Question

DCDIAG returns Directory Binding Error 1726 - DNS Issue?

Asked by: Martinator2000

Hi everyone, I am running Win2K3 SP2 with 2 DC's on one subnet and the PDC running Exchange 2003, ISA 2004 and IIS 6 and am getting persistent errors on the PDC that seem to be DNS related. Black box to me.

DCDIAG returns the following issues:

Connecting to AD - Directory Binding Error 1726:  The remote procedure call failed.

RPC Services Check - DsBindWithSpnEx() failed with error 1726, The remote procedure call failed.. also error -1073606647.

FsmoCheck - Warning: Couldn't verify this server as a PDC using DsListRoles()

Here is the ipconfig/all config:
Windows IP Configuration
   Host Name . . . . . . . . . . . . : aguirre
   Primary Dns Suffix  . . . . . . . : amazonia.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : amazonia.com

Ethernet adapter External NIC:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 70.91.104.193
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : 70.91.104.194
   DNS Servers . . . . . . . . . . . : 68.87.68.162
                                       68.87.74.162
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Internal NIC:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client) #2
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.254.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.254.11
   Primary WINS Server . . . . . . . : 192.168.254.11

Any pointers would ge greatly appreciated. TIA

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-04-15 at 10:23:50ID24325121
Tags

1726 RPC DCDIAG DNS

Topics

Windows Networking

,

Networking Protocols

,

Domain Name Service (DNS)

Participating Experts
1
Points
500
Comments
22

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. NETBIOS over TCPIP
    I have a number of Win 2003 domain controllers and am confused which Netbios setting to apply to these servers. From what I understand if I use a dchp server to send the 'enable netbios over tcpip' setting to dhcp clients then I should select the default setting. As these se...
  2. PPP Adapter RAS Server (Dial In) missing the Line NetBIO…
    I have setup a Server with RRAS and when I do IPCONFIG/ALL I get the Following for the PPP Adapter: PPP adapter RAS Server (Dial In) Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . ...
  3. DCDIAG errors
    Hi, Per a requirment from a client, I re-registered Domain controller SRV records from the AD integrated zone, DomainA.org, to a Novell DNS zone with the same name which will serve as the primary dns server. I've also pointed the Preferred DNS of the DC to the Novell DNS se...
  4. rpc unavailable
    When I try to add a computer to the SBS 2003 domain I receive a rpc unavailable error. When I remove ISA 2004 everything works fine. I re-installed everything last night but server is still doing the same. When ISA 2004 is running I noticed the following error in DNS log. &qu...
  5. WINS and NETBIOS resolution issues
    Hello, I am having some strange issues on my network, with drive mappings and slow logins, and I've had a hard time pinning down the issue. I have come to a couple of conclusions - clearing the DNS cache on workstations helps (ipconfig /flushdns) but doesn't fix it. Now, wh...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: dfxdeimosPosted on 2009-04-15 at 11:01:17ID: 24150806

1) There is no such thing as a PDC in Active Directory. All DCs exist in a multi-master state. There is something called the "PDC Emulator" role that functions as the central time source and allows for backwards compatibility with really old desktop OSes.

2) It is not recommended that your domain controllers be "multihoned" or have NICs in different subnets. A dedicated ISA server would be the best idea.

3) Post the output of a "NETDOM /QUERY FSMO" from the command line.

4) Open the DNS management console on the DC that is also the ISA server, right click on the server name, choose "Properties", click on the "Interfaces" tab, uncheck the box next to the address that is on the internet facing NIC (the "External" network in ISA), click OK.

5) Open a command prompt and type "IPCONFIG /REGISTERDNS". Then wait 10 minutes and re-run the DCDIAG and post the results here.

 

by: Martinator2000Posted on 2009-04-15 at 11:38:38ID: 24151179

Thank you for you reply.
NETDOM failed with "the remote procedure call failed".
DNS Admin shows that I only have the Internal NIC under interfaces and there are no checkboxes on that tab.
I ran IPCONFIG /REGISTERDNS and after 10 minutes, I still get the exact same errors in DCDIAG.

 

by: dfxdeimosPosted on 2009-04-15 at 12:25:55ID: 24151665

Can you post the output of an "IPCONFIG /ALL" command from ALL of your Domain Controllers?

 

by: Martinator2000Posted on 2009-04-15 at 12:58:51ID: 24151961

The ipconfig for the problem server is the same as listed above.
Here is the other one:

Windows IP Configuration
   Host Name . . . . . . . . . . . . : artemis
   Primary Dns Suffix  . . . . . . . : amazonia.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : amazonia.com

Ethernet adapter Broadcom NetXtreme Dual Port Gigabit Ethernet Adapter - Onboard
 - Link A:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.254.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.254.11
   DNS Servers . . . . . . . . . . . : 192.168.254.11
   Primary WINS Server . . . . . . . : 192.168.254.11

C:\Documents and Settings\administrator.AMAZONIA>

 

by: dfxdeimosPosted on 2009-04-15 at 13:13:41ID: 24152066

(1) On the first server, "External NIC":

    (A) Remove the DNS information

(2) On the first server, "Internal NIC":

    (A) Set the Primary DNS & WINS server to "127.0.0.1"
    (C) Make sure the forwarders in the DNS console are set to forward unservicable request to "68.87.68.162"
          & "68.87.74.162" in that order

(3) On the second server's NIC:

    (A) Set the Primary DNS & WINS server to "127.0.0.1"
    (B) Set the Secondary DNS server to "192.168.254.11"
    (C) Make sure the forwarders in the DNS console are set to forward unservicable request to "192.168.254.11"

(4) On the second server run an "IPCONFIG /REGISTERDNS"

(5) On the first server run an "IPCONFIG /REGISTERDNS"

(6) After 10 minutes post the output of both a DCDIAG and NETDIAG here.

 

by: dfxdeimosPosted on 2009-04-15 at 13:14:13ID: 24152067

Also, please post the output of a "NETDOM /QUERY FSMO" from the command line.

 

by: Martinator2000Posted on 2009-04-15 at 15:17:22ID: 24153139

Thanks for your reply. I made all of the suggested changes, registered dns and waited a while. I am still getting the binding error 1726 in dcdiag and a few others.

Here are the results for the Main Domain Controller: AGUIRRE:
-------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : aguirre
   Primary Dns Suffix  . . . . . . . : amazonia.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : amazonia.com

Ethernet adapter External NIC:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 70.91.104.193
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : 70.91.104.194
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Internal NIC:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client) #2
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.254.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 127.0.0.1
                                       68.87.68.168
                                       68.87.74.168
   Primary WINS Server . . . . . . . : 127.0.0.1
-------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator>dcdiag
Domain Controller Diagnosis

Performing initial setup:
   [aguirre] Directory Binding Error 1726:
   The remote procedure call failed.
   This may limit some of the tests that can be performed.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\AGUIRRE
      Starting test: Connectivity
         [AGUIRRE] DsBindWithSpnEx() failed with error 1726,
         The remote procedure call failed..
         ......................... AGUIRRE failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AGUIRRE
      Skipping all tests, because server AGUIRRE is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : amazonia
      Starting test: CrossRefValidation
         ......................... amazonia passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... amazonia passed test CheckSDRefDom

   Running enterprise tests on : amazonia.com
      Starting test: Intersite
         ......................... amazonia.com passed test Intersite
      Starting test: FsmoCheck
         ......................... amazonia.com passed test FsmoCheck
-------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator>netdiag
........................................
    Computer Name: AGUIRRE
    DNS Host Name: aguirre.amazonia.com
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    List of installed hotfixes :
        KB915800-v9
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB942830
        KB942831
        KB943055
        KB943460
        KB943484
        KB943485
        KB943729
        KB944338
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864
        KB947864-IE7
        KB948496
        KB948590
        KB948745
        KB948881
        KB949014
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951698
        KB951746
        KB951748
        KB952069
        KB952954
        KB954211
        KB954550-v5
        KB954600
        KB955069
        KB955839
        KB956391
        KB956802
        KB956803
        KB956841
        KB957097
        KB958215-IE7
        KB958644
        KB958687
        KB958690
        KB960225
        KB960714-IE7
        KB960715
        KB961063
        KB961064
        KB961118
        KB961260-IE7
        KB967715
        Q147222
Netcard queries test . . . . . . . : Passed

Per interface results:
    Adapter : Internal NIC
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : aguirre
        IP Address . . . . . . . . : 192.168.254.11
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Primary WINS Server. . . . : 127.0.0.1
        Dns Servers. . . . . . . . : 127.0.0.1
                                     68.87.68.168
                                     68.87.74.168


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Failed
            The test failed.  We were unable to query the WINS servers.

    Adapter : External NIC
        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : aguirre
        IP Address . . . . . . . . : 70.91.104.193
        Subnet Mask. . . . . . . . : 255.255.255.252
        Default Gateway. . . . . . : 70.91.104.194
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{49707130-26C5-4454-99F0-852625B88F21}
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 68.87.68.168, ERROR_TIMEOUT.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 68.87.74.168, ERROR_TIMEOUT.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{49707130-26C5-4454-99F0-852625B88F21}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{49707130-26C5-4454-99F0-852625B88F21}
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to aguirre.amazonia.com (192.168.254.11). [RPC_
S_CALL_FAILED]

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'aguirre.amazonia.com'.

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully
-------------------------------------------------------------------------------------------
C:\Documents and Settings\Administrator>netdom /query fsmo
The remote procedure call failed.

The command failed to complete successfully.


C:\Documents and Settings\Administrator>

 

by: dfxdeimosPosted on 2009-04-15 at 15:23:17ID: 24153188

Can you check the RPC Service and confirm that it is in the "running" state?

Are you running any sort of firewall on either of these machines?

 

by: Martinator2000Posted on 2009-04-15 at 15:45:34ID: 24153301

Yes, the RPC service is running and on right click none of the start/stop/restart options are enabled. Not sure if that means anything.

We are running ISA 2004 and MS FIrewall. I did stop ISA to fix another issue in Exchange earlier and tested dcdiag when ISA was down and still got the same erorr.

I will try that again and if I get a different result will post it in a minute.

 

by: dfxdeimosPosted on 2009-04-15 at 15:47:40ID: 24153315

Take a look in the System Event logs of both domain controllers and post any Error or Warning entires that you find that seem to be related to the issue you are seeing.

 

by: Martinator2000Posted on 2009-04-15 at 16:18:54ID: 24153455

Ooops I take it back.

The dcdiag runs cleanly when I shut down ISA 2004 and MS FIrewall. Same for the Exchange System Attendant which was also failing to start.

Then I restarted ISA 2004 and everything was still good but I lost my internet access, so I restarted the firewall service to be able to post this.

Somehow MS Firewall is blocking things on the server.

Do I really need that when I am running ISA 2004?
Why did internet access fail after disabling the firewall?

 

by: dfxdeimosPosted on 2009-04-15 at 16:24:37ID: 24153487

The ISA server should automatically disable the Windows Firewall when it is installed.

I am not sure why you are losing connectivity when you disable the Windows Firewall...

 

by: Martinator2000Posted on 2009-04-15 at 17:41:40ID: 24153756

This is totally bizarre. All of my previous problems go away when I shut down the MS Firewall Service.

But now I get a whole new set of problems.

1. No internet access from the server or anywhere else in the network.
2. I can't ping the server from anywhere in the network, other servers are still there
3. I can't run an ISA monitoring query on that server, it says the server is not responding when I hit Start Query.

There are problably more issues.

Any ideas???

 

by: dfxdeimosPosted on 2009-04-15 at 17:48:15ID: 24153771

Can you do a configuration dump of your firewall rules so I can take a look?

 

by: Martinator2000Posted on 2009-04-15 at 18:40:49ID: 24153947

Here are the system and firewall policies.

 

by: dfxdeimosPosted on 2009-04-15 at 18:59:55ID: 24154007

Is this ISA 2004 or 2006? I don't have an instance here (at home) to import those rules into, can you send me a screen shot of the firewall rules?

 

by: Martinator2000Posted on 2009-04-15 at 20:35:10ID: 24154327

It's ISA 2004. See attached

 

by: dfxdeimosPosted on 2009-04-15 at 21:09:28ID: 24154469

Hmm...

Your internet access rule should be the second to the last rule in your firewall policy.

Can you RDP from an internal computer to the ISA server when you have the Windows Firewall disabled?

Can your run the ISA Server Best Practices Analyzer?

Can you post any relevant event log entries?

 

by: Martinator2000Posted on 2009-04-16 at 10:40:34ID: 24160277

I have moved the rule down.

We don't use Terminal Server but since I can't evern ping the server when the firewall is disabled, I would think not.

I ran the ISA BPA and it reported that the Exchange RPC rule was blocking all other RPC request. So I reconfigured that and now I get the following ISA BPA issues

All Issues  
  The /3GB startup switch is set on the local computer :  
  The server specified in a Web publishing rule cannot find the certificate or the private key for the certificate :  
  The server specified in a Web publishing rule cannot find the certificate or the private key for the certificate :  
  One or more certificates in the local computer store do not have a private key :  
  The HTTP redirection port specified in a Web publishing rule is not port 80. :  
  The HTTP redirection port specified in a Web publishing rule is not port 80. :  
  The HTTP redirection port specified in an Outlook Web Access publishing rule is not port 80 :  
  The SSL redirection port specified in a Web publishing rule is not port 443 :  
  The SSL redirection port specified in a Web publishing rule is not port 443 :  
  DNS search order is blank :  
  This computer has more than 4 GB of memory :  
  An Outlook Web Access publishing rule listens on an HTTP port. :  
  Path maximum transmission unit (MTU) discovery is disabled :  

Also the DCDIAG errors have now changed to

Performing initial setup:
   [aguirre] Directory Binding Error 1727:
   The remote procedure call failed and did not execute.

      Starting test: Connectivity
         [AGUIRRE] DsBindWithSpnEx() failed with error 1727,
         The remote procedure call failed and did not execute..

 

by: dfxdeimosPosted on 2009-04-16 at 11:10:13ID: 24160554

Just to be honest, idealy you would not have the DC and Exchange server running on the ISA server. If it were me I would have a seperate ISA server, a DC running DNS and DHCP, and then a seperate Exchange server. I know that you probably won't be able to reconfigure it in this way as it is a production network, but in the future it may be something for you to think about... just my $.02.

Just to confirm though...

(1) All IP addresses are assigned statically.
(2) The external NIC of the ISA server has no DNS information
(3) The internal NIC of the ISA server points towards itself for DNS (127.0.0.1), clear other DNS entries.
(4) The NIC in the second DC points towards itself for DNS (127.0.0.1), clear other DNS entries.
(5) In the DNS properties on the second DC, forwarders are set to first forward to DC #1, then to the IPs of your ISP's DNS servers.
(6) In the DNS properties on the first DC, forwarders are set to forward the to IPs of your ISP's DNS servers.

I know we have gone through this, but I would like you to do the following again:

(1) On the first DC, run an IPCONFIG /REGISTERDNS. After 5 minutes, restart the DC. Wait for it to come back up.
(2) On the second DC, run an IPCONFIG /REGISTERDNS. After 5 minutes, restart the DC. Wait for it to come back up.
(3) Run a NETDIAG /FIX on the first DC. Post the results.
(4) Run a DCDIAG on the first DC. Post the results.

Sorry we haven't come to a resolution yet, but I will continue to work with you.

 

by: Martinator2000Posted on 2009-04-16 at 12:32:32ID: 31570590

Thank you Richard, I really appreciate your help.

After your procedure, both netdiag and dcdiag ran cleanly and there were only a couple of errors in the event log unlike the dozens I used to get.

Cheers!!!!

 

by: dfxdeimosPosted on 2009-04-16 at 12:33:19ID: 24161611

Awesome, glad you got that resolved!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...