Solved

DCDIAG's kccevent test fails

Posted on 2008-06-22
3
3,529 Views
Last Modified: 2011-10-19
Hello,

We have a very simple network with a single Microsoft Small Business Server 2003, which is acting as the DC and provides DNS, DHCP, SQL Server 2005, and IIS (as well as other) services.  Our users are able to log in out of their desktop computers, but a web application that we are using will randomly fail AD authentication, even though the users can log into their workstations.  I have been investigating this issue, which seems to be related to LDAP or DNS.  When I ran DCDIAG, the kccevent test failed with the following message:
-----------------------------------------------
A Warning event occured.  EventID: 0x800004C0
Event String: Internal event: An LDAP Client connection was closed because of an error.
Client Id: 12168
Additional Data: Error Value: 995.  The I/O operation has been aborted because of either a thread exit or an application request.
-------------------------------------------------
I've cleared the Kerberos cache and have reviewed DNS configuration.  When I do an nslookup on our DC object GUID._msdcs.OURDOMAIN.org, the IP address of our DC is returned, but the non-authoritative answer is our WAN IP Address, which is used for our SBS e-mail server.  I do not know whether or not this is an issue.  I've attached images of our DNS configuration as well as the results of nslookup for your review.

I have scoured the Internet for ideas about how to correct the error that I've mentioned, but haven't found an answer for a simple, single DC situation.  I am also unsure whether the results of my nslookup are correct.  The first part seems good, but the non-authoritative answer seems strange to me.  I'd really appreciate any help.

Thanks,

Mike
nslookuptest.txt
DNSInfo.jpg
0
Comment
Question by:mjgardne
  • 3
3 Comments
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Multihomed can certainly be an issue:
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
Comment Utility
It looks like you are having a problem with the SRV records of DNS. You might want to  check this out.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23356031.html
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Mike:

I don't think you are out of the woods yet. So, I would like to stick with you.

Multihomed servers could appear to work for a couple minutes, days, weeks months or years and not seem to have a problem. As soon as NIC one is busy, and your clients revert to NIC 2 or IP2, you will have the same problems.

Can you tell me what the seocnd nic is used for? Most domains one really need one nic per server. Disabling the Second NIC and eleviating the problems associated with a muli-homed server could prevent from future problems.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now