Solved

Server 2003 Needs to be rebooted every 3 to 4 days - result is that it cannot see resources

Posted on 2006-11-14
11
854 Views
Last Modified: 2010-05-18
Environment:   Server 2003 Active Directory
            Connection is WAN
            Not experiencing any network problems

We currently have a Server 2003 Box at one of our clinics that needs to be re-booted every 3 to 4 days.  End result after 3 to 4 days is that the server can no longer see any of our other servers besides the workstations on its local LAN. Users can no longer print, cannot attach to resources. We believe that the problem has to do with RPC/NetBios.

After a reboot it works fine for another 3 to 4 days

The following outputs are from DCDiag and NetDiag

Before the reboot:

DCDiag:
Domain Controller Diagnosis

Performing initial setup:
   [XXX-SPEECHSRV] LDAP search failed with error 58,
   The specified server cannot perform the requested operation..
   ***Error: The machine, XXX-SPEECHSRV could not be contacted, because of a
   bad net  response.  Check to make sure that this machine is a Domain
   Controller.

NetDiag:
.......................................

    Computer Name: XXX-SPEECHSRV
    DNS Host Name: XXX-SPEECHSRV.NEMHC.ON.CA
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
    List of installed hotfixes :
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed

    Adapter : Internet

        Netcard queries test . . . : Passed
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{D07B9D24-3722-4A44-B511-38475284818F}
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{D07B9D24-3722-4A44-B511-38475284818F}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{D07B9D24-3722-4A44-B511-38475284818F}
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to XXX-SPEECHSRV (X.X.X.X). [ERROR_OUTOFMEMORY]

Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'Domain' is broken. [ERROR_NO_LOGON_SERVERS]

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot open an LDAP session to 'XXX-SPEECHSRV. at 'X.X.X.X'.
    [WARNING] Failed to query SPN registration on DC 'XXX-SPEECHSRV..
    [WARNING] Failed to query SPN registration on DC 'DC-NT2

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

Thanks,
Tammy
0
Comment
Question by:NEMHCIS
11 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 17940972
Hi NEMHCIS,

Seems you have a winsock corruption on your machine.
Check this article from MS.
http://support.microsoft.com/kb/811259

Cheers!
regards,

Trenes
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 17941171
Do you have a DNS server on both sides????
0
 

Author Comment

by:NEMHCIS
ID: 17941320
Yes we have a DNS server at both location.  The server with the problem is a DNS server, a catalog server and a dhcp server
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17942083
your trust has failed between the DC. I would use netdom to reset it
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 17942727
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:NEMHCIS
ID: 17947520
We have reset the Winsock (netsh winsock reset ) and the IP Stack (netsh int ip reset c:\resetlog.txt)
Had to reboot the server so unfortunately we won't know if the problem is resolved for a couple days

Thanks to everyone for the suggestions, i will keep you updated in a few days on the status of the problem.
Tammy

0
 

Expert Comment

by:BygRob
ID: 17962962
This could be your problem...  On your network card disable TCP Offload and see what happens.

Failover process does not occur when you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Windows Server 2003-based computer
View products that this article applies to.
Article ID : 921136
Last Review : June 30, 2006
Revision : 2.0
SYMPTOMS
When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding.
 Back to the top

RESOLUTION
To resolve this problem, install the hotfix that is described in the following article.
919948 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=919948/) Error message after you install the Windows Server 2003 Scalable Networking Pack and then change the network settings on a Windows Server 2003-based computer: "STOP 0x000000D1"
 Back to the top

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
 Back to the top

0
 

Author Comment

by:NEMHCIS
ID: 18238110
Sorry for the delayed response but the problem ended up by being the Token size.  We increased the size of the Kerberos version 5 protocol token and it’s been over a month since it’s required a reboot.


1.      Click Start, click Run, type regedit, and then click OK.
2.      Locate and then click the following subkey:
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
               
Note If the Parameters subkey is not listed under the Kerberos subkey,  follow these steps:
a.       Right-click Kerberos, point to New, and then click Key.
b.       Type Parameters, and then press ENTER.
3.      Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
4.      Double-click MaxTokenSize, set the decimal value to 100000, and then click OK.

Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 100000 or that you set the hexadecimal value to 186a0. If you incorrectly set this value to 100000 hexadecimal, Kerberos authentication operations may fail, and programs may return errors. The 100000 hexadecimal value is an extremely large value.
5.      Quit Registry Editor.
6.      After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19468801
PAQed with points refunded (500)

Computer101
EE Admin
0
 

Expert Comment

by:jaesoul
ID: 23350550
How can you check what your current token size is? I know there is a default, but what command would you use to find out?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now