Server 2003 Needs to be rebooted every 3 to 4 days - result is that it cannot see resources

Posted on 2006-11-14
Last Modified: 2010-05-18
Environment:   Server 2003 Active Directory
            Connection is WAN
            Not experiencing any network problems

We currently have a Server 2003 Box at one of our clinics that needs to be re-booted every 3 to 4 days.  End result after 3 to 4 days is that the server can no longer see any of our other servers besides the workstations on its local LAN. Users can no longer print, cannot attach to resources. We believe that the problem has to do with RPC/NetBios.

After a reboot it works fine for another 3 to 4 days

The following outputs are from DCDiag and NetDiag

Before the reboot:

Domain Controller Diagnosis

Performing initial setup:
   [XXX-SPEECHSRV] LDAP search failed with error 58,
   The specified server cannot perform the requested operation..
   ***Error: The machine, XXX-SPEECHSRV could not be contacted, because of a
   bad net  response.  Check to make sure that this machine is a Domain


    Computer Name: XXX-SPEECHSRV
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
    List of installed hotfixes :

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed

    Adapter : Internet

        Netcard queries test . . . : Passed
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Failed

Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'Domain' is broken. [ERROR_NO_LOGON_SERVERS]

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot open an LDAP session to 'XXX-SPEECHSRV. at 'X.X.X.X'.
    [WARNING] Failed to query SPN registration on DC 'XXX-SPEECHSRV..
    [WARNING] Failed to query SPN registration on DC 'DC-NT2

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

Question by:NEMHCIS

Expert Comment

ID: 17940972

Seems you have a winsock corruption on your machine.
Check this article from MS.



Expert Comment

ID: 17941171
Do you have a DNS server on both sides????

Author Comment

ID: 17941320
Yes we have a DNS server at both location.  The server with the problem is a DNS server, a catalog server and a dhcp server
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 48

Expert Comment

ID: 17942083
your trust has failed between the DC. I would use netdom to reset it

Expert Comment

ID: 17942727

Author Comment

ID: 17947520
We have reset the Winsock (netsh winsock reset ) and the IP Stack (netsh int ip reset c:\resetlog.txt)
Had to reboot the server so unfortunately we won't know if the problem is resolved for a couple days

Thanks to everyone for the suggestions, i will keep you updated in a few days on the status of the problem.


Expert Comment

ID: 17962962
This could be your problem...  On your network card disable TCP Offload and see what happens.

Failover process does not occur when you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Windows Server 2003-based computer
View products that this article applies to.
Article ID : 921136
Last Review : June 30, 2006
Revision : 2.0
When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding.
 Back to the top

To resolve this problem, install the hotfix that is described in the following article.
919948 ( Error message after you install the Windows Server 2003 Scalable Networking Pack and then change the network settings on a Windows Server 2003-based computer: "STOP 0x000000D1"
 Back to the top

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
 Back to the top


Author Comment

ID: 18238110
Sorry for the delayed response but the problem ended up by being the Token size.  We increased the size of the Kerberos version 5 protocol token and it’s been over a month since it’s required a reboot.

1.      Click Start, click Run, type regedit, and then click OK.
2.      Locate and then click the following subkey:
Note If the Parameters subkey is not listed under the Kerberos subkey,  follow these steps:
a.       Right-click Kerberos, point to New, and then click Key.
b.       Type Parameters, and then press ENTER.
3.      Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
4.      Double-click MaxTokenSize, set the decimal value to 100000, and then click OK.

Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 100000 or that you set the hexadecimal value to 186a0. If you incorrectly set this value to 100000 hexadecimal, Kerberos authentication operations may fail, and programs may return errors. The 100000 hexadecimal value is an extremely large value.
5.      Quit Registry Editor.
6.      After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.

Accepted Solution

Computer101 earned 0 total points
ID: 19468801
PAQed with points refunded (500)

EE Admin

Expert Comment

ID: 23350550
How can you check what your current token size is? I know there is a default, but what command would you use to find out?

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question