Troubles with AD Domain / Group Policy?

[usererror]

Is anyone here using Win7 Pro in a 2003 Functionality level Active Directory environment?

On multiple Windows 7 boxes, my laptop, and my desktop I ALWAYS get the error attached in the screenshot "Failed to connect to a windows service" when I log onto the Domain. I have looked at the event log and it is very, very vague. Most our IT users who have 7 just don't log onto the Domain at all, but i'd like to figure out what the issue is.

The Aero service also does not work when I log on, so i have the win2k look, and then after about 2 minutes the service starts again, by itself and all is well.

Any ideas??

 

[H2SO4]

Not exactly a "crashes and debugging" issue, but perhaps sufficiently interesting for this section of the forum

Can you please post the text of the event(s) which relate to this error using the "copy" button (to copy details to the clipboard) in the lower left-hand corner of the event details dialog.

 

[usererror]

True, not a crashing / debugging issue. But it seemed to "fit" here best.

I discovered today that the "Crash" ONLY happens when I log onto my two 7 PC's using my AD account that is a member of the Domain Admins group.

If I log on as a normal user, the issue does NOT happen. I will post the text of the details window tomorrow when I return to work.

 

[usererror]

Ok here's what I got today immediately after logging in with my domain admin account:

"The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event."

"The winlogon notification subscriber <GPClient> failed a critical notification event."

"The scheduled restore point could not be created. Additional information: (0x80042319)." this one is maybe to be expected. We have System Restore DISABLED by Group Policy

"Volume Shadow Copy Service error: Writer WMI Writer did not respond to a GatherWriterStatus call.

Operation:
Gather writers' status
Executing Asynchronous Operation

Context:
Current State: GatherWriterStatus"

"The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service."

"The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service."

"The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service."

"The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service."

"The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service."

"The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service."

"The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service."

 

[H2SO4]

Ah, how wrong we were to think that it's not a "crashing & debugging" issue

The list of services which "terminated unexpectedly" corresponds to those sharing the same ("netsvcs") svchost instance. Therefore, it's safe to conclude that the specific svchost process is crashing.

It's not obvious from that output what the cause might be - at least not to me. As a suggestion, you might want to test what happens if you enable system restore.

Otherwise, it's possible to troubleshoot these sorts of crashes, but it's involved, especially so when svchost's the process which is crashing. If you're keen, I'll write up some suggestions.

 

[usererror]

If you wouldn't mind sending your suggestions I'd be curious to see them. Again I am baffled to why this only happens on my Domain Admin user account...its also happening to our other domain admins...

We are theorizing it has to do with our GPO...

 

[H2SO4]

If you wouldn't mind sending your suggestions I'd be curious to see them. Again I am baffled to why this only happens on my Domain Admin user account...its also happening to our other domain admins...

We are theorizing it has to do with our GPO...

I'd say you're very probably right, and that the specific mix of GPOs is somehow linked to the cause, although it's somewhat strange that the issue affects only admins - in most GP SNAFUs it's the non-admins who get the thick end of the stick.

There are multiple ways to approach this. If AD is your specialty, you could use the GPMC/RSOP tools to review the effective policy matrices for admins and non-admins, or rather the differences between them.

Otherwise, you could jump straight to the most vulgar problem manifestation - the svchost crash - and attempt to isolate and analyse the reasons. Personally, I'd favour this approach, if only because I think the GPMC was coded by beelzebub and his little wizards

If you're keen to go with the svchost crash analysis approach, please let me know whether running GPUPDATE /FORCE causes another instance of the svchost crash after having already logged on. If so, it becomes a little bit easier, because we've already got console access at the point where we can repro the crash, and that makes collecting crash info more straightforward.