Solved

Repeated browser event ID 8021 and 8032 then server loses connction to domain with nelogon event 5719

Posted on 2007-11-13
6
10,276 Views
Last Modified: 2012-06-27
I am  having a very strange problem on our network and would greatly apprecite any help.

I have numerous servers that have all simultaineouly lost there connection to the domain.  A reboot seems to fix the problem but I want to figure out what the underlying issue is.  All the servers in question have repeated browser events 8021 and 8032 which leads up to the catostrophic nelogon event 5719 after this the server can not authenticate anyone and needs to be rebooted.  See events below:

First:
Event Type:      Warning
Event Source:      BROWSER
Event Category:      None
Event ID:      8021
Date:            11/13/2007
Time:            3:46:26 PM
User:            N/A
Computer:      SFS03
Description:
The browser service was unable to retrieve a list of servers from the browser master \\SFDC02 on the network \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}.
 
 Browser master: \\SFDC02
 Network: \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}
 
 This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Second:
Event Type:      Error
Event Source:      BROWSER
Event Category:      None
Event ID:      8032
Date:            11/13/2007
Time:            3:16:27 PM
User:            N/A
Computer:      SFS03
Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E1BF078F-7EFF-4FB7-85BB-6E8CAE8C67A2}. The backup browser is stopping.

Third:
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            11/13/2007
Time:            3:11:36 PM
User:            N/A
Computer:      SFS03
Description:
This computer was not able to set up a secure session with a domain controller in domain CALSB due to the following:
Not enough storage is available to process this command.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
 
I have run netdaig dcdiag and combed through the event logs on our DC's and came up with nothing.  I have checked DNS and found several other threads with the exact same problem but these have eirthe been unanswerred or related to something else.

0
Comment
Question by:jdflory
  • 2
  • 2
  • 2
6 Comments
 
LVL 6

Expert Comment

by:arunexp
ID: 20278232
Cause could be any of this
" Your computer performs an acting role as a master browser because of a forced election.
" Your computer network cards are linked to the same subnet.
" Your computer network cards are not linked directly to the same subnet, but are linked indirectly to the same subnet through other subnets that they are connected to.
" The master browser is using an incorrect subnet mask.
" Your computer is a multihomed computer. A multihomed computer links at the same time to two or more subnets by using multiple network cards.
" Your computer is a master browser.
" Your computer is running the TCP/IP protocol
" Your client computer and the Windows 2000-based computer are on the same network segment as a Cisco Systems PIX firewall device.
" The PIX firewall device is configured with the proxy Address Resolution Protocol (ARP) feature. This feature sends requests through the internal network adaptor of the PIX firewall device.

please check this links
http://support.microsoft.com/kb/135404
http://support.microsoft.com/kb/888816
0
 
LVL 6

Expert Comment

by:arunexp
ID: 20278236
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20278354
Have you seen this link on all three errors?
http://www25.brinkster.com/ChicagoTech/wineventid.htm




0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jdflory
ID: 20281990
Thanks for everyones feedback I have two questions:

Can anybody tell me why these broswer events eventually lead to the server to stop authenticating to AD and then need to reboot.  I have seen these types of events before and have had connectivity issues before but they usually do not cause these types of issues.

arunexp,
-None of are servers are multihomed but all of them do have teamed nics.
-Checked the subnet mask of the master browser (one our DC's) andit is correct.
-This anomally is happening on several differnt subnets but all these subnets only have a single path to connect to.
-We do have an ASA and a Pix on our network and I have read the article disbaled proxy arp on the pix.  Allthough I am confused as to why this would be causing the problem because both devices are used only as exit points to our networks (internet access) so the servers and DC's do not use the these devices to communicate.  Can you help me understand what the MS artilce is talknig about in regards to this issue.

Thanks again
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 20282442
First off, I would really like to separate the two errors. I am not certain the Netlogon problem and Master Browser problems are related. So, you may have two separate problems. To answer your above questions, I think it best to handle the two problems separately.


Error 5719: (Netlogon Problems)
When you say have problems authenitcating, what do you mean? What types of connections are you trying to run when trying to access files or services? Are you trying to go through My Network Places to connect to a specific computer? If you are trying to connect through My Network Places, I can definately see the co-relation. If not, then you may have an additional problem. If you ask me, your netlogon service will interfere with domain authentication more so than any problems with the master Browser!!!. I think the fix for error 5719 I provided is the link to help you fix Netlogon error.

http://www25.brinkster.com/ChicagoTech/wineventid.htm

Errors 8021 and 8032: (master Browser Problems)

The way the Browser service works, (in the default browser configuration), is the clients will transmit a Netbios broadcast to show all available Master Browsers, "I AM HERE". If a Master Browser does not reply meaning it is not found, then an election can be forced by that client. The client can elect anything from another client to a mass storage device for a Master Browser. Sometimes you can get a couple master browsers on a single domain. Then you will see workgroup comptuers disappear from time to time.

The default configuration requires you are all able to communicate on ports 137 and 138. So, any IP port blockage can interfere with the master Browser service. Since these Netbios broadcasts are transmitted on UDP ports 137 and 138, the client can be transmitting into some sort of port blocking. That could include, VPN tunnel, NAT translation, Software/Hardware Firewall, Different Subnet, Different IP space for Multi homed domains, or some other sort of port blocking problem.

There are three potential fixes to the above blocks of the Master browser service. One is to stop the blockage by lowering your guard (meaning lower the port blockage like a firewall block). This will create vulnerabilities in your network and is not recommended.

The second is to use WINS instead of these Netbios Broadcasts to help your master browser see a list of comptuers. Since your clients and servers can not find a Master Browser or a Backup Browser, It looks like you have a blockage. I recommend you use the WINS configuration to help the Master Browser populate the list of computers in My Network Places.  I recommend this method and the link below will show you how to use WINS and the WAN configuration to work with the Master Browser Service.

The third is to use the Server Service and enable File and Print Sharing on all IP stacks. Most will say that File and Print sharing is a Vulnerability to the network and recommend you turn that off. I am on of those people.

This link is the best link I have found to explain the Master Browser Service. It is a little lengthy, but definately worth the read.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

I think you will want to use the WAN configuration using WINS instead of the Netbios broadcasts from the client. Also you may want to distingquish  the diferences between the Domain Master Browser, Master Browser, and Backup Browser.

I hope this helps.

John

0
 

Author Comment

by:jdflory
ID: 20328114
This issue has not showed itself again so it must have been some type of connectivity issue.

John,
I appreciate your  very descriptive response which helped me to to distinguish between the errors.  I had thought that the 8021 and 8032 events were causing the 5719 event.  But I think you were correct and they were just both caused by the same issue.  We have checked all other possibilities that you mentioned.

Thanks
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco iWAN 8 46
Flashing Cisco Meraki MR18 with OpenWRT firmware ? 5 55
Unknown AD user under VMWare OU 4 28
svg file 10 37
Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now