Avatar of Dan
DanFlag for United States of America asked on

Can't RDP into Windows 2003 server-error "The RPC server is unavailable"

Something happened this weekend to my echange server because I tried to log into my windows server 2003 SP2, but I can't because I get the following error message:
"The system cannot log you on due to the following error: The PRC server is unavailable.
Please try again or consult your system administrator"

I've attached the picture as well.  Whats strange is that the exact same thing has happened last weekend as well, Iand I have no idea what caused it.  When I restart my DC and then my exchange server, it cleared it up, but apparently it's something deeper than that since it happened again.

Any thoughts, or help in what could case it, I would greatly apprecaite it.
Dan
elishaRPCerror.jpg
Windows Server 2003ExchangeMicrosoft Legacy OS

Avatar of undefined
Last Comment
Dan

8/22/2022 - Mon
ASKER
Dan

Very interesting, I restarted my DC, and then after it restarted, I was able to log into my Exchange server. WOW, very interesting.  So this error message has something to do with my DC server.
I only have 1 DC.   Before restarting my DC, I saw that the following process was constantly at 25%, the svchosts service was constantly high, which is not normal.

Any thoughts?  Is my Active Directory messed up.  I don't know what it could be.
snusgubben

First step is to find out if the RDP listener is up on the Exchange server when you get this error:

From cmd on a host:

telnet <exchange server IP/FQDN> 3389

Does it reply?
ASKER
Dan

I did it now, and there's just a blinking cursor.  I'm assuming that means it's working, since I restarted the server this morning.  I will try that again when it fails, which it could be anytime.
I will let you know.  It's somehow tied to my domain controller, as all I did is I restarted my DC server and then I didn't do anything at all to my exchange server, and I was able to RDP into it with no issues, that error message went away.  That's strange.  I did restart my exchange server, but that is very weird.
I had another problem with my Win 2k3 DC server, which I think it might have something to do with it, what do you think.  The details are below.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24081889.html

Let me know if you think it's tied together.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
snusgubben

I see from your other post the event error.

On your DC only internal DNS server should be set on the nic. NO ISP DNS!! (because it don't know about your domain and can't resolve queries regarding your internal network/domain).

Domain members, including DC, should only have internal DNS and on the DNS server you set forwarding to your ISP DNS.


Fix your DNS and see if the error re-occour.


SG
ASKER
Dan

I just checked my NIC settings, and only my internal DNS is listed on it. The ISP DNS is only setup on my DNS server settings, NOT on my nic. So there's nothing to fix as far as I can see.
ASKER
Dan

the external DNS is only listed in my DNS forwarders on my DNS server (which is also my DHCP and DC).  So I think it has something to do with me changing the NT Authority password.  I reset it about 2 weeks ago and ever since then, this has started happening.  But how do I fix it, because I don't know what it was originally, I just needed to change it because of a new program I installed.   I changed it on one of my other servers, so I thought it was only for that server and I didn't think it would affect anything else.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
snusgubben

Then we'll asume your DNS is okey :)

What NT Authority account did you change the password on?


SG
SysExpert

I would run DCDIAG and netdiag both in verbose mode and look for any errors or failures in the text log files

I hope this helps !
Alex Appleton

When you say that you changed the password on NT Authority account, which one was it?  

Some services start as NT Authority accounts.  Check your services (start-run-services.msc)  to make sure all Automatic start services are actually running.  In specific, check the RPC service.
Check the event viewer for specific errors relating to Service Control Manager and it may point you in the right direction.

Check the log on as portion of the service.  If you change a password, it does not automatically update these fields.  Re-enter the password for any accounts you may have changed.

Finally, as mentioned above.  Run DCDIAG and post the results here.

I get the feeling like a dependency service or RPC service is not starting which is causing your grief.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Dan

snusgubben:
I don't remember for sure if i changed the password or not, but I'll check
tomorrow morning and let you know.  If I changed it, it was the
NT authority account (built-in) on my DC.  I'll let you know tomorrow when
I get to work.

SysExpert:
I'm sorry, but I have never run those programs, so is it possible for you
to tell me how to run those programs and where do I run them?  Thanks so
much.

AAppleton:
I don't remember for sure if i changed the password or not, but I'll check
tomorrow morning and let you know.  If I changed it, it was the
NT authority account (built-in) on my DC.  I'll let you know tomorrow when
I get to work.
So do I need to check the services on my exchange server, DC server, or
I should probably check every server, right, to see what service uses
the NT authority service when it starts?  So if I find a service that
uses the NT authority account, should I just edit the password and
retype the new password?
I don't know how to run the DCDIAG program, so hopefully SysExpert will
tell me how, or if you tell me how to run it, I'll run not, I just
never ran it before.

Thanks to everyone for your thoughts.
snusgubben

If it helps booting your DC I think you should look in the direction of your DC (if the RDP listener is up on the Exchange srv when the error occurs).

dcdiag and netdiag is part of the MS support tools and should be installed if you don't have them on a DC (or another server).

From cmd on the DC:

dcdiag /v /e > dcdiag.txt & dcdiag.txt

netdiag /v > netdiag.txt & netdiag.txt

Post the output or attach the files created.


SG
ASKER
Dan

ok, I just checked my password system, and I did NOT change the NT authority account, I thought I did, but I didn't change it.   When I run the dcdiag and net diag programs, do I have to restart my server, as I can't reboot my DC during business hours, I would have to wait until after hours for that.  
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
snusgubben

You don't have to reboot :)


SG
Alex Appleton

Did you check your event viewer and services?  Post any errors here.  Check to make sure all Automatic Start services are running and attempt to start any that are not started.
ASKER
Dan

I'm checking the services now and I'll run those two programs in  a few min as well.  

I've attached a picture of the other errors I'm receiving, which might be connected to this issue.
systemerror.jpg
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
Dan

sorry, here's the correct picture.
systemerror.jpg
ASKER
Dan

ok, all services that are automatic are started except one, it's hte performance logs and alerts, it's automatic, but it's not started.  
I'm going to run those two programs now.
ASKER
Dan

I think this is what caused my problem, as this is the time when it happened.
I just don't know how to fix it.
problem.jpg
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
snusgubben

a dcdiag and netdiag would tell us what's going on and we'll be able to get you back on track.


SG
ASKER
Dan

here's hte dcdiag and netdiag, they are very detailed.
dcdiag.txt
netdiag.txt
ASKER
Dan

how do I stop a computer for thinking it's the master browser?  I get this every day, and maybe this has something to do with it?  I went to the services and disabled the computer browser service, but it looks like it didn't help.
masterbrowser.jpg
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
Dan

snusgubben:
Any thoughts as what could be wrong after looking at the log files? I do see some errors in them.
snusgubben

What hosts are 'CTOWNSLEYOLD' and 'KWATSON'? Is one of these the Exchange server? Both of them has a computer account problem authenticating towards the domain.

Query the secure channel from a DC towards a host:

nltest /server:kwatson /sc_query:amazingfacts.org

and

nltest /server:CTOWNSLEYOLD /sc_query:amazingfacts.org


If they fail you could try to reset the secure channel:

nltest /server:kwatson /SC_RESET:amazingfacts.org



SG





snusgubben

I don't think this is related to the master browser error you got in the event log. The domain master browser is one of the DCs (PDC), but if your got clients on different VLANs or IP-addresses then a master browser ellection will go on in the different networks/VLANs.

This can be stopped with a reg.key or disabling Netbios broadcasts between VLANs in a firewall/router.


SG
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dan

kwatson is a just a regular WinXP PC. I took it off the domain and readded it back to the domain.
ctownsleyold is another regular WInXP PC, but the problem is, I can't find it, I don't know where the physical PC is at.  They are both just WInXP PCs.  I just tried to remote desktop into it and I can, but not with a domain account. I was able to RDP into it with the local admin account.  Is there anything I can do to it to be able to identify where it's at physically?  Is there anything I should do to it, remove it from the domain maybe and re add it?  The problem is that I don't know where it's physically at.

Should I sitll process the above requests you asked me to do?

ASKER
Dan

ok, well, I found that computer, so that's cool. I took it off of the domain, renamed it and added it back to the domain.  So is there anything else I need to do?

What about those logs I sent, what are they indicating? Not sure what else to do to attempt to resolve this issue.
ASKER
Dan

snusqubben,
I've just attached the screen shot of the nltest cmd I performed.
It says successful.
Not sure what to do next?
nltest-command.jpg
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
snusgubben

Your logs looks good. There was some errors in the event log indicating that some computer accounts had problems.

Run a "ipconfig /all" from cmd on the Exchange server and post the output.

Run a nltest where server is the Exchange. If you didn't do it.


SG
snusgubben

SysExpert and AAppleton, please contribute if you have some ideas :)


SG
Alex Appleton

Check the following service is set to Automatic and running:
TCP/IP NetBIOS Helper

Check the properties of the adapter to make sure the Client for Microsoft Networks is installed.

Check GC connectivity:
Start-Run-Cmd
nltest /dsgetdc: /gc /force

Barring all these, I'm going to say there's probably something wrong with DNS.
Let us know how it goes.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dan

Here's the results of the ipconfig and nltest.
ipconfig-all.jpg
nltest.jpg
ASKER
Dan

Both servers, my exchange and DC both have the  TCP/IP NetBIOS Helper service running and automatic.  Both servers have the Client for Microsoft Networks is installed as well.

Here's the output for the getdc command you had me do above.

For some reason, I think it's a problem with my Active DIrectory, I just don't know how to pin point it.
nltest-getdc.jpg
snusgubben

Your problem started a week ago? Has anything been done just before the error occoured for the first time? (Windows update, drivers update (network and graphics card) etc.)

Check the windows update log (%windir%\windowsupdate.log)


SG

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
snusgubben

another thing:

When you can't RDP to your Exchange, a re-boot of one of your DC fixes the problem and RDP is working again on the Exchange srv. Right?

If that's the case I don't think the problem is related to Active Directory because your dcdiag looks good and if there was a DNS problem other hosts should have also been experienced problems.

Do you have consol access to the Exchange srv? When the problem arise you should check if the RDP listener is up with "telnet <FQDN to exchange> 3389" and "telnet <IP to exchange> 3389".

Also check if the DNS can resolve the Exchange srv.
ie. nslookup
set q=all
"FQDN to exchange"


Please also check the following MS patches:

http://support.microsoft.com/kb/898060/

http://support.microsoft.com/kb/883670
ASKER
Dan

I don't recall doing anything different.  2 weeks ago I installed Secret Server, a software application that uses MS SQL, but it wasn't on either my exchange or DC servers.
I checked hte windowsupdate.log file and the date is from 2006.  There were only two entries in there.
I use WSUS to update all my PC's and Servers.

Regarding your last post, yes, when I can't RDP into exchange, if I reboot my DC server, then I can log into my exchange with no issues, I don't even have to reboot exchange, I can RDP right into it.

Yes, I have console access to all my servers, as my server room is 15 feet away from me.  This is Monday through Thursday.  I live 1 hour and a half away, so I live far away from work, and so far, this has only happened on Sunday mornings, for the past 2 sunday mornings, between 5 and 7 am or so.

So if the problem happens again this Sunday, I need to do the following, right?
from CMD:  
telnet elisha.amazingfacts.org 3389
telnet 192.168.100.61 3389

So what does that tell me if, how do I know if it works or not, if it's blinking or not?

So when I run hte nslookup command, I'm assuming I can do that from my own laptop?
Or do I need to be on the DC when I do that?
ASKER
Dan

so is this what I'm supposed to do when it happens again, the NSlookup command from my laptop?
nslookup.jpg
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Alex Appleton

To verify that it is not DNS.  Add an entry in your hosts file for your GC server (eden) on  your exchange server (elisha).  Run an ipconfig /flushdns on elisha.  

I am curious to know if you still get the error even with this manual entry.
ASKER
Dan

ok, so what kind of entry do you want me to add?
I know where the hosts file is at, but what do I add in the file?
And after I add the info in the hosts file, do I need to restart?
Then I do an ipconfig/flushdns, I got that part.
Thanks.
Alex Appleton

Open the file located in C:\Windows\Drivers\etc\ in Notepad and just add and additional line after the one that says localhost.

So basically yours will look like this:

127.0.0.1                    localhost (existing entry)
192.168.100.50          eden  (new entry)

Then run an ipconfig /flushdns.  No restart is necessary, systems will always look to the hosts file to resolve domain names prior to querying elsewhere.  I want to be sure there are no DNS issues on your network before we can move forward.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Dan

sure, I can do that tomorrow morning, no problem.
So that won't affect DHCP, or DNS for all my other PC's or anything else on the network, right?
So after I run hte ipconfig/flushdns, then what?  What do I do then, or what is it supposed to do?

When can I change the file back to the original way it was?
snusgubben

You should also add the FQDN to eden in the hosts file (just add a new line).

Yes just run the telnet from a client. If the listener is up and accepting connections on TCP 3389 the cmd window turns all black.

Did you have a look at the MS patches?

SG
Alex Appleton

Doing the commands mentioned will not affect any other computer.  After you run the ipconfig /flushdns attempt to rdp and see if you are still having an issue.  

If there is no change and you are still getting that error you can freely change the hosts file back, otherwise leave it in there until we can sort out your DNS.  

Also, as mentioned you can add another line as follows:
192.168.100.50          eden.amazingfacts.org

And check the MS patches as mentioned.  Another thing to check is see if there are any  updated drivers for your NIC.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
snusgubben

There has been addressed some weird problems with broadcom Giga NICs so as AAppleton says, check for updates for the NICs.


SG
ASKER
Dan

ok, I'll check the MS links today.
I'll add the IPs to my hosts file as well, so I guess I can leave them in there for days, or eve weeks and it won't hurt anything?

So far, this RDP issue has only occured on Sunday mornings, so I can't test it until then, as all other time, it has been working fine.

I will see if there are any new Nework Driver updates for both of my NICS.
I'll keep you guys posted.  Thanks.
ASKER
Dan

I read both articles and regarding the 883670 one, I have downloaded it and will install it on exchange server.  Regarding the 2nd article, I checked, and I don't have the update they mentioned on either my exchange or DC installed.   Both servers have the hosts file updated, so I will leave that there for a few weeks until I can resolve this issue.

What's strange is that on Sunday,when this occured, after I restarted my DC, I was able to log into my exchange server, and I didn't make any changes to it during that time, since I wasn't able to log into it.
How is it possible by restarting my DC would cause my exchange server RDP to work.
Very strange.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Dan

on my DC, I have an Intel Pro/1000 MT card.  So I wonder if I should upgrade the NIC driver for that as well?  I'll update the broadcom driver to rule that out.
ASKER CERTIFIED SOLUTION
snusgubben

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Dan

ok cool, I didn't realize that the DC controls so much of other servers as well. Amazing!
Yes, let's just hope so, I'm praying for it.  
Thanks so much for your help so far!
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dan

it is working,  I want to thank everyone for your help. I'm not sure exactly what fixed it, but one of the things I did fixed it, as this Sunday morning my exchange was working fine and I was able to RDP into the server, so Praise the LORD, and I'm so happy!!!!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dan

Thanks you guys for your help, one of the things you suggested must have worked, as this Sunday morning everything worked fine.!!