NEMHCIS
asked on
Server 2003 Needs to be rebooted every 3 to 4 days - result is that it cannot see resources
Environment: Server 2003 Active Directory
Connection is WAN
Not experiencing any network problems
We currently have a Server 2003 Box at one of our clinics that needs to be re-booted every 3 to 4 days. End result after 3 to 4 days is that the server can no longer see any of our other servers besides the workstations on its local LAN. Users can no longer print, cannot attach to resources. We believe that the problem has to do with RPC/NetBios.
After a reboot it works fine for another 3 to 4 days
The following outputs are from DCDiag and NetDiag
Before the reboot:
DCDiag:
Domain Controller Diagnosis
Performing initial setup:
[XXX-SPEECHSRV] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
***Error: The machine, XXX-SPEECHSRV could not be contacted, because of a
bad net response. Check to make sure that this machine is a Domain
Controller.
NetDiag:
.......................... .......... ...
Computer Name: XXX-SPEECHSRV
DNS Host Name: XXX-SPEECHSRV.NEMHC.ON.CA
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Adapter : Internet
Netcard queries test . . . : Passed
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{D07B9D24-3722 -4A44-B511 -384752848 18F}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{D07B9D24-3722 -4A44-B511 -384752848 18F}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D07B9D24-3722 -4A44-B511 -384752848 18F}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to XXX-SPEECHSRV (X.X.X.X). [ERROR_OUTOFMEMORY]
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'Domain' is broken. [ERROR_NO_LOGON_SERVERS]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot open an LDAP session to 'XXX-SPEECHSRV. at 'X.X.X.X'.
[WARNING] Failed to query SPN registration on DC 'XXX-SPEECHSRV..
[WARNING] Failed to query SPN registration on DC 'DC-NT2
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Thanks,
Tammy
Connection is WAN
Not experiencing any network problems
We currently have a Server 2003 Box at one of our clinics that needs to be re-booted every 3 to 4 days. End result after 3 to 4 days is that the server can no longer see any of our other servers besides the workstations on its local LAN. Users can no longer print, cannot attach to resources. We believe that the problem has to do with RPC/NetBios.
After a reboot it works fine for another 3 to 4 days
The following outputs are from DCDiag and NetDiag
Before the reboot:
DCDiag:
Domain Controller Diagnosis
Performing initial setup:
[XXX-SPEECHSRV] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
***Error: The machine, XXX-SPEECHSRV could not be contacted, because of a
bad net response. Check to make sure that this machine is a Domain
Controller.
NetDiag:
..........................
Computer Name: XXX-SPEECHSRV
DNS Host Name: XXX-SPEECHSRV.NEMHC.ON.CA
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Adapter : Internet
Netcard queries test . . . : Passed
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{D07B9D24-3722
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server 'X.X.X.X' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{D07B9D24-3722
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D07B9D24-3722
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to XXX-SPEECHSRV (X.X.X.X). [ERROR_OUTOFMEMORY]
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'Domain' is broken. [ERROR_NO_LOGON_SERVERS]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot open an LDAP session to 'XXX-SPEECHSRV. at 'X.X.X.X'.
[WARNING] Failed to query SPN registration on DC 'XXX-SPEECHSRV..
[WARNING] Failed to query SPN registration on DC 'DC-NT2
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Thanks,
Tammy
Do you have a DNS server on both sides????
ASKER
Yes we have a DNS server at both location. The server with the problem is a DNS server, a catalog server and a dhcp server
your trust has failed between the DC. I would use netdom to reset it
Try and read this solution AMigo
https://www.experts-exchange.com/questions/21512754/Multiple-DCDIAG-errors-on-remote-server.html?qid=21512754
Cheers
https://www.experts-exchange.com/questions/21512754/Multiple-DCDIAG-errors-on-remote-server.html?qid=21512754
Cheers
ASKER
We have reset the Winsock (netsh winsock reset ) and the IP Stack (netsh int ip reset c:\resetlog.txt)
Had to reboot the server so unfortunately we won't know if the problem is resolved for a couple days
Thanks to everyone for the suggestions, i will keep you updated in a few days on the status of the problem.
Tammy
Had to reboot the server so unfortunately we won't know if the problem is resolved for a couple days
Thanks to everyone for the suggestions, i will keep you updated in a few days on the status of the problem.
Tammy
This could be your problem... On your network card disable TCP Offload and see what happens.
Failover process does not occur when you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Windows Server 2003-based computer
View products that this article applies to.
Article ID : 921136
Last Review : June 30, 2006
Revision : 2.0
SYMPTOMS
When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding.
Back to the top
RESOLUTION
To resolve this problem, install the hotfix that is described in the following article.
919948 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=919948/) Error message after you install the Windows Server 2003 Scalable Networking Pack and then change the network settings on a Windows Server 2003-based computer: "STOP 0x000000D1"
Back to the top
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
Failover process does not occur when you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Windows Server 2003-based computer
View products that this article applies to.
Article ID : 921136
Last Review : June 30, 2006
Revision : 2.0
SYMPTOMS
When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding.
Back to the top
RESOLUTION
To resolve this problem, install the hotfix that is described in the following article.
919948 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=919948/) Error message after you install the Windows Server 2003 Scalable Networking Pack and then change the network settings on a Windows Server 2003-based computer: "STOP 0x000000D1"
Back to the top
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
ASKER
Sorry for the delayed response but the problem ended up by being the Token size. We increased the size of the Kerberos version 5 protocol token and it’s been over a month since it’s required a reboot.
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Lsa\ Kerberos
Note If the Parameters subkey is not listed under the Kerberos subkey, follow these steps:
a. Right-click Kerberos, point to New, and then click Key.
b. Type Parameters, and then press ENTER.
3. Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
4. Double-click MaxTokenSize, set the decimal value to 100000, and then click OK.
Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 100000 or that you set the hexadecimal value to 186a0. If you incorrectly set this value to 100000 hexadecimal, Kerberos authentication operations may fail, and programs may return errors. The 100000 hexadecimal value is an extremely large value.
5. Quit Registry Editor.
6. After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
Note If the Parameters subkey is not listed under the Kerberos subkey, follow these steps:
a. Right-click Kerberos, point to New, and then click Key.
b. Type Parameters, and then press ENTER.
3. Right-click the Parameters subkey, point to New, click DWORD Value, and then type MaxTokenSize.
4. Double-click MaxTokenSize, set the decimal value to 100000, and then click OK.
Note The default decimal value for the MaxTokenSize registry value is 12000. Microsoft recommends that you set this decimal value to 100000 or that you set the hexadecimal value to 186a0. If you incorrectly set this value to 100000 hexadecimal, Kerberos authentication operations may fail, and programs may return errors. The 100000 hexadecimal value is an extremely large value.
5. Quit Registry Editor.
6. After you set the MaxTokenSize registry value, and after the computer is updated, restart the computer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How can you check what your current token size is? I know there is a default, but what command would you use to find out?
Seems you have a winsock corruption on your machine.
Check this article from MS.
http://support.microsoft.com/kb/811259
Cheers!
regards,
Trenes