Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer
There are a number of reasons this event may occur, no matter which Source Name its related to. One of the main reasons this behavior may occur is if the address for the configured preferred DNS server unreachable. One fothe first things to offer is to check EventID.net’s link to see if it applies to your scenario:
Summary of possibilities:
1. Using a DNS address that doesn’t have the AD zone data. Make sure the only DNS addresses on the NIC are the internal DC/DNS servers. Remove the ISP’s or the router’s as a DNS address. They do not have AD’s zone data that is required for AD to function properly.
Active Directory’s Reliance on DNS, and why you should never use an ISP’s DNS address or your router as a DNS address
Published by acefekay on Aug 17, 2009 at 7:35 PM
2. Multihomed DCs. If the DC is multihomed, numerous issues can result, too long to list. See the following for more info:
Multihomed DCs with DNS, RRAS, and/or PPPoE adapters
Published by acefekay on Aug 17, 2009 at 9:29 PM
3. AD DNS Domain Name is a Single Label Name. The name has no TLD, such as “domain” rather than domain.net, domain.local, etc. This can cause numerous problems, too lengthy to list. It also causes Windows XP SP3 and newer operating systems to fail the ability to resolve DNS names properly. See the following link for more information.
Active Directory DNS Domain Name Single Label Names
Published by acefekay on Nov 12, 2009 at 6:25 PM
4. There are unknown LdapIpAddress entries. This is the “same as parent” name under the zone. There should only be one for each DC in the domain. If there are others, it will cause numerous issues with AD, GPOs, DFS, and other AD functions.
5. Multiple A records for the DC. Make sure there is only one IP address for each DC. If not, it falls under the multihomed DC issue in #2.
6. Multiple GcIpAddresses. Check the _gc_msdsc.yourDomain.local record to make sure there is only one entry for each GC. If there are multiples for one GC, that will cause problems, and falls under the multihomed DC issue in #2.
7. Unknown NS names in the zone. Go into each zone properties (yourDomain.local and _msdcs.yourDomain.local), Nameservers tab, and make sure only your DC/DNS servers show up. If there are others, please remove them. This tab indicates which NS and SOA is for the zones, and if any unkown servers are listed, the client machine may be trying to query for them during resolution and registration, and will cause problems.
8. AMD Opeteron CPUs are known to cause issues. One poster in the Microsoft forums reported EventID 1054 issue on a Dell T105 (circa 2010) with Dual Core Opterons. It was found the AMD Opeteron processor has timing issue. From previous reports, Microsoft supposedly fixed it in Windows 2003 SP2, but something may have changed in recent AMD core releases causing it again. One key test was to ping the server’s own IP. If you receive negative ping times, timing is skewed. A reboot fixes it for a while but then it drifts and EventID 1054 resume.
There are AMD processor patches that you can find at AMD’s website. Another workaround is to add the “/usepmtimer” switch to boot.ini. KB895980 provides more specifics about this issue.
Programs that use the QueryPerformanceCounter function may perform poorly in Windows Server 2000, in Windows Server 2003, and in Windows XP
9. Make sure time is configured properly. You never know, this is one that many do not think about that can cause many issues, which may or may not possibly cause EventID 1054 errors, but it would not hurt to make sure the time service is operating properly. See the following link for more information:
Configuring the Windows Time Service for Windows Server
Published by acefekay on Sep 18, 2009 at 8:14 PM
Steps to help narrow down this issue:
Let’s start by using nslookup to see if you get the proper resonse when querying for LDAP SRV records.
1. Type nslookup, and then press ENTER.
2. Type set q=all, and then press ENTER.
3. Type _ldap._tcp.dc._msdcs.domain.com and then press ENTER.
You will be looking for the domain controllers to respond to this query. If they do not, then we need to look at your SRV records as well as whether any of the above summarized causes are contributing to the non-DC responses, such as using an ISP’s DNS, the router, multihomed DCs, single label name, etc.
More possible causes:
In addition, These errors may occur because link status fluctuates as the network adapter (also known as the network interface card, or NIC) driver initializes and as the network adapter hardware negotiates a link with the network infrastructure. The Group Policy application stack executes before the negotiation process is completed and can fail because of the absence of a valid link.
To resolve problem related to link status fluctuation use the steps in 239924 –
“How to disable Media Sensing for TCP/IP in Windows” at
To prevent your network adapter from detecting the link state:
1. Open Registry Editor (Regedt32.exe).
2. Go to the following key in the registry:
3. Add the following registry value:
Value Name: DisableDHCPMediaSense
Data Type: REG_DWORD -Boolean
Value Data Range: 0, 1 (False, True) Default: 0 (False)
Contact the vendor of the network card or visit their web site to obtain updated
drivers for the Gigabit NIC.
Examples of NICs known to exhibit this issue:
- Broadcom Gigabit Adapter
- Intel Gigabit Ethernet PRO Adapter, Intel Pro/1000
- Intel 82544EI-based XT Gigabit Adapter (82540EM chipse)
- Compaq/HP NIC dual interface 10/100/1000 doing teaming (HP NC7170)
- Dell Inspiron laptops using an on-board Broadcom BCM4401 NIC
A sever may have a Dual Port NIC or multiple NIC’s with one port or NIC set to
Disabled. The disabled port or NIC should not be at the top of the binding order
in the Network Advance Properties.
1. Click Start, point to Settings, and then click “Network and Dial-up
2. On the Advanced menu, click “Advanced Settings”.
3. On the “Adapters and Bindings” tab, in the connections list, select the NIC that
the clients use to connect to the server and move it to the top of the list.
Disabling spanning tree on the switches (Cisco Catalyst)
Note: STP=Spanning Tree Protocol. Turning off STP can cause issues in your network
if a loop ever develops. If you are running a Cisco Series switch or any other
switch that runs Spanning Tree, it is best to leave spanning tree turned on, but
enable PORTFAST on all the ports except uplink and fiber trunks. (I.E any ports
that aren’t connected to a workstation directly should not have it enabled, ports
that do go directly to a workstation or computer should have it turned on.)
PORTFAST eliminates the 50 second waiting period that STP has, but allows you to
keep the functionality of STP.
326152 PRB: Cannot Connect to Domain Controller and Cannot Apply Group Policy
298656 Event ID 1054 Is Logged in the Application Event Log
239924 How to Disable Media Sense for TCP/IP in Windows