Re: Domain Controller Stops Processing All Login Requests Randomly

Many thanks; Comments inserted below, also -
Microsoft thinks they have fixed it again. They created a global catalog on
the 2nd domain controller. They also changed the DNS dynamic update
settings on the DC from "secure" to "non secure and secure". I questioned
this but they said it was needed for both DCs to work as global catalogs.

Also, the 2nd domain controller's A record appeared to have been pointing to
the wrong location, it was replying to pings from the first DC as
halcyon.cudenver.edu instead of halcyon.coe.cudenver.edu.

The server stopped responding today. The forward lookup zone on waimea
wasn't present on in the DNS after the reboot. MS Support recreated it.
This was the first time I've seen this happen.

I ran the MPSRPT_DirSvc.EXE before rebooting the this time. If you want to
see anyout put from the myriad of tests performed let me know. I have
pasted the WAIMEA_DCDIAG.TXT at the end of this post. From google I found
http://support.microsoft.com/?kbid=839880. I'm not sure if this relevant.

Clients are running Windows XP Professional With SP2. Firewall is turned
on.

"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:u1L0RROUFHA.2444@xxxxxxxxxxxxxxxxxxxxxxx
> "Josh-UCDHSC" <noJCspam@xxxxxxxxxxxxx> wrote in message
> news:u89geVMUFHA.2304@xxxxxxxxxxxxxxxxxxxxxxx
>> One thing I am still baffled by is why the problem is exihibited on the
>> DC
>> when they are configured correctly.
>
> That implies the DC is itself misconfigured in its
> own client DNS settings.
>
> What DNS servers are configured on the DC NIC?

Full computer name: WAIMEA.coe.cudenver.edu
Domain: coe.cudenver.edu

DNS Server Addresses, in order of use:
132.194.21.250
132.194.21.96

"append primary and connection specific DNS suffixes" is selected

DNS suffix for this connection: cudenver.edu

"Register this connection's address in DNS" is checked
"Use this connection's DNS suffix in DNS registration" is checked

>
> Are they all holding the Domain zone, or able to fully
> resolve that zone?

Not sure what you mean by "holing the Domain zone" the DCs resolve nslookups
for computers in the domain as computername.coe.cudenver.edu for nslookups
outside the

>
>> The whole subnet can't login to the
>> domain and I can't login in to the DC (which is essentially logging into
> the
>> domain as a client too).
>
> Which is why it implies a client NIC->IP
> problem on the DC unless the DNS server itself
> is misconfigured.
>
>> Do the clients that are misconfigured somehow
>> communicate a DNS errror and cause the DNS server to hang on the DC?
>
> No.
>
>> If I
>> restart the DNS service without rebooting it doesn't help. Could this in
>> any way be Active Directory related?
>
> Well, yes, but in the sense that almost all AD replication
> OR authentiction (logon) problems are really DNS problems.
>
> Practically all of those DNS problems are due to
> misconfiguration. And a high percentage of those
> are casue by trying to configure "two sets" of DNS
> servers on the client NICs (DCs are DNS clients too.)

WAIMEA_DCDIAG.TXT Output below:


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine WAIMEA, is a DC.
* Connecting to directory service on server WAIMEA.
[WAIMEA] Directory Binding Error 1753:
There are no more endpoints available from the endpoint mapper.
This may limit some of the tests that can be performed.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\WAIMEA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
[WAIMEA] DsBindWithSpnEx() failed with error 1753,
There are no more endpoints available from the endpoint mapper..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 1908 (DcDiag)
System Time is: 5/4/2005 20:54:21:884
Generating component is 2 (RPC runtime)
Status is 1753: There are no more endpoints available from the
endpoint mapper.

Detection location is 500
NumberOfParameters is 4
Unicode string: ncacn_ip_tcp
Unicode string:
fb8e829f-b7de-4769-a6da-214e38a0bd8c._msdcs.coe.cudenver.edu
Long val: -481213899
Long val: 65537
Error Record 2, ProcessID is 1908 (DcDiag)
System Time is: 5/4/2005 20:54:21:884
Generating component is 2 (RPC runtime)
Status is 1722: The RPC server is unavailable.

Detection location is 761
NumberOfParameters is 1
Unicode string: 4020
Error Record 3, ProcessID is 1908 (DcDiag)
System Time is: 5/4/2005 20:54:21:884
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.

Detection location is 313
Error Record 4, ProcessID is 1908 (DcDiag)
System Time is: 5/4/2005 20:54:21:884
Generating component is 8 (winsock)
Status is 10048: Only one usage of each socket address
(protocol/network address/port) is normally permitted.

Detection location is 311
NumberOfParameters is 3
Long val: 4020
Pointer val: 0
Pointer val: 0
Error Record 5, ProcessID is 1908 (DcDiag)
System Time is: 5/4/2005 20:54:21:884
Generating component is 8 (winsock)
Status is 10048: Only one usage of each socket address
(protocol/network address/port) is normally permitted.

Detection location is 318
......................... WAIMEA failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\WAIMEA
Skipping all tests, because server WAIMEA is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : coe
Starting test: CrossRefValidation
......................... coe passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... coe passed test CheckSDRefDom

Running enterprise tests on : coe.cudenver.edu
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... coe.cudenver.edu passed test Intersite
Starting test: FsmoCheck
GC Name: \\WAIMEA.coe.cudenver.edu
Locator Flags: 0xe00001fd
Warning: Couldn't verify this server as a PDC using DsListRoles()
PDC Name: \\WAIMEA.coe.cudenver.edu
Locator Flags: 0xe00001fd
Time Server Name: \\WAIMEA.coe.cudenver.edu
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\WAIMEA.coe.cudenver.edu
Locator Flags: 0xe00001fd
KDC Name: \\WAIMEA.coe.cudenver.edu
Locator Flags: 0xe00001fd
......................... coe.cudenver.edu passed test FsmoCheck


.

Relevant Pages

  • Re: BDC DCDIAG Problem
    ... I just set up DNS as a backup DNS server according to the MS procedure I ... Running partition tests on: ForestDnsZones ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.sbs)
  • Re: BDC DCDIAG Problem
    ... the DNS was removed and reinstalled on the BDC, ... ensure that you can contact the server that authenticated you.. ... Running partition tests on: ForestDnsZones ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 NtFrs Event 13508 sysvoldomain
    ... Testing server: Flemington\domainDC1 ... Running partition tests on: ForestDnsZones ... Starting test: CrossRefValidation ... PASS - All the DNS entries for DC are registered on DNS server ...
    (microsoft.public.windows.server.active_directory)
  • Re: 2008 replication
    ... I was not aware of these server tools - so thanks ... AD running successfully before adding the DNS roles. ... Running partition tests on: ForestDnsZones ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.active_directory)
  • Re: BDC DCDIAG Problem
    ... You configured the DC as a DNS "Secondary"? ... Configure this server to use the other DC for DNS until ... Running partition tests on: ForestDnsZones ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.sbs)
Loading