JamesDS
asked on
No more endpoints available from the endpoint mapper
Hi all
I am getting this error from a Windows 2003 Enterprise server application event log:
14/04/2004 19:26:26
Userenv
Error None 1053
NT AUTHORITY\SYSTEM GATEWAY Windows cannot determine the user or computer name. (There are no more endpoints available from the endpoint mapper. ). Group Policy processing aborted.
The error occurs during boot and after running GPUPDATE.EXE
Fully patched box where nothing has changed for weeks. I have tried the usual AV checks and windows update with no end in sight.
Lots of points as I have already spent ages and I can't even figure out what is eating all the endpoints.
Cheers
JamesDS
I am getting this error from a Windows 2003 Enterprise server application event log:
14/04/2004 19:26:26
Userenv
Error None 1053
NT AUTHORITY\SYSTEM GATEWAY Windows cannot determine the user or computer name. (There are no more endpoints available from the endpoint mapper. ). Group Policy processing aborted.
The error occurs during boot and after running GPUPDATE.EXE
Fully patched box where nothing has changed for weeks. I have tried the usual AV checks and windows update with no end in sight.
Lots of points as I have already spent ages and I can't even figure out what is eating all the endpoints.
Cheers
JamesDS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What90
The plot thickens...
The server came off the domain fine and rebooted with impressive speed (no timing out for GPOs to run)
BUT it won't now rejoin the domain!
Instead of the usual "welcome to the xxx domain" I get the scary looking "There are no more endpoints available from the endpoint mapper"
Now, there are no errors like this in the local logs anymore, so the error looks like it's generated by the DC. The DC is a single windows 2003 AD domain full native, fully patched, 1 server only - my home installation!
I have run the usual tools and even looked at NTDSUTIL metadata cleanup to see if some old testing has come back and bit me on the ass - nothing anywhere.
I design this stuff for a living and I have never seen this before. how embarassing!
Any thoughts?
Cheers
JamesDS
The plot thickens...
The server came off the domain fine and rebooted with impressive speed (no timing out for GPOs to run)
BUT it won't now rejoin the domain!
Instead of the usual "welcome to the xxx domain" I get the scary looking "There are no more endpoints available from the endpoint mapper"
Now, there are no errors like this in the local logs anymore, so the error looks like it's generated by the DC. The DC is a single windows 2003 AD domain full native, fully patched, 1 server only - my home installation!
I have run the usual tools and even looked at NTDSUTIL metadata cleanup to see if some old testing has come back and bit me on the ass - nothing anywhere.
I design this stuff for a living and I have never seen this before. how embarassing!
Any thoughts?
Cheers
JamesDS
Buggered servers happen to use all. Sadly I get too many of them after user "repairs"
My thoughts would be back to basics:
First - have you run a fully Av scan on the server as this sugest it may be a DOS problem:
http://www.microsoft.com/technet/security/bulletin/MS01-048.mspx
Then check this link:
http://www.jsiinc.com/SUBD/tip1500/rh1597.htm
Finally give these ago:
1) Have you tried both netbios name and FQDN to re-join the domain
2) Re-apply patches
3) Possible damaged TCP/IP stack - repair it
4) Rename the Server then try to rejoin it
Let me know!
My thoughts would be back to basics:
First - have you run a fully Av scan on the server as this sugest it may be a DOS problem:
http://www.microsoft.com/technet/security/bulletin/MS01-048.mspx
Then check this link:
http://www.jsiinc.com/SUBD/tip1500/rh1597.htm
Finally give these ago:
1) Have you tried both netbios name and FQDN to re-join the domain
2) Re-apply patches
3) Possible damaged TCP/IP stack - repair it
4) Rename the Server then try to rejoin it
Let me know!
ASKER
What90
We will never see this one again in a million years...
The machine in question is a Windows 2003 firewalling router box with 3 interfaces and about 3 dozen rules.
One of the rules had been setup to include port 1025TCP in its deny list, but the rule should have been acting only the external interface and was actually acting on all interfaces.
The eventual giveaway for me was when it refused to re-join the domain - yet the DC said everything was hunk-dory and I found another machine and joined it successfully.
I asked this question at the MS public newsgroups and got a load of rubbish about DNS and generic errors.
You're welcome to the points because without taking it off the domain I might never have found the duff block rule.
Cheers
JamesDS
We will never see this one again in a million years...
The machine in question is a Windows 2003 firewalling router box with 3 interfaces and about 3 dozen rules.
One of the rules had been setup to include port 1025TCP in its deny list, but the rule should have been acting only the external interface and was actually acting on all interfaces.
The eventual giveaway for me was when it refused to re-join the domain - yet the DC said everything was hunk-dory and I found another machine and joined it successfully.
I asked this question at the MS public newsgroups and got a load of rubbish about DNS and generic errors.
You're welcome to the points because without taking it off the domain I might never have found the duff block rule.
Cheers
JamesDS
So you block yourself off! That'll teach you to have these fancy server configs ;-)
Ta for the points, but I'm much more interested in your setup and the why problem suddenly arose.
I take it you've got RRAS and the protocol filter rules in place rather than something like ISA?
Did you make any recent changes to to the rules or interfaces?
ASKER
Yup, my own fault
I use the machine to build a gateway between 3 networks, one of which is a honeynet. The rule base is complex and is added to as I see threats hitting the honeynet. One of the recent additions was a trojan running on 1025TCP which should be blocking access to and from the honeynet but was actually blocking all interfaces. In order to keep the logs clear to show up new nasties hitting the honeynet I routinely don't log the threats I know about and actively kill off (not any more!), so I wasn't logging the blocked port.
The only time the error ever appeared was in the application logs during GPO refresh on the firewalling server - so I started looking at patch levels and corrupt GPOs.
I only use RRAS to provide an L2TP VPN from one network to another, all the rest of the firewalling is done with Kerio Winroute Firewall - in my opinoin the best SME firewall on the market.
The overall setup is pretty complex but I baseline all the configuration changes with virtual machines so once I had an idea it was the rulebase it only took about 10 minutes to find the culprit and nail it
The sad thing is, all this is in my house! I use it to help me design secure AD and DNS systems for my clients and consequently have no life ;)
Cheers
James
I use the machine to build a gateway between 3 networks, one of which is a honeynet. The rule base is complex and is added to as I see threats hitting the honeynet. One of the recent additions was a trojan running on 1025TCP which should be blocking access to and from the honeynet but was actually blocking all interfaces. In order to keep the logs clear to show up new nasties hitting the honeynet I routinely don't log the threats I know about and actively kill off (not any more!), so I wasn't logging the blocked port.
The only time the error ever appeared was in the application logs during GPO refresh on the firewalling server - so I started looking at patch levels and corrupt GPOs.
I only use RRAS to provide an L2TP VPN from one network to another, all the rest of the firewalling is done with Kerio Winroute Firewall - in my opinoin the best SME firewall on the market.
The overall setup is pretty complex but I baseline all the configuration changes with virtual machines so once I had an idea it was the rulebase it only took about 10 minutes to find the culprit and nail it
The sad thing is, all this is in my house! I use it to help me design secure AD and DNS systems for my clients and consequently have no life ;)
Cheers
James
ASKER
Not yet, I was hoping for something non-invasive. In the absence of any other comments, i'll try it when I get home tonight and post the results then.
Cheers
JamesDS