p_tippett
asked on
Event ID 1000 errors on DFS enabled servers
We run a Windows 2000 Active Directory domain which has a number of servers. Two are domain controllers and the remainder member servers. All these servers run service pack 4 and most are patched up.
We have installed and configured DFS and everything has been running fine until recently. On all servers configured as Root replicas or replicas we get the following event messages in the application log:
Windows cannot determine the user or computer name. Return value (1359).
Windows cannot determine the user or computer name. Return value (1722).
Windows cannot determine the user or computer name. Return value (1326).
These messages appear normally from around 18:00 through the night until 08:00.
I have checked MS knowledgebase for fixes to no avail. DNS is configured and working fine. AD replication is fine and I have run DCDIAG and NETDIAG with no problems except the following:
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
No other servers experience this error except the DFS servers.
Can anyone shed any light please?
We have installed and configured DFS and everything has been running fine until recently. On all servers configured as Root replicas or replicas we get the following event messages in the application log:
Windows cannot determine the user or computer name. Return value (1359).
Windows cannot determine the user or computer name. Return value (1722).
Windows cannot determine the user or computer name. Return value (1326).
These messages appear normally from around 18:00 through the night until 08:00.
I have checked MS knowledgebase for fixes to no avail. DNS is configured and working fine. AD replication is fine and I have run DCDIAG and NETDIAG with no problems except the following:
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
No other servers experience this error except the DFS servers.
Can anyone shed any light please?
ASKER
I've seen two of those techdocs, however it is impractical for us to demote our DC's and then promote them again. This setup has been working fine with not one of these errors for approx 3 years, until recently when these messages started to appear.
I will add the "DNS suffix for this connection", and test but I do not think that will resolve the problem. I can quite happliy ping by hostname, IP addr, FQDN and perform NSLOOKUP's against each machine. Active Directory replicates quite happily regularly and why would it only occur during the night?
I will add the "DNS suffix for this connection", and test but I do not think that will resolve the problem. I can quite happliy ping by hostname, IP addr, FQDN and perform NSLOOKUP's against each machine. Active Directory replicates quite happily regularly and why would it only occur during the night?
From event id
Value 1722 - "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. See the Q260371 link below for troubleshooting such issues. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also Q261007 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261007) - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)
nslookup
set type=srv
set type=srv
_ldap._tcp.dc._msdcs.YOURD
Server: dnsserver.yourdomain.com
Address: 192.168.100.2
you should see something like this:
_ldap._tcp.dc._msdcs.YOURD
priority = 0
weight = 100
port = 389
svr hostname = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURD
priority = 0
weight = 100
port = 389
svr hostname = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM internet address = 1.1.1.2
server2.YOURDOMAIN.COM nternet address = 1.1.1.1
If you don't then you definately have a DNS problem.
I would also recommend running the dcdiag and netdiag utilities on
your domain controllers. If you find that the servers aren't in DNS,
then make sure dynamic updates are enabled on your DNS server and
restart the netlogon server on each of your DCs."
Value 1722 - "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. See the Q260371 link below for troubleshooting such issues. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also Q261007 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261007) - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)
nslookup
set type=srv
set type=srv
_ldap._tcp.dc._msdcs.YOURD
Server: dnsserver.yourdomain.com
Address: 192.168.100.2
you should see something like this:
_ldap._tcp.dc._msdcs.YOURD
priority = 0
weight = 100
port = 389
svr hostname = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURD
priority = 0
weight = 100
port = 389
svr hostname = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM internet address = 1.1.1.2
server2.YOURDOMAIN.COM nternet address = 1.1.1.1
If you don't then you definately have a DNS problem.
I would also recommend running the dcdiag and netdiag utilities on
your domain controllers. If you find that the servers aren't in DNS,
then make sure dynamic updates are enabled on your DNS server and
restart the netlogon server on each of your DCs."
Value 1359 - "An internal error occurred." - In Windows 2000 using the same name for a user and a machine is a no-no I've been told. After we upgraded some workstations from NT using the same value for user name and computer name, this message would be generated. I noticed Windows 2000 added a "1" at the end of the machine name. The log on the workstation no longer generated the message. Solution: Do not use the same name for a machine name and user name.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your comments.
I have checked our DNS Server (and configuration wise) and all the Active Directory Service records do exist, however when I type in at the DOS prompt it says unrecognised command - I think maybe I am typing something in wrong. I have also run DCDIAG and NETDIAG - all tests OK except:
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
Again why would everything work fine for 3 years until a few weeks ago?
I have checked our DNS Server (and configuration wise) and all the Active Directory Service records do exist, however when I type in at the DOS prompt it says unrecognised command - I think maybe I am typing something in wrong. I have also run DCDIAG and NETDIAG - all tests OK except:
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
Again why would everything work fine for 3 years until a few weeks ago?
ASKER
We have no user or PC names the same. Don't forget these errors occur during the night. I don't know about you but certainly won't be logging in and changing my password at 3:00am in the morning!!!!
By the way I have looked at www.eventid.net.
By the way I have looked at www.eventid.net.
http://support.microsoft.com/default.aspx?scid=kb;en-us;329708
http://support.microsoft.com/default.aspx?scid=kb;en-us;261007
http://support.microsoft.com/default.aspx?scid=kb;en-us;257623
Good Luck,
Steve