We are having a weird issue with some of our computers/laptops. When starting the system after shutdown, it gets stuck on the "black screen" screen and only the mouse cursor is visible even no keys of the keyboard is working like ALT+CLTRL+DEL . It takes more than 15 minutes to stay stuck on a black screen and need to hard boot / Power Off system and after Power of the login screen appeared immediately.
We have a domain-based environment having Windows Server 2012 R2 Single forest and multiple domain controllers on different sites. We have Windows 8.1 and Windows 10
Also analyzed events and nothing specious found in system login however on every system we have found some DCOM errors
Event Id 10036 - DistributedCOM
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 29/12/2021 9:51:09 am
Event ID: 10036
Task Category: None
Level: Error
Keywords: Classic
User: CSAPLHO\JRN-DC$
Computer: lap-4.csaplho.pk
Description:
The server-side authentication level policy does not allow the user CSAPLHO\JRN-DC$ SID (S-1-5-21-1782958495-2074117089-3830507010-11625) from address 10.3.0.25 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10036</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-29T04:51:09.9339177Z" />
<EventRecordID>69600</EventRecordID>
<Correlation />
<Execution ProcessID="1156" ThreadID="10392" />
<Channel>System</Channel>
<Computer>lap-4.csaplho.pk</Computer>
<Security UserID="S-1-5-21-1782958495-2074117089-3830507010-11625" />
</System>
<EventData>
<Data Name="Domain Name">CSAPLHO</Data>
<Data Name="User Name">JRN-DC$</Data>
<Data Name="SID">S-1-5-21-1782958495-2074117089-3830507010-11625</Data>
<Data Name="Client IP Address">10.3.0.25</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 29/12/2021 9:48:21 am
Event ID: 10036
Task Category: None
Level: Error
Keywords: Classic
User: CSAPLHO\NRA-DC$
Computer: lap-4.csaplho.pk
Description:
The server-side authentication level policy does not allow the user CSAPLHO\NRA-DC$ SID (S-1-5-21-1782958495-2074117089-3830507010-12621) from address 10.2.0.25 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10036</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-29T04:48:21.9074526Z" />
<EventRecordID>69599</EventRecordID>
<Correlation />
<Execution ProcessID="1156" ThreadID="17616" />
<Channel>System</Channel>
<Computer>lap-4.csaplho.pk</Computer>
<Security UserID="S-1-5-21-1782958495-2074117089-3830507010-12621" />
</System>
<EventData>
<Data Name="Domain Name">CSAPLHO</Data>
<Data Name="User Name">NRA-DC$</Data>
<Data Name="SID">S-1-5-21-1782958495-2074117089-3830507010-12621</Data>
<Data Name="Client IP Address">10.2.0.25</Data>
</EventData>
</Event>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 9%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOM%3C/text%3E%3C/svg%3E)
