[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how to trouble shoot nretwork monitor capture results

Posted on 2009-02-18
1
Medium Priority
?
2,058 Views
Last Modified: 2012-08-14
we have a 2003 r2 server DC box with two nics. One is connected to our hp 4108gl that feeds the network. The other nic feeds into our IP SAN.

storevault s550

I am getting errors detected by network monitor for the nic that connects to the all the pcs.

some of the errors reported are

770 116.118164 LOCAL 0019D1E43261 SMB R transact2 - NT error, System, Error, Code = (549) STATUS_NOT_FOUND SEV0801 10.122.226.203 IP
1018 119.243164 LOCAL 0019D1E43261 SMB R transact2 - NT error, System, Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND SEV0801 10.122.226.203 IP
1057 119.993164 LOCAL 0019D1E43261 SMB R NT transact - NT error, System, Error, Code = (288) STATUS_CANCELLED SEV0801 10.122.226.203 IP

SMB: R transact2 - NT error, System, Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND


574 115.524414 LOCAL 0019D1E43261 SMB R transact2 - NT error, System, Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND SEV0801

10.122.226.203 IP
FRAME: Base frame properties
    FRAME: Time of capture = 18/02/2009 15:07:39
    FRAME: Time delta from previous physical frame: 0 microseconds
    FRAME: Frame number: 574
    FRAME: Total frame length: 93 bytes
    FRAME: Capture frame length: 93 bytes
    FRAME: Frame data: Number of data bytes remaining = 93 (0x005D)
ETHERNET:  EType = Internet IP (IPv4)
    ETHERNET: Destination address = 0019D1E43261
        ETHERNET: 0....... = Individual address
        ETHERNET: .0...... = Universally administered address
    ETHERNET: Source address = 0015176B9B91
        ETHERNET: .0...... = Universally administered address
    ETHERNET: Ethernet Type : 0x0800 (Internet IP (IPv4))
IP: Protocol = TCP - Transmission Control; Packet ID = 9405; Total IP Length = 79; Options = No Options
    IP: Version = IPv4; Header Length = 20
        IP: 0100.... = IP Version 4
        IP: ....0101 = Header Length 20
    IP: Type of Service = Normal Service
        IP: 000..... = Precedence - Routine
        IP: ...0.... = Normal Delay
        IP: ....0... = Normal Throughput
        IP: .....0.. = Normal Reliability
        IP: ......0. = Normal Monetary Cost
    IP: Total Length = 79 (0x4F)
    IP: Identification = 9405 (0x24BD)
    IP: Fragmentation Summary = 16384 (0x4000)
        IP: .1.............. = Cannot fragment datagram
        IP: ..0............. = Last fragment in datagram
        IP: ...0000000000000 = Fragment Offset 0 (0x0000)
    IP: Time to Live = 128 (0x80)
    IP: Protocol = TCP - Transmission Control
    IP: Checksum = 65005 (0xFDED)
    IP: Source Address = 10.122.224.62
    IP: Destination Address = 10.122.226.203
TCP: Control Bits: .AP..., len:   39, seq:3748562095-3748562134, ack:3925620540, win:65107, src:  445  dst: 1056
    TCP: Source Port = Microsoft-DS
    TCP: Destination Port = 0x0420
    TCP: Sequence Number = 3748562095 (0xDF6E84AF)
    TCP: Acknowledgement Number = 3925620540 (0xE9FC373C)
    TCP: Data Offset = 20 bytes
        TCP: 0101.... = Data Offset (20 bytes)
        TCP: ....0000 = Reserved bits
    TCP: Flags = 0x18 : .AP...
        TCP: ..0..... = No urgent data
        TCP: ...1.... = Acknowledgement field significant
        TCP: ....1... = Push function
        TCP: .....0.. = No Reset
        TCP: ......0. = No Synchronize
        TCP: .......0 = Not the end of the data
    TCP: Window = 65107 (0xFE53)
    TCP: Checksum = ERROR: CheckSum is 0xD83F, Should be 0x7FD6
    TCP: Urgent Pointer = 0 (0x0)
NBT: SS: Session Message, Len: 35
    NBT: Packet Type = Session Message
    NBT: Packet Flags = 0 (0x0)
        NBT: .......0 = Add 0 to Length
    NBT: Packet Length = 35 (0x23)
    NBT: SS Data: Number of data bytes remaining = 35 (0x0023)
SMB: R transact2 - NT error, System, Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND
    SMB: NT status code = 0xC0000034, Facility = System, Severity = Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND
            SMB: NT Status Severity Code = Error
            SMB: NT Status Customer Code = 0 (0x0)
            SMB: NT Status Reserved Bit = 0 (0x0)
            SMB: NT Status Facility = System
            SMB: NT Status Code System Error = STATUS_OBJECT_NAME_NOT_FOUND
    SMB: Header: PID = 0x0E60 TID = 0x1802 MID = 0x7203 UID = 0x2001
        SMB: Tree ID      (TID) = 6146 (0x1802)
        SMB: Process ID   (PID) = 3680 (0xE60)
        SMB: User ID      (UID) = 8193 (0x2001)
        SMB: Multiplex ID (MID) = 29187 (0x7203)
        SMB: Flags Summary = 152 (0x98)
            SMB: .......0 = Lock & Read and Write & Unlock not supported
            SMB: ......0. = Send No Ack not supported
            SMB: ....1... = Using caseless pathnames
            SMB: ...1.... = Canonicalized pathnames
            SMB: ..0..... = No Opportunistic lock
            SMB: .0...... = No Change Notify
            SMB: 1....... = Server response
        SMB: flags2 Summary = 51207 (0xC807)
            SMB: ...............1 = Understands long filenames
            SMB: ..............1. = Understands extended attributes
            SMB: ...0............ = No DFS namespace
            SMB: ..0............. = No paging of IO
            SMB: .1.............. = Using NT status codes
            SMB: 1............... = Using UNICODE strings
            SMB: Unknown Flag2 bits = 2052 (0x804)
    SMB: Command = C transact2
        SMB: Word count = 0
        SMB: Byte count = 0
00000:  00 19 D1 E4 32 61 00 15 17 6B 9B 91 08 00 45 00   ..Ñä2a...k›‘..E.
00010:  00 4F 24 BD 40 00 80 06 FD ED 0A 7A E0 3E 0A 7A   .O$½@.€.ýí.zà>.z
00020:  E2 CB 01 BD 04 20 DF 6E 84 AF E9 FC 37 3C 50 18   âË.½. ßn„¯éü7<P.
00030:  FE 53 D8 3F 00 00 00 00 00 23 FF 53 4D 42 32 34   þSØ?.....#ÿSMB24
00040:  00 00 C0 98 07 C8 00 00 98 59 25 6C CF 7C 92 FF   ..À˜.È..˜Y%lÏ|’ÿ
00050:  00 00 02 18 60 0E 01 20 03 72 00 00 00            ....`.. .r...  

i reallly need some help on how to troubleshoot
sorry suffer from rsi thus minimum text
0
Comment
Question by:exdos
1 Comment
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 1500 total points
ID: 23689140
Hi,

Referring to your queries;

Error 549 (ERROR_INSTRUCTION_MISALIGNMENT);

Reason:

An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references.

Error 52;

Reason:

You were not connected because a duplicate name exists on the network.  

Error 288 (ERROR_NOT_OWNER);

Reason:

Attempt to release mutex not owned by caller.

For complete list of error codes;

http://www.geocities.com/Hollywood/1196/winerror.htm
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question