Solved

2003 server DNS/Domain Controller internet abruptly stopping

Posted on 2007-11-23
26
322 Views
Last Modified: 2010-04-18
I have installed/updgraded to a 2003 enterprise server from 2000 for domain controllers/DNS controllers.  Since this time, the interned on our network will just quit working.  If i reboot the server, everything is fine once again, but only with a reboot.  there has to be an easier way??  i've checked the services and nothing is stopped.  Also, i can ping out to web sites like yahoo.com and it will resolve the IP, just cannot do anyting on the web....  please help. thanks
0
Comment
  • 10
  • 10
  • 6
26 Comments
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
Check the Event Viewer/System

are you getting master browser errors? typically error 8003
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
This could actually be a number of things. Since you are a Guru on this subject, can I ask you if you checked the following:

Dual NIC cards conflicting with one another?
Forwarders set to an outside DNS server?
The default gateway set in the IP stack of the server?


It would also help to know if this was a replacement server, upgrade, or nuke and reinstallation of the server's upgrade.

0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
Hi, yes, i have got a few 8003 errors... maybe we should dig into that some more if you think that sounds right???

ChiefIT, we do have dual NIC's, the server is an upgrade from a 2k domain controller.  As far as the forwarders, IP stack, sorry, i have no idea.  nothing like this should have been changed from a domain controller upgrade should it?    
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
OK:

Dual NICS:
Dual NIC cards would be my first guess. Improper configuration of dual NIC cards would conflict. If you are not using your second NIC for routing, or a multihomed domain, may I suggest you disable NIC 2 and operate off NIC 1. Dual NIC cards can cause all kinds of problems if not properly configured. Not all problems will show up in event viewer or DCdiag reports.

DNS Forwarders:
Forwarders would put you along the lines of DNS errors. If you can not get DNS translations outside your domain, but can within the domain, I would check the DNS forwarders. DNS forwarders should be set for DNS servers outside your domain. Just google search setting DNS forwarders. If this is an OS upgrade and not a replacement or OS reinstallation, your DNS forwarders should not have changed.
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
This is the message:

Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            11/21/2007
Time:            7:37:21 AM
User:            N/A
Computer:      CEBT-DC1
Description:
The master browser has received a server announcement from the computer LENOVO-E7D28F7A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{723DAAB4-6D9. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..À
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
I'm sorry, one of the two NIC's is already disabled.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
The browser election will be related, but a separate issue from the problems with accessing the WWW. So, let's separate the issues.

Accessing the WWW relies upon DNS forwarders and Routing/Networking (to include the gateway). I am pretty sure your issues with the WWW has to do with DNS. To check and see if you have a DNS issue, go to the command prompt of a problem child computers and ping a website by host hame.

Example:
Ping google.com
Also
Ping 72.14.207.99

This is two different ways of pinging google.com. If you receive a reply by IP address and not by host name, you have a DNS problem. You will probably find that problem in DNS forwarders. Your DNS forwarders should be going to outside DNS servers. So, if your Domain controller's DNS server doesn't have a DNS translation, it will forward the DNS query to an outside DNS server. You may have something blocking DNS queries. To test if you have something blocking DNS queries, try to ping a local computer by the IP address and by the host name. If you have something blocking DNS queries, you could elect to use WINS.

For your Browser issues Please see the following accepted link's solution. This will tell you how to master the Master browser service. In this case, you may have something blocking DNS queries. Do you see the relation?

WINS will also help you populate the list of computers in My Network Places and rid yourself of the Master Browser problems. Please read the following solution and disregard error 5719 for your application.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22959186.html

I hope this helps.
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
If you can connect the master browser errors appearing nearly at the same time as you're having your trouble acccessing the network. I would almost guarantee that's your problem. I think the election process swamps the network with traffic. Everytime my client would say they had to reboot the server because they couldn't access the server or the internet, the master browser error was the only error remotely near the time of the network outage

In my case

I created a GPO to disable the the Computer Browser service on the client machines in the network.

I also edited the registry via a script on the client machines.

I haven't had them call me about this issue in over a month.

http://www.pctools.com/guides/registry/detail/54/

0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
@Tom:

Tom the only problem is, DNS is not required to for the master browser service. Instead, Netbios broadcasts, from the clients on UDP ports 137 and 138, are used to work with the master browser service. The inability to access the WWW is a problem with DNS.

Both DNS and the Master Browser Service require Netbios translations. This is why I say they are related, but individual problems. The inability to make the Netbios translation could very well be the issue.

So--->>

coloradoeastbankandtrust:
Please check and see if Netbios over TCPIP is elected in the IP stack of the server.  I should have recommended that, before anything.
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
@ChiefT

what if one of the DC's is the DNS server for the LAN? The election process could bog the server down, not allowing clients to query it for DNS entries, thus causing inability to communicate with the LAN and WWW.

THe problem I had was on an SBS2003 server, where the PDC is also the DNS server for the client machines on the LAN. Once I made those changes I specified earlier, I never had this problem again.
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
actually guys (as of right now) this is our only 2k3 domain controller and is the DNS server too for the lan/wan.......
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
@Colorado,


It sounds like you're in the same boat that I was. Now it may be more technical than the "network get's bogged down" aspect, but when I made those changes, I never had the same issue. Once again, the master browser errors were literally the only errors that were on the same date/time that my network was going down. Filter your event viewer for error 8003 and see if it's the same for you as far as date/time your network was going down. If it is, make those changes I suggested. The Computer Browser service has to remain running on your 2k3 DC. The client machines, you can safely turn it off, and then edit the registry so they never try to become the master browser again.

Probably not true for you, but my network going down/along side the MB errors ....exclusively happened on Fridays. strange huh?
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
Below is an event in which I KNOW casued me to reboot around this time.  The computer name in it "GRANADANT" is our demoted 2k domain controller that's still on the network for the use of file sharing, etc.  what do you think?


Event Type:      Error
Event Source:      MRxSmb
Event Category:      None
Event ID:      8003
Date:            11/13/2007
Time:            4:36:39 PM
User:            N/A
Computer:      CEBT-DC1
Description:
The master browser has received a server announcement from the computer GRANADANT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{723DAAB4-6D92-4C27. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..À
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Ah, Tom:

I see your logic. Trying to make the netbios translations for the browser isn't working, so it floods the Netbios translation and eventually knocks it down. This sounds like a port blocking on UDP port 137 and 138. With the knockout of netbios translations, DNS, (wich also requires netbios translation), will be knocked down as well.

Just to bounce ideas off of you both:
Disabling the clients browser service will prevent elections to clients and other nodes on the network. But, you will still have clients failing to broadcast and recieve a reply to the domain master browser. What if we combine idears?

I assume this is a Bank. Since this is a bank, you may have something between the servers and clients that block UDP ports 137 and 138. The block is probably a VPN tunnel, NAT, or a firewall between servers and clients. And you know, this is a good way to set up a bank by separating your servers and clients.  

We could disable the ability for the clients to elect a master browser, as Tom recommended. Then we can set up the domain master browser to use the WINS/WAN configuration. Tom's idea would stop the clients from electing a master browser. My idea would allow us to bypass they port blocking of the master browser service and prevent the clients from not seeing the domain master browser. Fixing the master browser service will also allow a completely populated list of computers in "My Network Places".
 
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
I would turn off the Computer Browser Service and edit the registry (Key found in link I posted above). I would make sure that AD is not installed on that machine and make sure it's truly demoted.

The issue is, any PC even WIN98 can think it's the master browser, so you have to make sure you make the changes on all Clients on the network, excluding the DC
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
Okay-

So I need to make this registry hack on the PDC/DNS?  and turn off computer browser service on all PC's within the network? or just the PDC??  If it's all PC's, can;t i do that via GPO?  thanks
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
@Colordao,


No , only turn off the Computer Browser service on the clients and the *old* domain controller, and any other file/print server that is not a DC.

Make those registry changes only on the clients or member servers.

Yes, you can do it all via scrips and GPOS.
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
Okay, I made a GPO disabiling the Computer Browser service and included all PC's and member servers.

I also edited the registry on the PDC to read "YES" rather than "FALSE"

I'll cross my fingers and hope.  i'll keep you posted. Thanks,Clint
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
@Colorado

Please make sure you edit the registry on the clients and member PC's so the registry reads "False" instead of "Auto". Otherwise, they may still try to be a master browser.

thanks,
TOM
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
Tom- we have over 300 nodes that will need this done, is there a quick way of doing this?
0
 
LVL 3

Accepted Solution

by:
Tom-J-Lael earned 500 total points
Comment Utility
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters]
"IsDomainMaster"="FALSE"
"MaintainServerList"="NO"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  62,00,72,00,6f,00,77,00,73,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

open notepad
copy and paste this inside the notepad
save it as browser.reg
put it in a directory all nodes have access to
create a script that runs the .REG file and apply it via GPO
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
PS. My network nodes were all XP SP2
if you have older OS's you may need to research if this will apply or not. Should apply to Win 2000 but check the reg on one just to be sure
0
 
LVL 3

Expert Comment

by:Tom-J-Lael
Comment Utility
http://www.robvanderwoude.com/regedit.html

importing registry items using Batch files
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
thanks Tom, a side note-  I just wanted to say i tracked down the events and found this:

For DNS, I was getting 4004 errors and one 4015
For System, I was getting about four 1014 warnings and one 1002 error (WSVC)

I'm leaning towards that, but maybe i'm completley off base.  
0
 

Author Comment

by:coloradoeastbankandtrust
Comment Utility
After Deep thought and monitoring the server with wireshark, we found that there is a LOT or source traffic coming from the server.  And we believe it's from the Symantec Discovery Service.  
Has anyone delt with Symantec Enterprise at all, or have any thoughts on that?
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
This could explain a lot:

We did touch on switches earlier. Have you ever heard of spanning tree port fast? Issues with this could cause intermittant communications.

Spanning tree port fast is the method used for the switch to scan its ports and multiplex the communications on the clients. 5719 errors could be cause by your machines not being able to propogate through the switch in a timely mannor. The excess traffic on the server could mean it is trying extra hard to communicate. All errors that you see could be a result of spanning tree port fast. May I recommend you call your network switches IT customer service for help.

http://kbalertz.com/202840/Client-Connected-Ethernet-Switch-Receive-Several-Error-Messages-During-Startup.aspx
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Moving Files servers to DFS 11 31
Add user group members to local Administrators 2 45
Public DNS 2 28
Split DNS 3 21
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now