Solved

Event ID 1030 1058 1059 on DC - Domain disappears until reboot

Posted on 2008-10-17
79
1,862 Views
Last Modified: 2010-04-14
We have a Windows 2003 Server R2.  About a month ago we experienced our first 1030 1058 batch of errors on the server and workstations.  The domain literally disappeared.  Symptoms:

On the DC server:
1. Typing \\domain.local in a RUN window, came back with an error or "domain not found" or something to that effect.
2. Typing \\name_of_server in a RUN window would normally show all shares.  An error instead would come back with "computer not found" or something along those lines (sorry about that phase - working from memory).
3. Trying to bring up group policies would fail.  No such domain found.
4. This one is interesting.  Doing a NET VIEW from the afflicted domain controller's DOS prompt would show all the machines on the network.  Doing a NET VIEW from a workstation on the same Lan would come back with "machine or computer not found".  Browsing had essentially stopped outside the server's nic.

Tried the easy stuff.  Or what I thought was easy:

" Netlogon and DFS services are started (easy enought - they were)
" Domain controllers have the read and apply rights to the Domain Controllers Policy (where do I confirm this?)
" NTFS file system permissions and share permissions are set correctly on the Sysvol share (what should they be?)
" DNS entries are correct for the domain controllers (what should they be)

http://support.microsoft.com/kb/842804

Then tried eventid.com.  Quite a nifty site.  Two key pages:

http://eventid.net/display.asp?eventid=1030&eventno=1542&source=Userenv&phase=1
http://eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

Lots to go thru on both pages.  Lots of users down in the meantime.  So first time thru, I simply rebooted the servers.  Everyone back up and running.  Chalked one up for the "great unknown".

4 days later - same thing.  Lots of 1030 and 1058 at client and at server.  Shares gone.  Users locking up.  Interesting part - you can ping the server.  A database running on the server (using Interbase) continued to work at the client's desktop.  Internet continued to function for the workstations even with the DC as their DNS server.  But as soon as someone tried to browse the network, explorer would hang them looking for that now, "missing" network drive on the DC that didn't think it was a DC anymore.

Called MS on this issue.  First tech suggested it was a Kerberos issue on the workstations causing this to happen.  Same Kerberos solution offered up by eventid.net for eventid 1030 listed above.  That bought us about 12 days of grace.  Before the error came back again.  This time MS suggested some registry changes.  Rather weak.  Gave us about 4 days of uptime before the next dreaded reboot.  Each subsequent hang, btw, became a real chore.  The last 3 reboots of the server have been manual power downs as the server would NOT restart even after an hour.  Simply sit at a blue desktop with a mouse cursor in the middle.

During the next attempt, I asked the MS engineers if they wouldn't mind helping me thru a GPO rebuild back to default.  They obliged.  Good for another 6 days then the domain disappeared again.   Reboot brought it back.  But the exchange server was gone!  Had to remotely access the eventviewer of the exchange server to spot event id 2114 - Topology Discovery Failed.  This was turning into a bit of a nightmare.  Ran that one thru the Google grinder to find that a group policy entry was missing.  Hey!  We just reset group policies!  Why didn't MS tell me there were gotchas?

This from eventid.net:


David Page (Last update 8/29/2006):
This error, combined with other numerous MU, SA and IS errors may be due to incorrect permissions in the default domain controllers policy either by miss-configuration or use of the dcgpofix command. The Exchange Enterprise Servers group must be defined in the default domain controllers policy under Manage Auditing and Security Log. This can be found in the User Rights Assignment area of the GPO. Once rights are established, restart SA and IS.

Once I set that permission, Exchange fired right up.  Thankfully.

The last time MS suggested (to be honest, they'd suggested it at the 3rd contact as well) that we shut down all 3rd party apps.  We did.  Backup exec, quickbooks database manager, folder size and logmein.  Disabled them.  Kept only a single 3rd party piece of software running - Interbase - as shutting that down would have entailed working on 25+ workstations to move their connections to some other spot on the network.  This last change was good for 13 days.  But alas, all good things must come to and end.  And today the domain disappeard again.  Reboot was a hard shutdown (ouch).  

Okay so I'm down to two possibilities.  Interbase - tho nothing except the size of the database (about 2gb) has changed there.  Or a faulty TCP/IP stack or Network card issue.

I'm thinking its a TCP/IP stack rebuild issue, only because it happens when a ton of machines are on the network and pounding the server.  It appears a difficult task.  Wouldn't replacing the network card be an easier task?

I've worked most of the easy fixes, but perhaps someone else has some experience with this one?

Tia
0
Comment
Question by:lmkandia
  • 42
  • 13
  • 10
  • +4
79 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Try the following command on the server with the logging:
C:\>dfsutil /PurgeMupCache
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
First of all exchange and AD dont like being on the same server sometimes, but that is most likely not the problem.

Do you have any antivirus software installed on the server? It may be scanning/deleting critical files. I would recommend UNINSTALLING it. NOT disabling! a complete uninstall.  When you get these errors, have you tried restarting netlogon service? I know it says its alreayd started, but a restart might get things going again and help you narrow down the problem.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
I haven't tried the dfsutil /PurgeMupCache during the server sharing blackout.  But I have tried it as has MS, when the server was doing fine.  Hasn't helped.

When the domain "disappears", at that point, NOTHING seems to work.  Including restarting, DFS, Netlogon, NTFRS, etc.  Server services try valiantly to restart but get hung.  As for Exchange, I failed to say the the Exchange server is actually a seperate box.

We had AVG.  On all boxes EXCEPT the Exchange server and Domain Controller/File Server.  Gone halfway thru the testing period - it was slowing access to XLSX files something fierce.  I didn't have time to play with it AND battle the disappearing domain.  So I removed it entirely.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
Well it sounds like AD is the big problem here so to start, make sure firewall isnt blocking traffic it shouldnt be blocking.

Then on each DC you want to run netdiag and dcdiag to see if it comes up with anything. I'm sure it will.
Also, in the event logs are there any other events that come before the 1030 and 1058 starts?
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Plse give me the FRS event errors. It sounds like you are in Journal Wrap.

0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
NetDiag comes back with:
Computer Name: city_dc
    DNS Host Name: city_dc.domain_name.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB942615
        KB942763
        KB942840
        KB943460
        KB943485
        KB944653
        Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : city_dc
        IP Address . . . . . . . . : 10.0.100.200
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.100.1
        Dns Servers. . . . . . . . : 10.0.100.200
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
       WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{92769ABC-E2FC-4F4F-96E7-5702AD898A0C}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.0.100.200' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{92769ABC-E2FC-4F4F-96E7-5702AD898A0C}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{92769ABC-E2FC-4F4F-96E7-5702AD898A0C}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
    Note: run "netsh ipsec dynamic show /?" for more detailed information
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
DCDiag on the Primary DC seems to come up clean:

Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: City_One\city_dc
      Starting test: Connectivity
         ......................... city_dc passed test Connectivity
Doing primary tests
   Testing server: City_One\city_dc
      Starting test: Replications
         ......................... city_dc passed test Replications
      Starting test: NCSecDesc
         ......................... city_dc passed test NCSecDesc
      Starting test: NetLogons
         ......................... city_dc passed test NetLogons
      Starting test: Advertising
         ......................... city_dc passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... city_dc passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... city_dc passed test RidManager
      Starting test: MachineAccount
         ......................... city_dc passed test MachineAccount
      Starting test: Services
         ......................... city_dc passed test Services
      Starting test: ObjectsReplicated
         ......................... city_dc passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... city_dc passed test frssysvol
      Starting test: frsevent
         ......................... city_dc passed test frsevent
      Starting test: kccevent
         ......................... city_dc passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 10/18/2008   00:12:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 10/18/2008   00:12:00
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003EB
            Time Generated: 10/18/2008   00:12:05
            Event String: Error code 00000077, parameter1 00000001,
         ......................... city_dc failed test systemlog
      Starting test: VerifyReferences
         ......................... city_dc passed test VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   Running partition tests on : domain_name
      Starting test: CrossRefValidation
         ......................... domain_name passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain_name passed test CheckSDRefDom
   Running enterprise tests on : domain_name.local
      Starting test: Intersite
         ......................... domain_name.local passed test Intersite
      Starting test: FsmoCheck
         ......................... domain_name.local passed test FsmoCheck
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
FRS is typically full of three types of events:

Event No.1

Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date:  10/17/2008
Time:  10:17:54 PM
User:  N/A
Computer: CITY_DC
Description:
The File Replication Service is no longer preventing the computer CITY_DC from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

Event No. 2

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13512
Date:  10/17/2008
Time:  10:17:53 PM
User:  N/A
Computer: CITY_DC
Description:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer CITY_DC. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.

Event No. 3

Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13501
Date:  10/6/2008
Time:  8:21:27 PM
User:  N/A
Computer: CITY_DC
Description:
The File Replication Service is starting.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
OriNetworks - You might be onto something.  One thing that has plagued me ever since this started was that when the domain disappeared on the Primary DC, the other DC in a remote city, would basically lose its domain at the same time.  I always wondered about that.
Netdiag on DC2:
    Computer Name: CITY2_DC
    DNS Host Name: CITY2_DC.domain_name.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB941202
        KB941568
        KB941569
        KB941644
        KB942615
        KB942615-IE7
        KB942763
        KB942840
        KB943460
        KB943485
        KB944653
        Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : CITY2_DC
        IP Address . . . . . . . . : 10.0.101.200
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.101.1
        Dns Servers. . . . . . . . : 10.0.101.200
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
       [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
       WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
   [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
    Secure channel for domain 'domain_name' is to '\\WPGDC.domain_name.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
    Note: run "netsh ipsec dynamic show /?" for more detailed information
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
DCDiag on the remote domain controller comes up with a blank:
Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: CITY2\CITY2_DC
      Starting test: Connectivity
         ......................... CITY2_DC passed test Connectivity
Doing primary tests
   Testing server: CITY2\CITY2_DC
      Starting test: Replications
         ......................... CITY2_DC passed test Replications
      Starting test: NCSecDesc
         ......................... CITY2_DC passed test NCSecDesc
      Starting test: NetLogons
         ......................... CITY2_DC passed test NetLogons
      Starting test: Advertising
         ......................... CITY2_DC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... CITY2_DC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... CITY2_DC passed test RidManager
      Starting test: MachineAccount
         ......................... CITY2_DC passed test MachineAccount
      Starting test: Services
         ......................... CITY2_DC passed test Services
      Starting test: ObjectsReplicated
         ......................... CITY2_DC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... CITY2_DC passed test frssysvol
      Starting test: frsevent
         ......................... CITY2_DC passed test frsevent
      Starting test: kccevent
         ......................... CITY2_DC passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 10/18/2008   00:59:32
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 10/18/2008   00:59:32
            (Event String could not be retrieved)
         ......................... CITY2_DC failed test systemlog
      Starting test: VerifyReferences
         ......................... CITY2_DC passed test VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   Running partition tests on : domain_name
      Starting test: CrossRefValidation
         ......................... domain_name passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain_name passed test CheckSDRefDom
   Running enterprise tests on : domain_name.local
      Starting test: Intersite
         ......................... domain_name.local passed test Intersite
      Starting test: FsmoCheck
         ......................... domain_name.local passed test FsmoCheck

0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Looks like we need to make some NIC configuration changes:
_______________________________________________________________________________
  [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
   [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
   [FATAL] No DNS servers have the DNS records for this DC registered.
_________________________________________________________________________

You are not registering in WINS, netbios, or DNS. So, let's make it register these.

Go to your NIC configuration>>TCP/ip properties>>WINS tab>>enable ""NETBIOS over TCP/IP"" (Not )(Netbios over DHCP) and disable "LMhost lookup".

Go to the DNS tab and enable "append primary and connection specific DNS suffixes" and check "Append Parent suffixes of the primary DNS suffix", then enable "Register this connection's address in DNS"

Now go to the command prompt and type NBTstat -rr
Then type IPconfig /flushDNS
Then type IPconfig /registerDNS
Then type Net Stop Netlogon
Then type Net start netlogon

Now force replicate between any AD server:
a) go to the Active Directory Sites and Services Snapin
b) navigate to Default First Site>>Servers
c) Pick the server you want to replicate TO and expand it
d) right click what is showing (NTDS site?) and select "replicate now"

0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
Ok here goes a lot.....Just out of curiosity, can city_dc ping city2_dc correctly?

The things that worry me are the systemlog failure on ciy_dc. You may want to run the followingcommand to try to find out more
dcdiag /v /test:systemlog

Specifically,
An Error Event occured.  EventID: 0x000003EB
           Time Generated: 10/18/2008   00:12:05
which is eventID 1003,You may want to try to locate the details of this event in the event log.

Also, on city2_dc...this is a BIGGIE
DNS test . . . . . . . . . . . . . : Failed
   [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
   [FATAL] No DNS servers have the DNS records for this DC registered.

WOW, active directory IS DNS so if DNS reports an error, no wonder you're having problems. Is this just an additional DC that hosts the same domain as the primary(city_dc)? or does this host a different domain as well? If the server is hosting the same domain, if possible, I would try demoting city2_dc, and then running dcpromo again to make it a DC again.

Lastly, is there plenty of hard drive space and are there any restrictions on the event logs? For example, if the event logs are set to make you manually clear the log and not record any further events, this may be locking up system at times, but this suggestion might be a little far out there.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
ChiefIT sounds like he's on he right track as well.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
CheifIT
Tried your DNS magic with my fingers crossed.  Shucks.  Same warnings from NetDiag:
CITY_DC:

NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
CITY2_DC

NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger  Service', <20> 'WINS' names is missing.
DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
OriNetworks:
I think you're right about the DNS server.  I have the entire weekend to mess with this thing to see if I can fix DNS cuz as you say, DNS is AD.
Pinging correctly?
I can ping it via IP (its on the other end of a VPN tunnel).
I can ping it by name.

DCDIAG /v /test:systemlog

Domain Controller Diagnosis
Performing initial setup:
   * Verifying that the local machine CITY_DC, is a DC.
   * Connecting to directory service on server CITY_DC.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.
Doing initial required tests
   
   Testing server: CITY\CITY_DC
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... CITY_DC passed test Connectivity
Doing primary tests
   
   Testing server: CITY\CITY_DC
      Test omitted by user request: Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: Advertising
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: RidManager
      Test omitted by user request: MachineAccount
      Test omitted by user request: Services
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: frssysvol
      Test omitted by user request: frsevent
      Test omitted by user request: kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... CITY_DC passed test systemlog
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Schema
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Configuration
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : domain_name
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running enterprise tests on : domain_name.local
      Test omitted by user request: Intersite
      Test omitted by user request: FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS
The 1003 error was me entering in data when I logged in at that time as to WHY the server Unexpectedly shutdown at 10:05pm.  This is a brand new twist on things.  It hasn't EVER done that before.  In fact as stated before, after it gets into its "lost domain" funk it can sit at a blank desktop with just a mouse arrow for hours after receiving a RESTART command.  The closest thing I have at that time scheduled was an INTERBASE backup (at 10pm), which of course was in the middle of its backup and failed.  Rerunning it manually after I logged in remotely after midnite, did not produce the same results - ie the server stayed up and the backup completed.
The CITY2_DC is just a second DC in the same domain.  I hadn't ever noticed the problem, as I normally don't run NETDIAG on servers (new tool in the belt - thanks!).  Yet I could have sworn that the MS guys had done that during their testing.
As for dropping the domain - I would - if it were closer - its about 800miles away - and no-one at the remote site is very server literate.  But if it is the only way of fixing this then I'll bite.
Lots of gigs on the drives hosting the eventlogs.
Thanks :)
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
DCDIAG /v /test:DNS on CITY2_DC

   
Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
        [FATAL] No DNS servers have the DNS records for this DC registered.
    Tests complete.

    Computer Name: CITY2
    DNS Host Name: CITY2.domain_name.local
    DNS Domain Name: domain_name.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB921503
           Yes          KB924667-v2
           Yes          KB925398_WMP64
           Yes          KB925902
           Yes          KB926122
           Yes          KB927891
           Yes          KB929123
           Yes          KB930178
           Yes          KB931784
           Yes          KB932168
           Yes          KB933729
           Yes          KB933854
           Yes          KB935839
           Yes          KB935840
           Yes          KB936021
           Yes          KB936357
           Yes          KB936782
           Yes          KB938127
           Yes          KB938127-IE7
           Yes          KB941202
           Yes          KB941568
           Yes          KB941569
           Yes          KB941644
           Yes          KB942615
           Yes          KB942615-IE7
           Yes          KB942763
           Yes          KB942840
           Yes          KB943460
           Yes          KB943485
           Yes          KB944653
           Yes          Q147222

Netcard queries test . . . . . . . : Passed
    Information of Netcard drivers:
    ---------------------------------------------------------------------------
    Description: Broadcom NetXtreme Gigabit Ethernet
    Device: \DEVICE\{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    Media State:                     Connected
    Device State:                    Connected
    Connect Time:                    11 days, 21:02:02
    Media Speed:                     100 Mbps
    Packets Sent:                    7262644
    Bytes Sent (Optional):           0
    Packets Received:                4319055
    Directed Pkts Recd (Optional):   4212310
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0
    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.
 
Per interface results:
    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {6DDBC110-D91C-4C70-B776-3149A00A1A73}
        Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Domain Controller
    Netbios Domain name. . . . . . : domain_name
    Dns domain name. . . . . . . . : domain_name.local
    Dns forest name. . . . . . . . : domain_name.local
    Domain Guid. . . . . . . . . . : {B2AA25D1-CE6C-4369-8E4B-A8BE93CAE50A}
    Domain Sid . . . . . . . . . . : S-1-5-21-3359117839-3512801811-3033766667
    Logon User . . . . . . . . . . : serveradmin
    Logon Domain . . . . . . . . . : domain_name

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Failed
      Interface {6DDBC110-D91C-4C70-B776-3149A00A1A73}
        DNS Domain:
        DNS Servers: 10.0.101.200
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: CITY2.domain_name.local.
          Authoritative zone: domain_name.local.
          Primary DNS server: CITY2.domain_name.local 10.0.101.200
          Authoritative NS:10.0.100.200 10.0.101.200
Check the DNS registration for DCs entries on DNS server '10.0.101.200'
The Record is different on DNS server '10.0.101.200'.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local
            SRV 0 100 389 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY.domain_name.local
            SRV 0 100 3268 CITY2.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local
            SRV 0 100 389 CITY.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = gc._msdcs.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local
            SRV 0 100 88 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY.domain_name.local
            SRV 0 100 389 CITY2.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._tcp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local
            SRV 0 100 88 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _gc._tcp.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY.domain_name.local
            SRV 0 100 3268 CITY2.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._udp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2.domain_name.local
            SRV 0 100 88 CITY.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kpasswd._tcp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY2.domain_name.local
            SRV 0 100 464 CITY.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kpasswd._udp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY2.domain_name.local
            SRV 0 100 464 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = DomainDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local
            SRV 0 100 389 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = ForestDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2.domain_name.local
            SRV 0 100 389 CITY.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

 
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Still not registering with WINS or DNS, Huh?

Well, this is what I am now thinking:

There are a couple protocols that are needed for registering these connections:
1) client for Microsoft networks
2) File and printer sharing

If a workstation or server does not have client for microsoft networks, you are telling the PC that it doesn't have a network to talk with. You are telling it that Node it only has to look for it's DNS servers for DNS, not register with a domain controller. So, a server has to have client for microsoft networks. Otherwise, that server will think it is alone.

The same goes for file and printer sharing. If you don't have that elected, you are telling this node that it doesn't have to share its files with anyone or any other PC. this could include the NETLOGON shares and SYSVOL shares. So, the shares may exist, but who are you sharing them with.
___________________________________________________________________________
There is one other thing it could be. I have seen a NIC driver conflict before. When they conflict, the server doesn't know what driver should register or bind to the server. I have seen it knock down communications. But, it seemed to knock down all communications. In other words there was no ping or any types of communications with the server.

To discover a NIC driver conflict, I think you go into Device Manager>>Hardware>>Select the VIEW drop down menu>>Choose Hidden devices>>and remove all hidden devices that are NIC drivers and have an exclamation point on them.

***Anyone else chased down a NIC driver conflict and might comment on advice that I am leaving out?? It's been ages since I have seen this issue.  

0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Run netdiag/fix and dcdiag/fix to try to fix the errors by re-registering SRV-records in DNS.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Hi Chief!
1) the server in question CITY2_DC has Client for MS Networks checked.  It also has File and Printer Sharing turned on.  At least in Properties of the LAN Connection.  I can go to a workstation, either in 10.0.100.x or 10.0.101.x and do a \\CITY2_DC and get all its shares to show up.  Just that DNS is broken, according to NETDIAG.
Nic conflict?  Perhaps.  Or bad Nic.  Are NICs easy to install into a domain controller without hosing AD?  As simple as installing, copying over all the nic settings and Bob's your uncle?
Henjoh09 - I thought for the heck of it I would run netdiag and dcdiag again.  Same results.  But I studied them a little closer:
NetBT name test. . . . . . : Passed
       [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
        WINS service test. . . . . : Skipped
           There are no WINS servers configured for this interface.
So I said "what the heck" and checked all the services.  Sure enought MESSENGER service was DISABLED.  I'm not sure who turned it off (it even says in the side bar that this is NOT Windows Messenger), but after putting it to Automatic and starting the service I reran netdiag:
DNS test . . . . . . . . . . . . . : Failed
   [FIX] re-register DC DNS entry 'domain_name.local.' on DNS server '10.0.101.200' succeed.
    FIX PASS - netdiag re-registered missing DNS entries for this DC successfully on DNS server '10.0.101.200'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

We're definitely getting somewhere now.  It did more that time than before.  I restarted messenger on both DCs and Netdiag is now clean on the Primary DC.  The second DC at the remote still has the DNS issue, even after doing all the steps Chief suggested.  
DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

 No other choice but to keep on plugging.  Thanks guys!
 
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Restart netlogon service is another way to force the SRV re-registration.

>>       IP Address . . . . . . . . : 10.0.100.200
>>       Subnet Mask. . . . . . . . : 255.255.255.0
>>       Default Gateway. . . . . . : 10.0.100.1
>>       Dns Servers. . . . . . . . : 10.0.100.200

In http:#22747201 I see that you've configured the DC to only use itself as DNS server. This will cause a catch22 during boot when using AD-integrated DNS and give problem when AD is relying on DNS.
The SRV registration is done during start of 'Net Logon' service, but will have problem to do so when it only tries to register the records locally and the DNS service might not have had started or loaded data.

Configure each DC to use itself as primary DNS server and another as secondary DNS server to prevent these problems.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Great suggestion henjoh09!
I think that was going to be one of my next questions in the DNS zone :)
I configured both DCs to have each other as alternate DNS servers as you suggested.  Restarted Netlogon on both servers and reran netdiag /fix.
Same problem:

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.100.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

Here is netdiag /v /test:DNS again :)

Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.100.200'. Please wait for 30 minutes for DNS server replication.
        [FATAL] No DNS servers have the DNS records for this DC registered.
    Tests complete.

    Computer Name: CITY2_DC
    DNS Host Name: CITY2_DC.domain_name.local
    DNS Domain Name: domain_name.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB921503
           Yes          KB924667-v2
           Yes          KB925398_WMP64
           Yes          KB925902
           Yes          KB926122
           Yes          KB927891
           Yes          KB929123
           Yes          KB930178
           Yes          KB931784
           Yes          KB932168
           Yes          KB933729
           Yes          KB933854
           Yes          KB935839
           Yes          KB935840
           Yes          KB936021
           Yes          KB936357
           Yes          KB936782
           Yes          KB938127
           Yes          KB938127-IE7
           Yes          KB941202
           Yes          KB941568
           Yes          KB941569
           Yes          KB941644
           Yes          KB942615
           Yes          KB942615-IE7
           Yes          KB942763
           Yes          KB942840
           Yes          KB943460
           Yes          KB943485
           Yes          KB944653
           Yes          Q147222

Netcard queries test . . . . . . . : Passed
    Information of Netcard drivers:
    ---------------------------------------------------------------------------
    Description: Broadcom NetXtreme Gigabit Ethernet
    Device: \DEVICE\{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    Media State:                     Connected
    Device State:                    Connected
    Connect Time:                    12 days, 03:59:09
    Media Speed:                     100 Mbps
    Packets Sent:                    7318910
    Bytes Sent (Optional):           0
    Packets Received:                4369390
    Directed Pkts Recd (Optional):   4262122
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0
    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.
 
Per interface results:
    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {6DDBC110-D91C-4C70-B776-3149A00A1A73}
        Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Domain Controller
    Netbios Domain name. . . . . . : domain_name
    Dns domain name. . . . . . . . : domain_name.local
    Dns forest name. . . . . . . . : domain_name.local
    Domain Guid. . . . . . . . . . : {B2AA25D1-CE6C-4369-8E4B-A8BE93CAE50A}
    Domain Sid . . . . . . . . . . : S-1-5-21-3359117839-3512801811-3033766667
    Logon User . . . . . . . . . . : serveradmin
    Logon Domain . . . . . . . . . : domain_name

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{6DDBC110-D91C-4C70-B776-3149A00A1A73}
    1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Failed
      Interface {6DDBC110-D91C-4C70-B776-3149A00A1A73}
        DNS Domain:
        DNS Servers: 10.0.101.200 10.0.100.200
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: CITY2_DC.domain_name.local.
          Authoritative zone: domain_name.local.
          Primary DNS server: CITY2_DC.domain_name.local 10.0.101.200
          Authoritative NS:10.0.100.200 10.0.101.200
Check the DNS registration for DCs entries on DNS server '10.0.101.200'
The Record is different on DNS server '10.0.101.200'.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY_DC.domain_name.local
            SRV 0 100 389 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local
            SRV 0 100 3268 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY_DC.domain_name.local
            SRV 0 100 389 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = gc._msdcs.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY_DC.domain_name.local
            SRV 0 100 88 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._tcp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY_DC.domain_name.local
            SRV 0 100 88 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _gc._tcp.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local
            SRV 0 100 3268 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kerberos._udp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY_DC.domain_name.local
            SRV 0 100 88 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kpasswd._tcp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY_DC.domain_name.local
            SRV 0 100 464 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _kpasswd._udp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY_DC.domain_name.local
            SRV 0 100 464 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = DomainDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY_DC.domain_name.local
            SRV 0 100 389 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.101.200 is:
DNS NAME = ForestDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.101.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.101.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.101.200 is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY_DC.domain_name.local
            SRV 0 100 389 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.101.200'.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
Check the DNS registration for DCs entries on DNS server '10.0.100.200'
The Record is different on DNS server '10.0.100.200'.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.100.200 is:
DNS NAME = domain_name.local.
DNS DATA =
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.gc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY_DC.domain_name.local
            SRV 0 100 3268 CITY2_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.b2aa25d1-ce6c-4369-8e4b-a8be93cae50a.domains._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.100.200 is:
DNS NAME = gc._msdcs.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _kerberos._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local
            SRV 0 100 88 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.dc._msdcs.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _kerberos._tcp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local
            SRV 0 100 88 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _gc._tcp.domain_name.local
DNS DATA =
            SRV 0 100 3268 CITY2_DC.domain_name.local
            SRV 0 100 3268 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.domain_name.local.
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _kerberos._udp.domain_name.local
DNS DATA =
            SRV 0 100 88 CITY2_DC.domain_name.local
            SRV 0 100 88 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _kpasswd._tcp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local
            SRV 0 100 464 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.domain_name.local.
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _kpasswd._udp.domain_name.local
DNS DATA =
            SRV 0 100 464 CITY2_DC.domain_name.local
            SRV 0 100 464 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.100.200 is:
DNS NAME = DomainDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.DomainDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.domain_name.local.
DNS DATA =
            A  10.0.101.200
The record on DNS server 10.0.100.200 is:
DNS NAME = ForestDnsZones.domain_name.local
DNS DATA =
            A  10.0.101.200
            A  10.0.100.200
+------------------------------------------------------+
The Record is different on DNS server '10.0.100.200'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.100.200', no need to re-register.
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local.
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local.
The record on DNS server 10.0.100.200 is:
DNS NAME = _ldap._tcp.ForestDnsZones.domain_name.local
DNS DATA =
            SRV 0 100 389 CITY2_DC.domain_name.local
            SRV 0 100 389 CITY_DC.domain_name.local
+------------------------------------------------------+
The Record is correct on DNS server '10.0.100.200'.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.100.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Run netdiag with /fix switch to try to solve the netdiag errors.
C:\>netdiag/fix
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Hi Henjoh09!
I did.  I posted that I ran netdiag by itself and received the message:

DNS test . . . . . . . . . . . . . : Failed
   [FIX] re-register DC DNS entry 'domain_name.local.' on DNS server '10.0.101.200' succeed.
   FIX PASS - netdiag re-registered missing DNS entries for this DC successfully on DNS server '10.0.101.200'.
   [FATAL] No DNS servers have the DNS records for this DC registered.
When in fact I had run netdiag /fix to get that message (note the [FIX] pre-fix).  However, the DNS error in netdiag remains.
Thanks!
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
I have seen this occur when executing netdiag/fix, but the [FATAL]-line will disappear when running netdiag/fix next time.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Nope.  Tried that too.  Searched the [Fatal] error.  Doing netdiag /debug right now.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
You know, I am pretty certain this is a binding problem.

It appears like one of these things caused this: (So, we need a little more history of this server from you)
1) You replaced the old NIC with a new one and gave it the same IP as the old one.
2) You have multiple NICs with the same IP address or on the same LAN subnet.
3) You have a VPN connection that has a binding to it that the server thinks it is the LAN NIC
4) You tried to team two NICs and the teaming failed.
5) The TCPIP.sys is failing and may need to be uninstalled and reinstalled.



Nics are defined by the MAC address for DNS and Netbios/WINS, and DHCP. That address is very NIC specific. You are having probelms with registering with Netbios/WINS and DNS. It's probably because there is metadata that is telling you a NIC with that IP already exists and has a different MAC address. So, you can't register in DNS and Netbios/WINS or as a DHCP server.

2003 server has a bug in it that will register the SRV records in DNS upon restarting the Netlogon serivce regardless of telling the NIC not to register the DNS connection. This defines the server as a NAME server or an Active Directory server within DNS. However, that same setting will not allow you to register the Host A record to that same machine. SO, what you end up with is a "SERVER" that can't register its own DNS setting. If the second NIC is disabled and you have both SRV records in DNS, you will not be able to register the DNS setting of the server that has the primary bind to its own DNS. Hopefully, I didn't confuse you on that!

There is a fix to the 2003 server bug.

Here is where I would start fixing the issues you are seeing.

Discovery:
1) Verify your SRV records and stop the 2003 server bug from registering both NICs whenever the netlogon service is restarted.
Verify:
http://support.microsoft.com/kb/241515
2003 server bug fix:
http://support.microsoft.com/?id=832478

2) Also verify the number of bindings you are looking at for Netbios.
You can do this by going to the command prompt and typing "Browstat dumpnet". If you see two bindings we need to fix the bind order OR prevent the second binding from registering the Netbios connection.

3) then we need to consider how each protocol or service binds to a NIC:
I am in the process of bringing together advice on how to configure a multihomed domain controller so there is NO error in the path of communications: (So far, this is what I have come up with)

1) DNS
2) DHCP
3) Netbios

(((DNS)))
2003 server has a bug in it that registers both NIC's SRV records when the netlogon service is started. So, DNS binds to both NICs and you may experience intermittent domain authentication and DNS.

Step 1) To resolve these issues, Follow this link: (NOTE: By default, 2003 server registers both NICs SRV records in DNS)
 -- http://support.microsoft.com/?id=832478
Step 2) Once you prevent bot SRV records from registering in DNS when the netlogon service restarts, then you need to prevent it from registering its DNS records in DNS. To do this go to the NIC configuration>> TCP/IP properties>>Advanced Button>>DNS tab and disable the ability of the NIC to register its DNS settings in DNS
Step3)) Once you have disabled the ability to register that outside NICs DNS address, then you must remove all HOST A, SRV, and cached records of that outside NIC. I assume you already know how to remove HOST A records. To remove DNS cache, go to the command prompt and type IPconfig /flushDNS. To remove the SRV records, pleas follow the advice on this link:

http://support.microsoft.com/kb/241515


(((DHCP:)))
DHCP may try to provide DHCP to all network bindings. This could be a VPN or second NIC to the outside world. You can prevent it from providing DHCP to any binding by following these simple steps:

DHCP snapin>>right click the server in question>>Select properties>>select the Advanced tab>>select binding

You can disable any binding from providing DHCP

(((NETBIOS)))
Preventing Netbios is a little more difficult to do on various types of Multihomed domain controllers. Not always does a DC use WINS when dealing with netbios. So, this is a bit more involved.

To prevent Netbios from binding to the outside binding or VPN connection binding, you must go to that binding and remove the ability of it to do ""Netbios over TCP/IP"" or ""Netbios over DHCP"".
For a VPN connection and Dual NICs:
Right click "My network Places">>select "properties">>right click "VPN connection" or the Second NIC>>Select "Properties" >>Select "TCP/IP">> Go to Properties>>Go to the "WINS" Tab>> and prevent it from providing "Netbios over TCP/IP" and also prevent it from performing "Netbios over DHCP"

Disabling File and Print sharing:
You may also wish to disable your outside NIC from broadcasting out your files and printers to the outside world. To do this, disable File and print sharing.

(((Default Gateway)))
Other things to look out for:
You should have one single gateway for your multihomed NICs. If you are routing over your server, it should be the outside NIC that has a gateway configured. If you have the second NIC to communicate with a few nodes on the network, your Domain, side NIC should have the gateway configured. So, this is domain specific.


0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Multihomed servers can as stated be a headache, so is there multiple NICs in server?

See chicacotech for some possibly reasons for the error logging:
http://www.chicagotech.net/troubleshooting/event1058.htm
http://www.chicagotech.net/wineventid.htm
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Chief 's suggestions interspersed with my replies:

...we need a little more history of this server from you...

1) You replaced the old NIC with a new one and gave it the same IP as the old one.
Not to my knowledge.  We built the PDC server from ground up in Feb 2008.  Its a Dell PowerEdge 1900 on the PDC.  Single onboard nic.  A Broadcom BCM5708C NetXtreme II GiGe (NDIS VBD Client).  The remote server (the one having the DNS issues) is a PowerEdge 1600 me thinks, with a Broadcom NetXtreme Gigabit Ethernet.  Also onboard.
2) You have multiple NICs with the same IP address or on the same LAN subnet.
nope
3) You have a VPN connection that has a binding to it that the server thinks it is the LAN NIC
VPN is handled by a Sonicwall firewall.  The VPN tunnel is built as such:
At the PDC-
Local Network - Lan Primary Subnet - 10.0.100.0/255.255.255.0
Destination Network - City2 Lan - 10.0.101.0/255.255.255.0

Of note - I have tried the VPN tunnel with this setting enabled and disabled - "Enable Windows Networking (NetBIOS) Broadcast" - currently enabled.
VPN Policy itself is bound to the "Interface WAN".

At the remote DC-
Local Network - Lan Primary Subnet - 10.0.101.0/255.255.255.0
Destination Network - City Lan - 10.0.100.0/255.255.255.0
"Enable Windows Networking (NetBIOS) Broadcast" is enabled.
VPN Policy itself is bound to the "Interface WAN".

4) You tried to team two NICs and the teaming failed.
nope.

5) The TCPIP.sys is failing and may need to be uninstalled and reinstalled.
How can I test this?

Checking right now on all the OTHER stuff!  Thanks for the ideas Chief!
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Chief:

I think (there's a stretch) I know what is wrong.
Somehow I have two forward zones.
I looked at another multi-dns server network we look after to glean that fact.

I should have only one zone under FORWARD LOOKUP ZONES.  I have two.

The "good zone" is "domain_name.local"
The  "bad" zone, is "_msdcs.domain_name.local"

The key here, is that the entire _msdcs key is empty under the domain_name.local, save for the name servers.  It looks almost like it was accidentally moved and turned into a forward zone!

I can't creat keys in DNS.  So where do I modify this info?  I can easily toast the "bad" forward zone.  But how do I recreate that key in the good zone?  Is this a registry thing?  I found the corresponding registry entry under HKLM\Software\Microsoft\Windows NT\CurrentVersion\DNS Server, but I have NO idea as to my next move.  Any suggestions?
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
We had a similar incident where the reverse lookup zone had a copy of reverse DNS within itself. So, we just scrapped DNS reverse lookups all together, recreated the zone and let it rebuild itself.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23730976.html?sfQueryTermInfo=1+%22chri+dent%22+chiefit+dn+revers
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
But, there has to be a better way than having to totally rebuild all forward lookups. If you nuke the forward lookups,you have to reregister every NIC and reregister all SRV records. Nuking the reverse lookups is one thing. Nuking the forward lookups is another.

I think I saw a KB article related to such an incident. Let me see if we can find it.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Is it two complete forward zones or is the forward lookup zone of the domain a stub zone of the domain itself.

If two complete forward lookup zones, you may have selected to create a new zone, therefore creating the second zone. I think the fix is easy on this one. Delete the one zone and re-register the SRV and HOST A onto the other zone for the DC.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Delete the _msdcs and run netdiag/fix to re-create it as sub-domain in domain_name.local zone.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
One zone with a stub zone of the domain itself.  I'll be doing it tonite.  After I make a nice backup.  And find that number to Microsoft (just in case).
:)
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Ok.
So I toasted the

_msdcs.domain_name.local
Forward Lookup zone.  Big mistake.  Even tho it wasn't supposed to be there, it was being used (I also didn't turn the DNS server into a NON-Active Directory Integrated DNS Server first, thereby toasting some AD entries - or so the warning went).
After that, tons of errors in netdiag.  Yeesh.  No better after netdiag /fix.

Tried calling Micro$oft.  They were all in bed.  Promised me a call back in 2 hours.  Still waiting.

So I had 2 options.  System Restore.  Or try toasting the whole forward lookup zone and rebuild it.  Went with option 2.

Toasted forward lookup zone:
domain_name.local

AFTER making the zone NON-ACTIVE DIRECTORY INTEGRATED.  Don't know if that helped much.  Most posts suggest to do so, so I did.
The recreated the zone with the same name:

domain_name.local

Made it the Primary Zone, ACTIVE DIRECTORY INTEGRATED checked ON at the bottom.
Netdiag comes up clean!  Nice!
The zone looks like all the other zones I've dealt with:

_msdcs
_sites
_tcp
_udp
DomainDNSZones
ForestDNSZones

I then went to the remote DC and opened up DNS and toasted the forward zone there.  I read your thread and someone else's thread about DNS (I think it was the DNS god Chris Dent :) and went to Sites and Services and started a replication between Domain Controllers which SHOULD rebuild the Forward Lookup Zone.  IT DID!  Woohoo.
Alas, all good things must come to an end.  We STILL have the netdiag error on the remote DC:

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.100.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

Netdiag /fix:

DNS test . . . . . . . . . . . . . : Failed
    [FIX] re-register DC DNS entry 'greatcanadian.local.' on DNS server '10.0.101.200' succeed.
    FIX PASS - netdiag re-registered missing DNS entries for this DC successfully on DNS server '10.0.101.200'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

So while we've corrected the "visual" problem of the Forward Lookup zone _msdcs, the original problem remains - a netdiag error.
The only thing that I can think that I didn't do, was get rid of the DNS subdirectory and the netlogon files.  Might that make a difference?
Ouch!
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Did you reregister the DNS settings of SRV and Host A for that server?
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
I did the following:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon & net start netlogon

ad sites and services and replicate now (from the good dc to the bad dc)
Did I miss something?
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Chief:
I didn't know that I would have to manually re-register the remote DC's DNS SRV settings and HOST A record at the local site.  I did the ipconfig and netlogon stuff at both sites.  Should that not suffice?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
netdiag/fix or restarting netlogon service registers SRV-records.

Clear the DNS server cache with 'dnscmd/ClearCache'
Also rename the %WINDIR%\system32\config\netlogon.dn* files. Restarting netlogon will re-create the files.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Maybe::

The DNS host A and SRV records need to be registered on that local machine prior to replicating. What that does is registers these locally then replicates them out to their partners. Without those registered, the DC can't event hardly talk to itself, not to mention a replication partner.
_______________________________________________________________________________
What I think would be a good idea is to go into DNS and look at the SRV, reverse lookup, and Host A records for both DC's. We need to account for all of these.  You should see two SRV record sets on both. One is for City1 and the other for City2 DCs. Each should have a reverse lookup to map the IP to DNS name. Then, each should have their own host A.
_____________________________________________________________________________
We will get to rebuilding the netlogon and Sysvol shares in a moment. Since you were in a FRS problematic state, you might have been in journal wrap and may need to use the burflag method to rebuild the sysvol and netlogon shares. That should stop your 1030 and 1050 issues as well. For the remote DC you will be using D4 burflags. For the Main DC, you use an authoritative D2 burflag to rebuild the Netlogon ans Sysvol shares.

Do not rebuild the netlogon and Sysvol prior to a clean and working DNS. Once DNS is clean on each site, we can do the Burflag method to replicate out the new DNS changes. You need the replication path up before commencing with replication.  
_______________________________________________________________________________
What I think is missing is the edits of the SRV and host A records have yet to be replicated between sites.

0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
domain_name \ _msdcs \  dc \ _sites \ CITY2
_kerberos Service Location (SRV) [0][100][88] CITY2_DC.domain_name.local.
_ldap Service Location (SRV) [0][100][389] CITY2_DC.domain_name.local.

domain_name \ _msdcs \ dc \ _sites \ CITY
_kerberos Service Location (SRV) [0][100][88] CITY.domain_name.local.
_ldap Service Location (SRV) [0][100][389] CITY.domain_name.local.
Forward Lookup

CITY2_DC Host (A) 10.0.101.200
CITY_DC Host (A) 10.0.100.200

Reverse Lookup
10.0.100.200 Pointer (PTR) CITY_DC.domain_name.local.
10.0.101.200 Pointer (PTR) CITY2_DC.domain_name.local.

Both DNS servers CITY and CITY2 appear to have identical DNS zone records
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Did you check the DNS server cache and netlogon.dn* files?
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Cleared the caches at CITY and CITY2 from the context menu of both DNS servers using the DNS MMC tool.

Ran netdiag at CITY:
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.0.100.200' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.101.200' and other DCs also have some of the names registered.

Ran netdiag at CITY2:

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.101.200'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.100.200'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

As for the netlogon.* files in system32\config, only one of them is "viewable" w notepad - the *.dns file.
Checked both servers.

The Primary Domain controller and Primary DNS has 2 extra lines:

_ldap._tcp.pdc._msdcs.domain_name.local. 600 IN SRV 0 100 389 CITY_DC.domain_name.local.
ac9034c0-8cbf-4a29-8e72-aeee3085c549._msdcs.domain_name.local. 600 IN CNAME CITY_DC.domain_name.local.

The Remote DC and DNS did not have the lines above.  But it had a line that the other server did not:

8c7f8f9b-dc8d-40fd-b2c0-acaae30d1c98._msdcs.domain_name.local. 600 IN CNAME CITY2_DC.domain_name.local.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Henjoh:

As a side note I have started and restarted netlogon multiple times since rebuilding the DNS forward lookup zone.
I checked the netlogon files again at CITY2.
There was one extra one there, an FTL file.  An old one.  Not on CITY server.

I renamed the netlogon files to *.old
net stop netlogon & net start netlogon

Checked CITY2 netlogon.dns.
Different.
Now only 1 line is missing from the netlogon.dns in Chicago:

_ldap._tcp.pdc._msdcs.domain_name.local. 600 IN SRV 0 100 389 CITY_DC.domain_name.local.

the line that was "missing" before is now different:
CITY_DC:
ac9034c0-8cbf-4a29-8e72-aeee3085c549._msdcs.domain_name.local. 600 IN CNAME CITY_DC.domain_name.local.

CITY2_DC
8c7f8f9b-dc8d-40fd-b2c0-acaae30d1c98._msdcs.greatcanadian.local. 600 IN CNAME CHIDC.greatcanadian.local.

The extra line that CITY2_DC had, is now gone.

I replicated from CITY2 back to CITY.
Anxious to see if this had an effect on NETDIAG
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Update:

MS helped me find this little tidbit in my HOSTS file on CITY2_DC (10.0.101.200):

10.0.100.200            domain_name.local

No wonder the domain would "disappear" simultaneously.  All domain requests on the 10.0.101.x subnet were being shuffled off to 10.0.100.200.  When CITY_DC toasts itself, the remote is still looking to it for domain resolution.  Ouch.

Once we removed the offending line, netdiag results were clean.

The BIG question of course, is whether this was enough to cause 1030 and 1058 errors?

Now I'm just going to wait 1 more week.  If the userenv 1030 and 1058 errors do NOT come back, we found the ghost!  Hopefully :)
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Yes, it's definitive a possibly reason for the problem because hosts-file overrides DNS.
Adding records in hosts-file can sometimes help, but also give alot of headache when nslookup gets correct response if quering DNS, but any communication protocol that depends on name resolution will fail or reach incorrect host when having incorrect values in hosts-file.

You could maybe had got rid of the errors by adding the local DC into hosts-file as described in link below, but you had propably also got this kind of problem later when adding extra DCs or changing IP-range and forgot that you edited hosts-file.
http://groups.google.se/group/microsoft.public.windows.group_policy/browse_thread/thread/f3442ba2e4f02b79/39e8a60bf0e26327?hl=en&lnk=st&q=%2B1030+%2B1058+%2Bhosts-file#39e8a60bf0e26327
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
1030 and 1058  Could be the result of problems with your DFS shares not being replicated fully. So, with DNS clean, and a good replication performed, 1030 and 1058 should be taken care of because now your clients will get the full Sysvol records from the server.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
So after all that, after 2 weeks pretty weeks to the day, almost to the hour, the domain disappeared again.  No errors at the server to speak of - at least not until I started shutting down services to try and get a clean reboot.  Had to do a hard shutdown.  The remote DC could not find the domain either, which is strange as well considering it should automatically take over as the only domain controller in events just like this.  Makes me think that this is a co-ordinated loss of services - the Primary DC starts "losing it" and has the remote DC follow in sync.
The office needed to get back running asap, so I didn't run any diags.  Once back up, netidag and dcdiag were clean again.  As was eventviewer etc.  Sigh.  Looks like a rebuild of the TCP/IP stack is my only option.

Would installing a second NIC have the same effect?  ie. would installing a second nic and settings all ip settings identical to the first nic and then pushing all network traffic to it have the same effect as this - http://support.microsoft.com/kb/325356 ???
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Sorry I haven't been involved for a little bit. I had a domain refresh and as a result, lots of fires to put out.

Yes, an IP conflict can cause these issues. Taking a second NIC and making it the same IP as the first is not properly load balancing or bridging the two NICs. Sometimes, on managed switches, you will need to configure the switches for accepting two nics as the path. Then, the server has to bind correctly to the nics.

Unless you have, let's say 250 nodes or more, one NIC should do it for you. Configuring multiple nics can always be problematic on a domain server.

0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Sorry for the poor questioning.  What I meant to say, was IF the TCP/IP stack was at fault here, and if fixing it like in - http://support.microsoft.com/kb/325356 would solve our problem, would installing a 2nd NIC, and making its settings identical to the 1st and then ABANDONING the 1st NIC be equivalent to doing what that support article suggests?
whew!
 
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
yah, I would think so.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
You still might consider going to the command prompt and typing:

SFC /scannow

That command makes sure you are on the compatible version of many important files to the operating system. I think one of them includes TCPIP.sys. That is the meat and potatos of the TCP/IP stack.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
I've since embarked on a "patch the system" to its most current build.  It was some 38 patches behind the most current build (Server 2003 SP2).  We had a similar issue with another server that was fixed by patching it fully.  So far so good.  I'll post any new happenings as they occur.
0
 
LVL 1

Expert Comment

by:Carl831
Comment Utility
Wow Imkandia,

Quite a saga! Is it still running well.
-I read thru this because I have a recent Server 2008 install and I receive the event id 1058 when Vista clients cannot connect. XP clients have no problem at all. Seems to happen after a few days and reboot fixes it temporarily.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Reboot on the server?  Or reboot of the clients?

0
 
LVL 1

Expert Comment

by:Carl831
Comment Utility
Only a reboot of the server temporarily solves it. Mac and XP clients never lose connection to the Server 2008 shares, yet when the error occurs the server itself cannot access its shares. DCDIAG checks out OK, but I will have to run NETDIAG later to see the results....

Carl
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Check the clients eventviewers.  They tend to give good clues as well.  On the server, the domain appears to "disappear".  You can tell by going to START/RUN and typing in the name of the domain as such - \\name_of_domain.  It will come back as not found.  Microsoft had me send them all the logs using a special utility.  They found nothing of interest.  So now I will be installing a real-time logging utility (care of Microsoft) that will be tell them the state of the server at the time of the "disappearing" domain.  Stay tuned :)
0
 
LVL 1

Expert Comment

by:Carl831
Comment Utility
Thanks for the info. I will check the Vista event viewers for clues. Are you running Symantec Anti-virus by any chance. I have heard it can cause things like this if it is scanning the sysvol, etc?

Let us know what comes up.

Carl
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Don't have ANY av on the actual Domain Controller.  Pretty locked down here on the workstation side.  They are all "users" only.  No local administrative rights.  Can't install or uninstall anything.  And neither can a virus or trojan they might mistakenly "click" on.
The problem (domain disappearing - shares gone) resurfaced this morning.  Did two thing since:
1) Removed DFS entirely.  Some threads out there point to a misconfigured DFS causing 1030 and 1058 errors.  Possibly taking down domains.  Though on the server side, there were no errors in eventviewer to speak of (other than a DFS error Event ID 14526 on a false startup).
2) Installing Microsoft support's logging utilities (perfwiz.exe and PMLC.msi).  The Microsoft techies in charge of this call want to see whats happening every 5 hrs or sooner.
:)
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Last things we did - as detailed above.  Couple things added.
Updated the Network Card driver.
Moved 1 USB drive hanging off the server.
It lost its domain again.
This time because I got there 4 hours later, when I logged in (I had the screen locked so I wasn't expecting this) the desktop was entirely empty.
What was showing was a basic default desktop, with the "basic" icons - network, my computer, wastebasket, etc.
No custom icons.  No downloads that I sometimes leave on the desktop.  No cleanup folders.  Nada.  Which are usually there on the server admin account.
Tried to restart the server, but it basically got half way to restart and just sat there.
For 20 minutes.  Could still ping it, but couldn't do ANYTHING else.
The remote domain controller, was basically in the SAME state.
Forced a hard shutdown and then brought it back up.
The remote server came online immediately and responded as if nothing had ever happened.

Going to get Dell to help me with Hardware Diagnostics.
This one is really strange.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Its now been 2 weeks since the last reboot.  The most recent change has been moving a 2nd USB hard drive away from that Domain Controller and putting it onto the Exchange Server instead.  So far so good.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
What role does the USB hard drive play? If the USB drive was holding network files, your power settings may be turning off power to that external device after a certain amount of time.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Where would you find power settings for USB drives on a Windows 2003 server?
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
This was offered by MS Support in trying to narrow this problem down.  They found nothing watching perfmon before the event.  So now this.  They asked us to verify that:
1.       We have uninstalled Symantec from both the DCs
2.       We need to make the following registry key on both the DCs
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: MaxUserPort
Value Type: DWORD
Value data: 65534
Valid Range: 65534
http://support.microsoft.com/kb/196271
 
3.       When the issue happens again we want to take a netstat ano result from both the DCs (run the command in a cmd window and pipe the output)
4.       Check the properties for the network card and check if RSS and checksum offload is enabled, if yes then disable the same
 
Method 1: Manually disable Receive Side Scaling and TCP Offload in the network adapter driver
To manually disable RSS and TCP Offload in the network adapter driver, follow these steps:
1.       Click Start, click Run, type ncpa.cpl, and then click OK.
2.       Right-click a network adapter object, and then click Properties.
3.       Click Configure, and then click the Advanced tab.
4.       In the Property list, click Receive Side Scaling, click Disable in the Value list, and then click OK.
5.       In the Property list, click TCP/IP Offload, click Disable in the Value list, and then click OK.
6.       Repeat steps 2 through 5 for each network adapter object.
http://support.microsoft.com/kb/948496
We made the registry changes.  Last involuntary reboot almost 2 weeks ago.  We'll keep you all posted.  Still haven't run hardware diags.  Just received a second NIC (and Intel pro 1000).  We'll be getting the INTEL nic to be the primary nic next weekend.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Went down again.
Ran the netstat -ano command as per Microsoft.
Basically came back with a massive listing of all the ports being used etc.
Typically I see about 300 or so entries.
The two "problem" DCs have about 2500 entries.
Most of them are of this type:
  UDP    WPGDC:3255             *:*                                    1372
  UDP    WPGDC:3281             *:*                                    1372
  UDP    WPGDC:3284             *:*                                    1372
  UDP    WPGDC:3287             *:*                                    1372
  UDP    WPGDC:3298             *:*                                    1372  
Anyone seen this sort of response, with so many entries coming from netstat?
0
 

Expert Comment

by:John
Comment Utility
I've got the same problem 1050 1030 application event (Every 10 minutes)- clears for a few hrs after using Dfsutil /purgemupcache. Restart ...But comesback again after a few hours and clients have file share probs etc. This only started happening since i joined 4 XP Vista clients on the domain. (before was running perfect)  I've tried most stuff and now really gone to town and uninstalled Nod32 busniess edition+ Maleware bytes software util, Stopped shadow copies Disabled the Ext USB Hard drive. Stopped services for Acronis true backup server and funny enough....the Messages have stopped. Mmmm not convinced just yet but will keep you posted.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Thanks for your update jj.
We in fact had this happen on two other clients.  One was seemingly solved by running all the latest service patches.  SP2 and on.  The other, we simply removed Symantec's Backup Exec and the problem evaporated.  But I REALLY don't want to do that here, unless its my absolute LAST option.
The shares disappeared again on Friday.  Absolutely NOTHING in the eventviewer.  No yellow OR red events.  The clients I haven't checked yet, but they normally get 1030 and 1058 errors amongst others.  What I did do however, was swap the LAN cable on the server over to the newly installed INTEL Gigabit NIC.  After a couple of reboots, it finally took over.  Lets see if that makes a diff.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
She's still going.  18 days and nary a boo.  One more thing happened that is worthy of posting.  The Quickbooks "server" engine which is also on this domain controller, was updated to 2009.  It so happens that 2008 was slapped onto this system about 20-30 days prior all of this starting.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Happened again.

Microsoft isn't leaping on this one very quickly.  Rather an obscure one that even their engineers don't seem to want to touch.  They have the most recent logs, but are being painfully slow in responding.

I have found one more lead.  The NETSTAT -ano command returns thousands of UDP ports being accessed.  Turned out the PID was that of DNS.EXE.  Stopping and restarting DNS did nothing.  Found a thread http://forums.techarena.in/server-dns/999570.htm that suggests that THIS is happening as a result of patch kb951746.  That patch IS installed, however IT was installed NOV 11, 2008, well after this started to happen.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
Is it possible to rebuild the entire server?
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Of course it is.  We've just been going along with whatever Microsoft has suggested up until now.  At first the task of rebuilding seemed to be GREAT in comparison with having Microsoft come in and fix the problem.  And even if we HAD rebuilt the server and put it back into the same configuration, we wouldn't be guaranteed that the problem wouldn't resurface.  
The last server outage happened about 3 weeks ago.  I left Microsoft with the log files to their performance monitor capture and haven't heard from them since.
Since the last domain outage/disappearance happened, I was able to (for the first time in recent memory), manually stop a series of services (common services that don't NEED to be on) and then successfully usher a RESTART command to the server and have it actually RESTART instead of hanging on me.  Which got me thinking that it might actually be one of these services that is causing the outages (however bizarre THAT might be) to occur.  So after the successful reboot and reinstatement of the domain, I went thru the entire list of services running and operable on that domain controller / file server and disabled and shut down all unecesssary services.  It has been stable since.  19.5 days and counting.
I won't hold my breath, but if it stays that way, I'll post all the disabled services.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Nope.  That wasn't it either.  The domain has "disappeared" three times since my last post.  

One side benefit however, from disabling all those unecessary services.  We haven't had to do a hard shutdown or even require 2 reboots to stabalize the server anymore.  Just a simple restart and the domain is back.  Microsoft is totally lost on this one.  Their techs have given up.  Their performance logging is telling them nothing.  Ouch.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
Ya maybe its time to rebuild. It kinda hurts me though, i'm always interested in why things break.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
One last kick.  We're going to add a VMWare box with a 2003 DC in it, transfer the domain responsibilites to it and then watch if the problem follows the domain.  But BEFORE that, we've started watching memory.  Simply from a usage point of view.  Two notables.
One is backup exec.  On a regular basis it gobbles up a substantial amount of RAM.  Along with its counterpart in SQL Express.  So I've simply stopped and restarted the two services now on a weekly basis and so far - stability.  Substantial meaning over 100MB of RAM each.  Not a lot in the grand scheme of things, but the top consumers on this box.
Number two is a bit of a surprise.   SERVICES.EXE was using the most RAM following those other two services.  Using PROCESS EXPLORER from Sysinternals, we were able to see that EVENTLOG and PLUG and PLAY were the two major services utilizing SERVICES.EXE.  Don't know where to look for PLUG and PLAY executables, so instead I took a peek inside eventviewer and found over 360,000 security entries.  Most of them simply success audits.  Saved the security events and wiped them.  SERVICES.EXE fell to almost nothing in RAM usage.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
The latest in the disappearing domain saga.  We utilize a Sonicwall TZ190 firewall at this site.  Recently the entire office could not get to a chunk of the Internet.  Don't remember if it was an entire IP subnet, but suffice to say, we could ping the remote websites, we just couldn't do HTTP to them.  All fingers pointed at the firewall.  We don't normally just reboot the firewall as it has two site to site tunnels with static end points.  But one of the websites was crucial for business operations.

I did the firewall reboot remotely, and was on the line with one of the users at the time.  As the firewall rebooted, I continued to ask her if she could now surf the web.  Get to Google.  The usual.  She replied that her workstation had frozen.  A typical sign of the domain disappearing, as drive shares now become inaccessible.
I had her verify with her colleagues.  The majority were frozen.  I attended the scene and sure enough, the domain had disappeared and taken all its shares with it.

Which got me to thinking.  I went back into our syslogs and tried to see if the VPN tunnel between the sites had something to do with this.  If I could pin down the VPN tunnel going down between sites and cutting communication between DCs, I might be onto something.
Bingo.  The last domain outage before this one, was preceded by a VPN tunnel outage 1.5 hours prior.  Coincidence?
0
 

Accepted Solution

by:
ee_auto earned 0 total points
Comment Utility
Question PAQ'd, 500 points refunded, and stored in the solution database.
0
 
LVL 2

Author Comment

by:lmkandia
Comment Utility
Its been stable for over a month.  We never did find a direct resolution.  There has been 1 reboot in this past month.  2 weeks in.  This was because Symantec had developed an issue and needed an update and subsequently a reboot.
BTW, Experts Exchange needs to revamp the way it sends its messages.  The last two that I received regarding this "open" question were "Someone has posted a possible solution".  If it had been, "An administrator is about to close this question" I'd have lit a fire under me to post something.
FWIW, I have a question open in a different section of EE since December.  Thats been 6+ months.  No posts, no comments nada.  I see this isn't an "automatic" feature of EE.  Too bad it was THIS question that was closed and not the other one.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now