Microsoft, Windows, 2003, Event 11167 DNSAPI
Sorry for the long post here...
Today, and oddly enough, I've had some very strange networking issues unlike I've ever had before.
It started out this morning when I noticed the network was really slow. Our PDC/Exchange 2003 box somehow was displaying 10.0 Mbps vs. the usual 1.0 Gbps for the Intel network card. Tried to troubleshoot it and everything tested out fine. Changed the cable to another port and it was okay. Then noticed that our network file shares were not working or our accounting system.
In either case, I've gotten the following error messages on the following servers:
PDC/Exchange 2003:
Event ID 4015
SQL Server/App Server
Event ID 40960
Event ID 11167 (DnsApi)
Event ID 2504
Event ID 5783
Secondary DNS/File Share
Event ID 1006
Event ID 17
I've never seen this before and have never encountered this. It just happened out of nowhere with an event ID 8003 MrxSmb on my PDC. I havn't touched anything. Wondering if my DNS is hosed or something related.
Any assistance is greatly appreciated as i have no idea where to start.
Today, and oddly enough, I've had some very strange networking issues unlike I've ever had before.
It started out this morning when I noticed the network was really slow. Our PDC/Exchange 2003 box somehow was displaying 10.0 Mbps vs. the usual 1.0 Gbps for the Intel network card. Tried to troubleshoot it and everything tested out fine. Changed the cable to another port and it was okay. Then noticed that our network file shares were not working or our accounting system.
In either case, I've gotten the following error messages on the following servers:
PDC/Exchange 2003:
Event ID 4015
SQL Server/App Server
Event ID 40960
Event ID 11167 (DnsApi)
Event ID 2504
Event ID 5783
Secondary DNS/File Share
Event ID 1006
Event ID 17
I've never seen this before and have never encountered this. It just happened out of nowhere with an event ID 8003 MrxSmb on my PDC. I havn't touched anything. Wondering if my DNS is hosed or something related.
Any assistance is greatly appreciated as i have no idea where to start.
ASKER
The PDC/Exchange and SQL Server machines seem to be running okay. Its the secondary DNS/file share that is the issue. I am also getting NETLOGON (5783) errors saying that the machine cannot be trusted by the domain controller. There is only one domain controller. Even just opening the start menu on my laptop, it forces my laptop to completely freeze up.
This has never happened before. I am trying everything at this point without results.
This has never happened before. I am trying everything at this point without results.
What are the DNS settings on the DC and the Secondary DNS server? The primary DNS on each box should be pointing to eachother. Oddly enough, I have seen where disconnecting the NIC on a server resets its ip configuration. You may also check your clock settings. By default, all clocks must be within 5 minutes of eachother, otherwise kerberos will fail. The event ID 8003 is a browser election, which most likely occurred when your DC came back on line. When you click the Start Menu on your laptop, it is trying to do a lookup on your username to retrieve your full name (at the top of the start menu it should display your full name if you are running the XP theme). The fact that it is freezing when you are doing this suggests that it cannot contact the domain controller. Post back with any updates you might have...
ASKER
We do have 2 NICs on each server. However one of them is disabled at all times. Yesterday, at about 9:00 AM, I sent an email in Outlook (Exchange) and saw it sit there in the Outbox. Thought it was a tad strange, but figured it would just send in a sec. Then someone came down to mention that they couldnt access the shared drives on the secondary DNS server which is also a file/print. I checked the Exchange/PDC server first to ensure there was nothing wrong. I did notice that the primary NIC was only at 10 Mbps when it should be at 1.0 Gbps. When I changed ports (enabling/disabling the NICs) it would go to 1.0 Gbps, then say the cable was disconnected, then come back on at 10 Mbps. This happened on every server and not sure why it happened at all. Ran all tests on the NICs and everythign checked back fine.
The first event I noticed on the exchange server was 8003 MrxSub but it was referencing a NAS device. Unplugged the NAS device to see if that would help and it didnt. Then started getting the 11167 Dnsapi, 5719 netlogon, and 40960 Lsasrv warnings. I was thinking it could be our DNS, but nothing has changed on it.
I'm out remotely today and unable to VPN to the network, so have a tech consultant coming to address the issue. Two other things that may be of interest.
1. Also getting W32Time errors (id 18), but all machines report to PDC which gets its time from us.ntp.pool.org. Is that good or should i just use the NTP on our SonicWall Tz 180?
2. We have been testing Windows 2008 and Hyper-V on another server...not sure if that would affect anything, but we've had it running for about 2 weeks without issue.
PDC DNS is 192.168.0.9 and Secondary DNS is 192.168.0.5. Both report to each other.
If anyone has any information or guidance, I would greatly appreciate it.
The first event I noticed on the exchange server was 8003 MrxSub but it was referencing a NAS device. Unplugged the NAS device to see if that would help and it didnt. Then started getting the 11167 Dnsapi, 5719 netlogon, and 40960 Lsasrv warnings. I was thinking it could be our DNS, but nothing has changed on it.
I'm out remotely today and unable to VPN to the network, so have a tech consultant coming to address the issue. Two other things that may be of interest.
1. Also getting W32Time errors (id 18), but all machines report to PDC which gets its time from us.ntp.pool.org. Is that good or should i just use the NTP on our SonicWall Tz 180?
2. We have been testing Windows 2008 and Hyper-V on another server...not sure if that would affect anything, but we've had it running for about 2 weeks without issue.
PDC DNS is 192.168.0.9 and Secondary DNS is 192.168.0.5. Both report to each other.
If anyone has any information or guidance, I would greatly appreciate it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The switch (a D-Link a year old) was what I initially thought was the problem. I moved the cables to another switch and it seemed to work better. Then I tried the secondary DNS server and it didnt seem to make a difference. My DNS settings for both servers are the same, primary is .9 and secondary is .5. I've had it that way for ages and never had a problem. My DNS forwardes are set to my ISP's.
I have an assistant and external tech working on it now and i'm hoping this is something as simple as a bad NIC or switch.
One other thing...I have a Sonicwall TZ180 firewall with a 25 node license...yesterday was the first time ever i've seen it exceed licenses...at first i thought that was causing the issue so i upraded to unlimited to be sure...didnt resolve this issue but im wondering if that triggered something.
I have an assistant and external tech working on it now and i'm hoping this is something as simple as a bad NIC or switch.
One other thing...I have a Sonicwall TZ180 firewall with a 25 node license...yesterday was the first time ever i've seen it exceed licenses...at first i thought that was causing the issue so i upraded to unlimited to be sure...didnt resolve this issue but im wondering if that triggered something.
Then I tried the secondary DNS server and it didnt seem to make a difference
What did you try with the second server using a new switch? The network speed was still set at 10mbps?
What did you try with the second server using a new switch? The network speed was still set at 10mbps?
ASKER
Yeah, I took the secondary DNS and plugged into a new switch and seemed to have the same results. The other 2 servers (PDC and SQL) seemed to work okay on the differnt switch, but the SQL server is still getting Dnsapi errors too.
run a dcdiag and netdiag on all servers and place the results up
ASKER
Well, it appears as if the issue was the switch. It was a Dlink, DGS-10160 and it was losing connectivity on most of the 16 ports. The switch is only a year old which is why it was my last thought of the problem. Everything that was on that switch has been moved to another managed switch and all is well. Thanks for everyone's insight and assistance.
ASKER
Thanks Ryan! I appreciate your help! Never thought it was the switch since it is only a year old...I wont be buying D-Link anymore...
Have a great holiday weekend!
Have a great holiday weekend!
Is it running OK?
Open the DNS management console. Are the appropriate zones listed?
Are the appropriate host records there and SRV records?
Can you ping a machine and get the right IP? Can you run an nslookup and see if thats OK?