WMI Access Denied when incorrect DNS search order

Hi,

I was wondering if anyone could help me with the following problem I
came across.

One of our clients uses our software (A .NET windows service) to
perform remote WMI enquiries on 2 machines on the W2K3 domain and 1
machine that is a standalone server. The calls use the IP Address, not
the remote host name. The application would run more-or-less fine for
about 1-2 hours. There would be occasional "Call was canceled by the
message filter" messages, but would then recover.

After the 1-2 hours, all calls would return access denied and not
recover. If the service running the calls was restarted, all is fine
for another few hours, then same issues again. Usually, there were some
event log entries with the following info:

Source: LSASRV
Category: SPNEGO (Negotiator)
Event ID: 40960
Desc: The security system detected an authentication error for the
server RPCSS/xxx.xxx.xxx.xxx. "There are currently no logon servers
available to service the logon request (0x000005e).

xxx = the IP Adress of any of the machines being queried

All DCOM settings are fine. The user account for the service is a
domain admin and also admin on the non-domain machine. All machines are
either W2K3 or W2K with latest service packs.

I noticed however that the DNS search order was going to the gateway
1st and then the Domain Controller 2nd. When I switched these round,
the whole thing works fine. I'm assuming that because our application
is making multiple repetative calls, sometimes the domain controller
responds with Access Denied due to the route the DNS resolution is
going for authenticating the user account of the service.

The problem is now solved, but I want to understand the underlying
reason for the eventual failure of the calls. Has anyone got any
information that could be helpful?

.

Relevant Pages

  • clustering info?
    ... Right now I'm using an NT4.0 domain controller, ... Gateway Pentium266), as well as Exchange Server, and SQL Server. ... tried getting the websites to run on other machines on my internal network, ... second network card goes to the uplink. ...
    (microsoft.public.windows.server.clustering)
  • Re: domain controller?
    ... > We run a small network, about 14 machines. ... > look into setting up a domain controller. ... Any PC that meets the specs can be a Windows Server DC. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Joining Domain Across Subnets
    ... concerning the joining of the machines see: ... The new server isn't going to be a DNS server so do I need zone transfers ... Host records that map the name of the domain controller to its IP ...
    (microsoft.public.windows.server.active_directory)
  • Re: Joining Domain Across Subnets
    ... concerning the joining of the machines see: ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... The new server isn't going to be a DNS server so do I need zone transfers ... Host records that map the name of the domain controller to its IP ...
    (microsoft.public.windows.server.active_directory)
  • Re: Users unable to click on links in email....Access Denied
    ... > internet sites? ... > I don't know why a domain controller was recommended to you. ... >>> that brought up a new window. ... Not sure exactly what this problem was, but reinstalling the machines has ...
    (microsoft.public.win2000.security)
Loading