> Files\Microsoft Office\OFFICE11\EXCEL.EXE
>> USERENV(6b8.918) 13:59:59:006 ProcessGPOs:
>> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
>> USERENV(6b8.918) 13:59:59:053 ProcessGPOs: Starting user Group Policy
>> (Background) processing...
>> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
>> USERENV(6b8.918) 13:59:59:053 ProcessGPOs:
>> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Entering
>> with
>> timeout 600000 and flags 0x0
>> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: User
>> critical
>> section has been claimed. Handle = 0x188
>> USERENV(6b8.918) 13:59:59:053 EnterCriticalPolicySectionEx: Leaving
>> successfully.
>> USERENV(6b8.918) 13:59:59:068 ProcessGPOs: Machine role is 2.
>> USERENV(6b8.918) 13:59:59:287 MyGetUserName: GetUserNameEx failed
>> with 1317.
>> USERENV(6b8.918) 13:59:59:381 MyGetUserName: Retrying call to
>> GetUserNameEx
>> in 1/2 second.
>> USERENV(6b8.918) 13:59:59:896 MyGetUserName: GetUserNameEx failed
>> with 1317.
>> USERENV(6b8.918) 13:59:59:896 MyGetUserName: Retrying call to
>> GetUserNameEx
>> in 1/2 second.
>> USERENV(6b8.918) 14:00:00:428 MyGetUserName: GetUserNameEx failed
>> with 1317.
>> USERENV(6b8.918) 14:00:00:428 MyGetUserName: Retrying call to
>> GetUserNameEx
>> in 1/2 second.
>> USERENV(6b8.918) 14:00:00:974 MyGetUserName: GetUserNameEx failed
>> with 1317.
>> USERENV(6b8.918) 14:00:00:974 ProcessGPOs: MyGetUserName failed with
>> 1317.
>> USERENV(6b8.918) 14:00:00:990 ProcessGPOs: No WMI logging done in
>> this
>> policy cycle.
>> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Processing failed with
>> error 1317.
>> USERENV(6b8.918) 14:00:01:006 LeaveCriticalPolicySection: Critical
>> section
>> 0x188 has been released.
>> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: User Group Policy has been
>> applied.
>> USERENV(6b8.918) 14:00:01:006 ProcessGPOs: Leaving with 0.
>> USERENV(6b8.918) 14:00:01:006 GPOThread: Next refresh will happen in
>> 105
>> minutes
>> USERENV(2e50.28ac) 14:00:42:645 LibMain: Process Name:
>> C:\WINDOWS\system32\NOTEPAD.EXE
>> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: Profile already
>> loaded.
>> USERENV(2e50.28ac) 14:00:42:645 GetProfileType: ProfileFlags is 2
>> Does this help?
>>
>> "Meinolf Weber [MVP-DS]" wrote:
>>
>>> Hello Jancso,
>>>
>>> So only one DNS server exists and all TS are configured to use that
>>> one only as DNS server on the NIC? I ask because this isn't the
>>> complete ipconfig /all output. The error message "(The specified
>>> user does not exist)" mostly belongs to a DNS problem. Also you
>>> should better use the real ip addresses on the servers instead of
>>> the loopback ip 127.0.0.1
>>>
>>> Are the firewalls disabled or enabled on the servers?
>>>
>>> Are they suing the latest SP and available patches?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Thank you again for your reply.
>>>>
>>>> DC/DNS Server:
>>>>
>>>> Hostname: <servername>
>>>> Primary DNS-Suffix: ASPSYZ.ch
>>>> Node Type: unknown
>>>> IP Routing Enabled: No
>>>> WINS Proxy Enabled: No
>>>> DNS Suffix Search List: ASPSYZ.ch
>>>> DHCP enabled: No
>>>> IP address: 10.2.1.2
>>>> Subnet Mask: 255.255.255.0
>>>> Default Gateway: 10.2.1.1
>>>> DNS Server: 127.0.0.1
>>>> Terminal Server:
>>>> Hostname: <servername>
>>>> Primary DNS-Suffix: ASPSYZ.ch
>>>> Node Type: Hybrid
>>>> IP Routing Enabled: No
>>>> WINS Proxy Enabled: No
>>>> DNS Suffix Search List: ASPSYZ.ch
>>>> DHCP enabled: No
>>>> Autoconfiguration Enabled: Yes
>>>> IPv4 Address: 10.2.1.9<Preferred>
>>>> Subnet Mask: 255.255.255.0
>>>> Default Gateway: 10.2.1.1
>>>> DNS Server: 10.2.1.2
>>>> NetBIOS over Tcpip: Enabled
>>>> Are they ok?
>>>> Best regards,
>>>> Chris
>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>> Hello Jancso,
>>>>>
>>>>> Please post an unedited ipconfig /all from your TS and the DC/DNS
>>>>> server, so we can exclude DNS as one problem.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hi Meinolf
>>>>>>
>>>>>> Thank you very much for your reply. Terminal Server users are in
>>>>>> security groups depending on the company they are working for.
>>>>>> For each company I have a different GPO.
>>>>>>
>>>>>> When I open GroupPolicy Management I can see my GPOs. In each GPO
>>>>>> is a section called security filtering. In this section I
>>>>>> inserted the corresponding security group. Therefore I don't have
>>>>>> to add each user of this.
>>>>>>
>>>>>> I hope this is more understandable now.
>>>>>>
>>>>>> Thank you for your help!
>>>>>> Chris
>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>> Hello Jancso,
>>>>>>>
>>>>>>> GPOs are applied to users or computers, not security groups. Or
>>>>>>> do you use security filtering on the OU where the user accounts
>>>>>>> are located, as you are talking about client groups? Please
>>>>>>> clarify this a bit more.
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers
>>>>>>> no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Dear all
>>>>>>>>
>>>>>>>> I have the following situation:
>>>>>>>> 2 DC with Windows Server 2003, 1 Terminal Server with Windows
>>>>>>>> Server
>>>>>>>> 2003
>>>>>>>> and 2 Terminal Server with Windows Server 2008.
>>>>>>>> For different clients I have different GPOs.
>>>>>>>> When I login as user A (from client group A with GPO A) to each
>>>>>>>> of
>>>>>>>> these 3 Terminal Server the GPO applies successfully.
>>>>>>>> When I login as user B (from client group B with GPO B) to each
>>>>>>>> of
>>>>>>>> those 3 Terminal Server the GPO does not apply.
>>>>>>>> I notice that I have the error in event viewer:
>>>>>>>> 1053: Windows cannot determine the user or computer name. (The
>>>>>>>> specified
>>>>>>>> user does not exist)
>>>>>>>> I have checked DNS which seems to be working correctly. The
>>>>>>>> users
>>>>>>>> are
>>>>>>>> in the
>>>>>>>> same OU so there should be no permission issue.
>>>>>>>> I am able to see \\<domain name>\sysvol from the Terminal
>>>>>>>> Server.
>>>>>>>> I also checkt the group membership. This is also correct.
>>>>>>>> Can anyone help me with this?
>>>>>>>> TIA
>>>>>>>> Chris
>>>>>>> .
>>>>>>>
>>>>> .
>>>>>
>>> .
>>>