Link to home
Start Free TrialLog in
Avatar of metamatic
metamatic

asked on

Error connecting to my DNS server

I have a domain with a single 2003 standard server. Everything appears to be running OK (users can logon/logoff, exchange and other apps are running ok) but when I go to Administrative Tools and then DNS my DNS server has a red cross on it and in the right hand pane I get the following error:

"Cannot contact the DNS server. The specified DNS server connot be contacted. Some possible reasons include: the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found."

When I right click on the server I can only access the monitoring tab in properties. If I opt to run a test it reports as passing both the simple and recursive query. If I look go to services it reports that the DNS service is started. In the DNS event log, however, there is an error message. I rebooted the server on friday evening and at the time the server came back up there are 2 entries generated at exactly the same time. (looking back these two errors have actually been generated every time I have rebooted the server in the last 3 months). One is the standard event ID 2 "The DNS server has started". The other is an error as follows:

Source: DNS
Event ID: 140
Description: The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code.

I've checked and RPC is up and running. Also, there have been no further entries in my DNS event log since then.

From what I can see, the RPC service has an awful ot of dependencies so I don't really want to go stopping and starting it (let alone reinstalling it) before I know what I am letting myself in for.

Can anyone offer any advice?

Cheers

Andy
Avatar of ZabagaR
ZabagaR
Flag of United States of America image

This advice is from Microsoft:

http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=DNS&EvtID=140&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.0

-----------------------------------------------

Product: Windows Operating System
ID: 140
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_RPC_SERVER_INIT_FAILED

Message: The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. For specific error code, see the Record Data page.  
   
Explanation:
In order for DNS to run, the Remote Procedure Call (RPC) service must be running on the DNS server.
 
User Action:
Verify that the Remote Procedure Call (RPC) service has been started: Open Administrative Tools, and double-click Services. If the service has been started, try restarting your computer. If you continue to receive this message, remove and reinstall the RPC Configuration service by using the Services tab network connection in Network and Dial-up Connections in Control Panel.
 
Avatar of metamatic
metamatic

ASKER

Thanks for the reply.

I have seen the MS help article that you quote before.

I really don't want to go down the road of reinstalling RPC without knowing whether it is gong to cause other problems. If you look at it in services then it more dependencies than anything else!
metamatic, I know what you mean.....I guess if all else fails, then that'll be your last resort.
ASKER CERTIFIED SOLUTION
Avatar of Carlo-Giuliani
Carlo-Giuliani
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is your Windows 2003 server fully updated? SP1 at least?
Sorry about the delay in replying - got distracted with other problems!

Carlo-Guiliani, the answers to your questions are as follows:

1. Yes!

2. Yes, we have 1 DC running exchange and everything else. I know this is not a good setup and I am intending to add a second server.

3. Just run it now and the details are as follows (10.10.0.1 is the ip address of my server)

Windows IP Configuration

Host name: Server
Primary DNS Suffix: mydomain.local
Node Type: Hybrid
IP Routing Enabled: No
WINS Proxy Enabled: No
DNS Suffix Search List: mydomain.local

Ethernet Adapter Internal Gigabit Ethernet Adapter

Connection specific DNS suffix:
Description: "my network card"
Physical Address: "my mac address"
DHCP enabled: No
IP Address: 10.10.0.1
Subnet Mask: 255.0.0.0.
Default Gateway: 10.10.0.3
DNS servers: 10.10.0.1
Primary WINS server: 10.10.0.1


4. Nslookup produces the following:

server: server.mydomain.local
address: 10.10.0.1

name: server.mydomain.local
address: 10.10.0.1

Sorry. missed your final question. i have installed the admin tools and I still can't connect to the DNS server.
Wierd.  Your DNS seems to be working.   And I really can't believe that your RPC is not working.  

- Can you join another server or PC to the domain?  And logon to a domain id?
- When you installed the admin tools to try and connect to the DNS services,
  what that on a PC joined to the domain?

The RPC error only occurs at the startup of DNS, right?  Just for the hell of it, try the following.
 - stop and restart the DNS service
   Does the event id 140 occur?  (I am guessing it will not).
 - Try once more to administrate the DNS service
It is indeed rather weird.

In answer to your questions, I can join other PC's to the domain and in the 3 or so months I have been having this problem I have never had any logon problems. The admin tools were installed on my PC which is part of the domain. From what I can tell, DNS seems to be working perfectly - the only problem is accessing it through the console.

As for stopping the DNS server, i did that tonight and when I restarted it I got the same RPC 140 error.

I found out that i had a microsoft support call that was due to expire soon so I have raised the issue with them. So far, they don't really seem to know what it causing it either. The technician got me to delete some files to force the DNS to recreate its zone files but this didn't help. He also tried to recreate the DNS MMC snap in but again this didn't make any difference. Eventually he got me to send him a load of log files and said he would get back to me tomorrow.

I'll keep you posted how I get on but if you have any flashes of inspiration then please let me know!
You mean that you restarted just the DNS *service*, or the whole *server*?   I was trying to figure out if this RPC message might just be a matter of timing....the RPC service maybe not responding when the DNS service first starts up.

- Have you ever changed the IP address of this server (particularly 3 months ago?)
- does the hosts file contain the usual default entry with the server's own name pointing to 127.0.0.1?

Just the DNS service, but the entries in the event log were the same as when I do a full server restart.

The IP address of the server hasn't changed since we installed it in august last year.

Not sure what you mean about the hosts file. (I'm not too hot on DNS!). Is this something I can check without accessing the DNS console?
look at c:\WINDOWS\system32\drivers\etc

There's no extension, it's a simple text file that will contain mostly comments...
Just checked the hosts file and it hasn't been modified since the server was installed. Its set to teh default 127.0.0.1.
Hi, still working on this?   I have two more questions for you.

-  Have you tried using the DNSCMD.EXE command line interface for DNS administration?
   (I am guessing you will have the same problem, but it is worth checking).
-  Can you run ">NETDIAG /V /test:DsGetDC"  ?
   This is supposed to check RPC connectivity, and the "/V" means "verbose".  This is a resource kit tool that you can
   download from   http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/netdiag-o.asp


 

Just got back from a long weekend break and the issue is still on going! I'll try what you suggest later on today and post back with the results plus an update on what Microsoft have had me doing.
Sorry for the delay in replying - there have been a few developmnets since I last posted.

I ran a DNSCMD /INFO and as expected got an error. The details were as follows:

Info Query failed
Status = 1722 <0x000006ba>
Command failed: RPC_S_SERV_UNAVAILABLE  1722  <0x000006ba>

I ran the NETDIAG command, however, and it seemed to pass all the tests.

As for Microsoft's efforts, they have not been entirely successful.

The technician seemed to think it was due to network load balancing so he got me uninstall this but it made no difference. He then got me to run a netmon and regmon trace and email him the results. He then came back to me and said something about finding a reference to a website called XNET666 in the netmon trace. He has concluded that there is a spyware or possibly a Denial of Service application being run from our server and I have a feeling he is pushing to close the call off.

I have run an adaware scan, a microsoft spyware scan, a regsistry and file search and can't find any references to this XNET666. I have also looked on the internet and can't find any real info on it. (the few web sites that mention it are all in German). To be quite honest, i am not convinced about his explanation. I emailed him yesterday asking him to point out exactly where my netmon trace references this XNET666 but haven't had a reply yet.

As to where i go from here, I really don't know! I have raised another question on here asking for more info on XNET666 but if you think there are other things I can try then please let me know.

Cheers

Andy



Well, if you are postive its a process running on the server, but you cannot find it, maybe its hiddden with "rootkit".

Try running these programs to find hidden services running in the background ...

Find Hidden Service 1.1
http://hxdef.net.ru/download/fhs11.zip

Process Magic V1.0 by WinEggDrop
http://hxdef.net.ru/download/procmagic10.zip

The process almost always state that they don't find any hidden process, but yo uhave to manually double check hte list for any suspicious process ...

Refrence: http://hxdef.net.ru/download.php

I did a websearch on that XNET666 and found the following .. in german I think, but it seems to be pretty clear ...

"Verbindungsaufbau zu xnet666.com
...Fernzugriff auf den infizierten Computer mittels IRC...W32/Rbot-GU verschiebt sich als HOST32.EXE in...aktiviert wird: HKLM\Software\Microsoft\Windows\CurrentVersion..."

Please be sure to post any updates mate ... cheers!
When I said "The process almost always state that they don't find any hidden process, but yo uhave to manually double check hte list for any suspicious process ..."

I really meant: "These APPLICATIONS almost always state that they don't find any hidden process, but you have to manually double check the list they echo for any suspicious process ..."
Thanks for your input. I had another look at the Netmon trace and it seems that the problem was not with the server. Instead another PC on the network was generating the traffic and the server was responding to it. Anyway, I ran a full adaware and virus scan on the dodgy PC and it cleared off quite a lot of stuff. Can't remember exactly what it was but the virus you mention in your post does look familiar.

Sadly, I still have my DNS problem so it looks like this whole XNET666 thing was a bit of a red herring. I think Microsoft are getting fed up with the amount of time my call is taking up and are looking for an excuse to close it off.
I think your MS techie is way off target from the start.  The problem seems to be connecting to RPC locally on the DNS server, so I don't know what the point of looking at Netmon traces is.  I guess they are just grasping as straws....and so am I, at this point.

Is the "Server" service running on this server?
If you can't find anything wrong, I would have a serious look at any hidden applications ... could you run the apps I gave you?
Finally sorted the problem!!!

It was something so simple, too

The DNS service had been set to log on with the administrator account rather than the system account. I changed it back, restarted DNS and everything as fine.

Anyway, thanks again for all your efforts!
Ahh....that's interesting.  Thanks for letting us know what it was!
WoW .... never would have imagined ...