?
Solved

Windows Server 2003 trusts/logons/dns

Posted on 2005-04-18
10
Medium Priority
?
1,026 Views
Last Modified: 2009-05-20
I have 3 Windows 2003 servers.  The primary is the SBS2003 and I also have an Enterprise and Standard Edition.  I have been getting thousands of logon failures (Event ID 529) and consequently I am having issues now where servers and computers are not logging onto the resources and having access to the files on the various drives.  I am also having issues where I cannot access outside Internet sites such as www.yahoo.com.  What advise can you give me?

Thanks
0
Comment
Question by:c_ur_f8
  • 6
  • 4
10 Comments
 
LVL 13

Accepted Solution

by:
gpriceee earned 2000 total points
ID: 13807108
Hello.  The explanation to your Kerberos issue is at: http://support.microsoft.com/?kbid=890477

A hotfix is at: http://support.microsoft.com/?kbid=890477

0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13807155
As for your yahoo.com issue, if you fixup DNS, you'll have issues with yahoo.com.
The old standard called for a 512 limit on DNS packets; yahoo returns a larger packet.  The 512 limit is gone.
0
 

Author Comment

by:c_ur_f8
ID: 13807754
I used yahoo.com as an example.  I can get to mail.yahoo.com and my.yahoo.com, but not www.yahoo.com.  Any further thoughts?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 13

Expert Comment

by:gpriceee
ID: 13807786
Yes.  www.yahoo.com returns a lerger than 512 DNS packet.
Are you using a firewall that "checks" DNS for errors?
 
0
 

Author Comment

by:c_ur_f8
ID: 13807835
I'm not in control of the firewall, but we do have a unit that may be the cause and effect of many of our problems.  It is also running DHCP which I need to get onto one of my 2003 servers, but I'm having issues with that authorizing.  I'm wondering if I have an AD issue, DNS issue or something else that I'm not thinking of.
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13807885
My assumption for yahoo is the firewall.

Check ou the following for DHCP: http://support.microsoft.com/default.aspx?scid=kb;en-us;303317
0
 

Author Comment

by:c_ur_f8
ID: 13807970
It lets me authorize, but won't give the permissions.  

Have you seen the following error?

C:\Documents and Settings\administrator.CRSENGINEERS>repadmin /showreps
Default-First-Site-Name\CRSXCHANGE
DC Options: IS_GC
Site Options: (none)
DC object GUID: 7293b1f4-20c9-4db3-9161-bcf6ee3b0d58
DC invocationID: bd922d11-0231-4ed7-9ea5-0321e1626d63

==== INBOUND NEIGHBORS ======================================

DC=crsengineers,DC=com
    Default-First-Site-Name\CRSWEB via RPC
        DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
        Last attempt @ 2005-04-18 10:29:24 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.
    Default-First-Site-Name\CRSACCNT via RPC
        DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
        Last attempt @ 2005-04-18 10:31:09 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.

CN=Configuration,DC=crsengineers,DC=com
    Default-First-Site-Name\CRSACCNT via RPC
        DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
        Last attempt @ 2005-04-18 10:35:56 was successful.
    Default-First-Site-Name\CRSWEB via RPC
        DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
        Last attempt @ 2005-04-18 10:35:56 was successful.

CN=Schema,CN=Configuration,DC=crsengineers,DC=com
    Default-First-Site-Name\CRSACCNT via RPC
        DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
        Last attempt @ 2005-04-18 10:29:54 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.
    Default-First-Site-Name\CRSWEB via RPC
        DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
        Last attempt @ 2005-04-18 10:30:24 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.

DC=DomainDnsZones,DC=crsengineers,DC=com
    Default-First-Site-Name\CRSWEB via RPC
        DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
        Last attempt @ 2005-04-18 10:30:39 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.
    Default-First-Site-Name\CRSACCNT via RPC
        DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
        Last attempt @ 2005-04-18 10:31:24 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.

DC=ForestDnsZones,DC=crsengineers,DC=com
    Default-First-Site-Name\CRSWEB via RPC
        DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
        Last attempt @ 2005-04-18 10:30:54 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.
    Default-First-Site-Name\CRSACCNT via RPC
        DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
        Last attempt @ 2005-04-18 10:31:41 failed, result 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
        1 consecutive failure(s).
        Last success @ 2005-04-18 09:56:30.

Source: Default-First-Site-Name\CRSWEB
******* 1 CONSECUTIVE FAILURES since 2005-04-18 09:56:30
Last error: 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.

Source: Default-First-Site-Name\CRSACCNT
******* 1 CONSECUTIVE FAILURES since 2005-04-18 09:56:30
Last error: 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failure.
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13808053
Do you have the server looking at an external DNS address?
http://support.microsoft.com/?kbid=263624
0
 

Author Comment

by:c_ur_f8
ID: 13808071
Nope.  I verified this already.  The servers are only looking at their own IP for DNS.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question