Hall of Fame

1. oBdA1,422,703
2. Mestha692,297
3. dstewartjr620,493
4. mkline71612,292
5. demazter548,327
6. Chris-Dent497,343
7. ChiefIT494,506
8. henjoh09473,859
9. tigermatt417,746
10. leew403,306
11. bluntTony397,255
12. dariusg377,582
13. KCTS345,515
14. MightySW276,102
15. chuku266,747
16. Americom209,316
17. Paranorm...192,453
18. alanhardisty181,763
19. speshalyst171,245
20. zelron22165,033
21. xxdcmast148,779
22. ryansoto144,206
23. hypercat129,721
24. PeteJTho...127,562
25. RobWill121,515

1. oBdA4,678,837
2. Netman663,434,934
3. KCTS3,260,911
4. Jay_Jay702,681,410
5. leew2,185,620
6. Sembee1,825,283
7. TechSoEasy1,750,405
8. Chris-Dent1,580,495
9. ChiefIT1,505,860
10. RobWill1,322,353
11. tigermatt1,294,935
12. NJComput...1,222,396
13. LauraEHu...1,115,989
14. henjoh09922,973
15. TheCleaner864,300
16. ryansoto842,900
17. toniur842,230
18. sirbounty782,710
19. Pber776,859
20. mkline71769,209
21. dariusg717,863
22. Mestha692,297
23. dstewartjr658,071
24. hypercat558,745
25. mkbean558,617

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

3.8

Event ID 1030 1058 1059 on DC - Domain disappears until reboot

Asked by lmkandia in Windows 2003 Server, Active Directory

Tags: Microsoft, Server, 2003, Domain Controller

We have a Windows 2003 Server R2. About a month ago we experienced our first 1030 1058 batch of errors on the server and workstations. The domain literally disappeared. Symptoms:

On the DC server:
1. Typing \\domain.local in a RUN window, came back with an error or "domain not found" or something to that effect.
2. Typing \\name_of_server in a RUN window would normally show all shares. An error instead would come back with "computer not found" or something along those lines (sorry about that phase - working from memory).
3. Trying to bring up group policies would fail. No such domain found.
4. This one is interesting. Doing a NET VIEW from the afflicted domain controller's DOS prompt would show all the machines on the network. Doing a NET VIEW from a workstation on the same Lan would come back with "machine or computer not found". Browsing had essentially stopped outside the server's nic.

Tried the easy stuff. Or what I thought was easy:

" Netlogon and DFS services are started (easy enought - they were)
" Domain controllers have the read and apply rights to the Domain Controllers Policy (where do I confirm this?)
" NTFS file system permissions and share permissions are set correctly on the Sysvol share (what should they be?)
" DNS entries are correct for the domain controllers (what should they be)

http://support.microsoft.com/kb/842804

Then tried eventid.com. Quite a nifty site. Two key pages:

http://eventid.net/display.asp?eventid=1030&eventno=1542&source=Userenv&phase=1
http://eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

Lots to go thru on both pages. Lots of users down in the meantime. So first time thru, I simply rebooted the servers. Everyone back up and running. Chalked one up for the "great unknown".

4 days later - same thing. Lots of 1030 and 1058 at client and at server. Shares gone. Users locking up. Interesting part - you can ping the server. A database running on the server (using Interbase) continued to work at the client's desktop. Internet continued to function for the workstations even with the DC as their DNS server. But as soon as someone tried to browse the network, explorer would hang them looking for that now, "missing" network drive on the DC that didn't think it was a DC anymore.

Called MS on this issue. First tech suggested it was a Kerberos issue on the workstations causing this to happen. Same Kerberos solution offered up by eventid.net for eventid 1030 listed above. That bought us about 12 days of grace. Before the error came back again. This time MS suggested some registry changes. Rather weak. Gave us about 4 days of uptime before the next dreaded reboot. Each subsequent hang, btw, became a real chore. The last 3 reboots of the server have been manual power downs as the server would NOT restart even after an hour. Simply sit at a blue desktop with a mouse cursor in the middle.

During the next attempt, I asked the MS engineers if they wouldn't mind helping me thru a GPO rebuild back to default. They obliged. Good for another 6 days then the domain disappeared again. Reboot brought it back. But the exchange server was gone! Had to remotely access the eventviewer of the exchange server to spot event id 2114 - Topology Discovery Failed. This was turning into a bit of a nightmare. Ran that one thru the Google grinder to find that a group policy entry was missing. Hey! We just reset group policies! Why didn't MS tell me there were gotchas?

This from eventid.net:

David Page (Last update 8/29/2006):
This error, combined with other numerous MU, SA and IS errors may be due to incorrect permissions in the default domain controllers policy either by miss-configuration or use of the dcgpofix command. The Exchange Enterprise Servers group must be defined in the default domain controllers policy under Manage Auditing and Security Log. This can be found in the User Rights Assignment area of the GPO. Once rights are established, restart SA and IS.

Once I set that permission, Exchange fired right up. Thankfully.

The last time MS suggested (to be honest, they'd suggested it at the 3rd contact as well) that we shut down all 3rd party apps. We did. Backup exec, quickbooks database manager, folder size and logmein. Disabled them. Kept only a single 3rd party piece of software running - Interbase - as shutting that down would have entailed working on 25+ workstations to move their connections to some other spot on the network. This last change was good for 13 days. But alas, all good things must come to and end. And today the domain disappeard again. Reboot was a hard shutdown (ouch).

Okay so I'm down to two possibilities. Interbase - tho nothing except the size of the database (about 2gb) has changed there. Or a faulty TCP/IP stack or Network card issue.

I'm thinking its a TCP/IP stack rebuild issue, only because it happens when a ton of machines are on the network and pounding the server. It appears a difficult task. Wouldn't replacing the network card be an easier task?

I've worked most of the easy fixes, but perhaps someone else has some experience with this one?

Tia

View the Solution FREE for 30 Days

20091118-EE-VQP-93 / EE_QW_2_20070628

Event ID 1030 1058 1059 on DC - Domain disappears until reboot

Asked by lmkandia in Windows 2003 Server, Active Directory

Tags: Microsoft, Server, 2003, Domain Controller

About this solution