RE: DNS/AD/RPC issues (x posted to .dns)
- From: Ryan Hanisco <RyanHanisco@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 May 2007 15:31:01 -0700
Hi Amcdiarm,
You are right that an error like this is usually caused by a DNS problem.
The symptoms you are describing are indicative of users not able to find the
correct srv records in DNS, specifically the PDCe. I am also concerned by
the "not enough storage" errors that you are seeing.
1. Make sure that you are not running out of drive space or your sysvol
isn't bloating out of reason.
2. look for problems with the srv records in your dns -- I have seen these
kinds of errors when a "helpful" admin decided to delete the SRV records he
didn't understand.
3. stop and restart the netlogon service to reregister the SRV records.
4. Run reports with DCDIAG, NETDIAG, and REPLMON with verbose loggin on.
These might give you additional information.
5. I would probably rebuild the DNS on your PDCe to make sure it was right
and point the other DCs there. Then I would force replication to get
everything back in sync. Then once you are sure the DNS is back, point the
DCs back to themselves.
This should get you in the right direction... Be careful and post more info
when you have it. We'll make this right.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.
"amcdiarm@xxxxxxxxx" wrote:
This message also posted in Microsoft.public.windows.server.DNS as it.
seems to concern DNS issues as well.
Starting last Sunday (day before memorial day), we started getting a
slew of critical errors in our logs, as well as lost functionality on
our domain:
We have three Domain Controllers at AD 2003 level. We also have two
Exchange 2003 boxes (front/back configuration), and a few other boxes.
All servers are Win2K3 SP2.
Two of our three Domain Controllers (DC1 & DC2) are essentially
running crippled: the shares work, but nothing else does. The Third
DC (DC3) is functioning properly, possibly because it's on a separate
subnet - although replication is not functioning.
When We look in the event log, there are similar errors on both DC1 &
DC2.
In the Application Event log, there is:
Event ID 1030 (Windows cannot query for the list of Group Policy
objects. Check the event log for possible messages previously logged
by the policy engine that describes the reason for this.) three times
at five minute intervals.
Event ID 1053 (Windows cannot determine the user or computer name.
(Not enough storage is available to complete this operation. ). Group
Policy processing aborted. ) every five minutes to reboot: This server
also have more then 30GB of space on each partition.
The directory service Event log has a few
Event ID 1308 warnings (The Knowledge Consistency Checker (KCC) has
detected that successive attempts to replicate with the following
domain controller has consistently failed.
Attempts:
2
Domain controller:
CN=NTDS Settings,CN=***SRVR,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=***,DC=org
Period of time (minutes):
124
The Connection object for this domain controller will be ignored, and
a new temporary connection will be established to ensure that
replication continues. Once replication with this domain controller
resumes, the temporary connection will be removed.
Additional Data
Error value:
14 Not enough storage is available to complete this operation.)
The FRS Event log has a few 13508 and 13509 errors.
The DNS log is where the real action is:
Event ID 404: (The DNS server could not bind a Transmission Control
Protocol (TCP) socket to address 0.0.0.0. The event data is the error
code. An IP address of 0.0.0.0 can indicate a valid "any address"
configuration in which all configured IP addresses on the computer are
available for use.
Restart the DNS server or reboot the computer.)
Event ID 408 (The DNS server could not open socket for address
0.0.0.0.
Verify that this is a valid IP address for the server computer. If it
is NOT valid use the Interfaces dialog under Server Properties in the
DNS Manager to remove it from the list of IP interfaces. Then stop
and restart the DNS server. (If this was the only IP interface on this
machine and the DNS server may not have started as a result of this
error. In that case remove the DNS\Parmeters\ ListenAddress value in
the services section of the registry and restart.)
If this is a valid IP address for this machine, make sure that no
other application (e.g. another DNS server) is running that would
attempt to use the DNS port.)
Event ID 4015 (The DNS server has encountered a critical error from
the Active Directory. Check that the Active Directory is functioning
properly. The extended error debug information (which may be empty) is
"". The event data contains the error.)
Event ID 4004 (The DNS server was unable to complete directory service
enumeration of zone .. This DNS server is configured to use
information obtained from Active Directory for this zone and is unable
to load the zone without it. Check that the Active Directory is
functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data
contains the error.)
Event ID 140 (The DNS server could not initialize the remote procedure
call (RPC) service. If it is not running, start the RPC service or
reboot the computer. The event data is the error code.) - This one
after attempting to restart the DNS server service a few times
Our server has been running without modification for a few months,
with the exception of the 2nd Tuesday of the month patches. To
resolve this, we have removed the second IP address for the server,
and changed the binding order of the network cards to put the active
one at the top of the list. (Although, all of the cards are disabled
but one.)
DC1 has a DNS server, and it's ip configuration points at itself, then
at DC3. No DNS forwarding is configured.
DC2 points at DC1; DC3 for DNS
We first noticed the issue, because some of our users with server
based (AD Published) printers lost functionality. Other Symptoms we
have noticed are: The Backup Exec Server cannot reach the remote agent
on the domain controllers; from the impared machines: We can resolve
FQDN's and computer names to IP addresses (e.g. we can ping). (May be
through DC3, even though we put NSlookup to DC1??) but we cannot
browse the network, nor get any web page loaded on IE, nor print, use
live update (symantec AV)
Updated Part:
Also, we are unable to connect to active directory properly. From the
mail servers we can create users - but they do not get email addresses
according to the default recipient policy. If we attempt to connect
from the AD Users & Computers tool, we get an error - although we have
been able to get there by using a mmc.
DCDiag.exe reports about the same for DC1; DC2. (DC@ does not give the
errors about missing printer drivers) here is a report from DC1:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1SRVR
Starting test: Connectivity
......................... DC1SRVR passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1SRVR
Starting test: Replications
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC2SVR to DC1SRVR
Naming Context: CN=Schema,CN=Configuration,DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:48:53.
The last success occurred at 2007-05-30 17:48:53.
21 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC3SRVR to DC1SRVR
Naming Context: CN=Schema,CN=Configuration,DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:48:53.
The last success occurred at 2007-05-30 17:48:53.
21 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC2SVR to DC1SRVR
Naming Context: CN=Configuration,DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:48:53.
The last success occurred at 2007-05-30 17:48:53.
24 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC3SRVR to DC1SRVR
Naming Context: CN=Configuration,DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:57:01.
The last success occurred at 2007-05-30 17:48:53.
50 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC2SRVR to DC1SRVR
Naming Context: DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:48:53.
The last success occurred at 2007-05-30 17:56:43.
480 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC3SRVR to DC1SRVR
Naming Context: DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 15:31:09.
The last success occurred at 2007-05-30 17:56:37.
2642 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC3SRVR to DC1SRVR
Naming Context: DC=ForestDnsZones,DC=xyz,DC=org
The replication generated an error (1256):
The remote system is not available. For information about
network
oubleshooting, see Windows Help.
The failure occurred at 2007-05-31 14:48:53.
The last success occurred at 2007-05-30 17:48:53.
21 failures have occurred since the last success.
[Replications Check,DC1SRVR] A recent replication attempt
failed:
From DC3SRVR to DC1SRVR
Naming Context: DC=DomainDnsZones,DC=xyz,DC=org
The replication generated an error (14):
Not enough storage is available to complete this
operation.
The failure occurred at 2007-05-31 14:57:07.
The last success occurred at 2007-05-30 17:48:53.
36 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
DC1SRVR: Current time is 2007-05-31 15:31:21.
CN=Schema,CN=Configuration,DC=xyz,DC=org
Last replication recieved from DC2SRVR at 2007-05-30
17:48:53
Last replication recieved from DC3SRVR at 2007-05-30
17:48:53.
CN=Configuration,DC=xyz,DC=org
Last replication recieved from DC2SRVR at 2007-05-30
17:48:52
Last replication recieved from DC3SRVR at 2007-05-30
17:48:53.
DC=xyz,DC=org
Last replication recieved from DC2SRVR at 2007-05-30
17:56:43
Last replication recieved from DC3SRVR at 2007-05-30
17:56:37.
DC=ForestDnsZones,DC=xyz,DC=org
Last replication recieved from DC3SRVR at 2007-05-30
17:48:53.
DC=DomainDnsZones,DC=xyz,DC=org
Last replication recieved from DC3SRVR at 2007-05-30
17:48:53.
......................... DC1SRVR passed test Replications
Starting test: NCSecDesc
......................... DC1SRVR passed test NCSecDesc
Starting test: NetLogons
......................... DC1SRVR passed test NetLogons
Starting test: Advertising
......................... DC1SRVR passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1SRVR passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... DC1SRVR passed test RidManager
Starting test: MachineAccount
......................... DC1SRVR passed test MachineAccount
Starting test: Services
......................... DC1SRVR passed test Services
Starting test: ObjectsReplicated
......................... DC1SRVR passed test
ObjectsReplicated
Starting test: frssysvol
......................... DC1SRVR passed test frssysvol
Starting test: frsevent
......................... DC1SRVR passed test frsevent
Starting test: kccevent
......................... DC1SRVR passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 05/31/2007 14:37:40
Event String: Driver BB PostScript Creator required for
printer
An Error Event occured. EventID: 0x00000457
Time Generated: 05/31/2007 14:37:40
Event String: Driver Microsoft XPS Document Writer
required for
An Error Event occured. EventID: 0x00000457
Time Generated: 05/31/2007 14:37:42
Event String: Driver
An Error Event occured. EventID: 0x00000457
Time Generated: 05/31/2007 14:37:42
Event String: Driver FinePrint pdfFactory required for
printer
An Error Event occured. EventID: 0x00000457
Time Generated: 05/31/2007 14:37:42
- References:
- DNS/AD/RPC issues (x posted to .dns)
- From: amcdiarm@xxxxxxxxx
- DNS/AD/RPC issues (x posted to .dns)
- Prev by Date: RE: I don't know where else to post...
- Next by Date: Re: How to add additional domain controller to work alone
- Previous by thread: DNS/AD/RPC issues (x posted to .dns)
- Next by thread: Re: DNS/AD/RPC issues (x posted to .dns)
- Index(es):
Relevant Pages
|
Loading
