[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

Domain Failure

I have an SBS2003 Domain Controller that has been working fine for several years now. Yesterday I decided to move the PageFile from C: to D: because I was running low on C: disk space.

To do this I went into the Virtual Memory settings, changed C: to No Paging File, changed D: to System Managed Size and then rebooted the server.

Since this reboot nothing is working properly. Workstations take 5 times longer to boot because they stall for 10 minutes at "Preparing Network Connections". Event log entries at the workstation say that no DC was found. DHCP fails but if I assign a static IP I can ping the DC and get my SQL Server apps to run. Attempts to map a share on the DC fail. No error message, they just never get mapped and you have to close Windows Explorer down. DNS is working fine as I can ping the DC's computer name from teh workstation and the response is fine.

Event log entires on the DC say that there is a critical error reading a group policy file (I'm sorry that I don't have the exact error message here). I cannot RDC to the server because after entering credentials it goes to a gray screen and never displays the desktop.

Attempts to access the Domain Controller Security Policy or Domain Security Policy consoles fail. I have moved the PageFile back to C: but that has not corrected the issue.



0
stullhe104
Asked:
stullhe104
  • 7
  • 6
  • 5
1 Solution
 
matt_beattCommented:
Try Page File from System Managed, 1.5 x Physical Memory for initial and maximum size, see how that works for you

Then can see how that goes, can you then check what the error in the Event Log is relating to Group Policy
0
 
matt_beattCommented:
Woops sorry typed that too quick - doesnt make much sense!!  See below

Try changing the Page File from System Managed, to 1.5 x Physical Memory for initial and maximum size, reboot and see how that works for you

If that doesnt fix things can you then check what the error in the Event Log is relating to Group Policy
0
 
ormerodrutterCommented:
By default you need to retain a small page file on C:\ drive (your boot partition) for dumping purpose. So check on C:\ drive that if system automatically retain a 256Mb (or 512Mb I can't quite remember) page file.

The problem you are having don't seem to be a page file issue, instead it looks like DNS error. Do an IPCONFIG on workstation to see if it gets IP address from the server (DHCP). Anything begins with 169 or 127 represents a problem.

If you use static ip ensure the dns server is set to your server and gateway to your router.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
stullhe104Author Commented:
I've already moved the PageFile back to the C: drive and given it as much room as I possibly can at this time.

I agree with ormerodrutter that this is not a pagefile issue. It more of a domain controller issue.

The errors I see in Event Log are:
1030 Cannot query for the list of GP objects.
1058 Cannot access gpt.ini for GPO=... The file must be present at the location \\ptlp.local\sysvol\ptlp.local\sysvol\policies\...\gpt.ini  Windows cannot ind the network path.

There is a SYSVOL on both the C: and D: drives so I don't know which one this is referencing, Either way I do not see a Policies folder anywhere in the SYSVOL path.

0
 
matt_beattCommented:
\\ptlp.local

YOu should find sysvol in there.  If there is no policies folder that will be why your logon is taking so long.

Do you have more than one DC?  If not you may have go do a restore
0
 
ormerodrutterCommented:
Thats my next question as well MATT.

Since you are dealing with SBS, is it the only DC in your network? And/or, if there is at one time more than one DC in your network? It might be a global catalogue thing.....
0
 
ormerodrutterCommented:
Please post an IPCONFIG result (from client workstations).
0
 
stullhe104Author Commented:
Sorry folks. I ended up calling Microsoft for support on this one because the network was down and I had users breathing down my neck!

I had made another change that wasn't mentioned in my original post that caused the problem. After switching the PageFile I lost all network connectivity on the server. It was as if the network card had faild. The card is dual ported so I switched to the second port and connectivity was restored.

Unfortunately SBS remembers the name of the Network Connection used (something to do with ICS (internet connection sharing) so even though my NSLOOKUP queries were working fine the DNS was not functioning correctly and that caused the GP failure.

The MS Engineer made some adjustments to the registry and then flushed/registered the DNS using an IPCONFIG command. Now things are working better but they are still not 100 percent right.

Many of the workstations are still not seeing the DC at boot time and therefore are not obtaining an IP Address. I have to set static IPs for those workstations to work.

I'll do some research on that front but if anyone has a clue as to why that is failing, please let me know.

Thanks for you help... Herb
0
 
ormerodrutterCommented:
Flush DNS cache on workstations using this IPCONFIG /flushdns
Basically if workstations not seeing the DC 90% is a DNS problem. Still, if you can post an ipconfig log here we might be able to give further help. Remember change setting to "obtain ip address from server" first before doing the ipconfig /all
0
 
stullhe104Author Commented:
I did change the card's setting to Obtain an IP. I executed IPCONFIG /FlushDSN, IPCONFIG /RegisterDNS and then IPCONFIG /RENEW. Still did not get an IP.

It's very frustrating because I have other computers that are on the same network switch that have no problem seeing the DC and I compared the settings on their NIC card to the NIC cards that are failing and all settings are exactly the same.

I've attached a screenshot of the results from IPCONFIG /ALL.
Net1.jpg
Net2.jpg
0
 
ormerodrutterCommented:
Have you considered it is a faulty NIC or cable?
0
 
stullhe104Author Commented:
There are 9 or 10 computers that are failing like this. I can't believe that it is a faulty NIC or cable, especially when assigning a static IP fixes the issue. That means that both the cable and NIC are working.
It's gotta be something else! I'm trying to reach the MS Engineer again to revisit the problem.
0
 
matt_beattCommented:
Are you using a single subnet or have you multiple?  Is the gateway for your network your SBS server?
0
 
stullhe104Author Commented:
I have a single subnet, 192.168.100.x, whos gateway is an ISA Server box that is seperate from the SBS DC. The gateway is at 192.168.100.1 and has a dual port NIX with one going to the Internet while the other connects to a switch.
The SBS box has a dual ported NIC of which one port connects to the switch.
I have DNS set up to tell teh client machines where to find both the gateways and DNS server (SBS box).
0
 
matt_beattCommented:
You mentioned earlier that you are were using ICS - is there a reason you are using both ICS and ISA?

If memory serves me well, by default ICS uses its own DHCP services, if you have had problems with your SBS box and have had to do "something" to ICS to get the box working again perhaps this is your problem
0
 
stullhe104Author Commented:
Hi Matt, thanks for the reply. ISA provides firewall services and has nothing at all to do with DHCP. I really don't know what the significance of ICS is in the scheme of things, that's just what the Microsoft Engineer said (vaguely).

I did end up contacting him again and he resolved this second issue as well. In the DHCP console under the properties for the server is an Advanced tab that has a button called Bindings. Clicking the button opens a Binding windows where you can select the NIC card that DHCP will bind to.

Once we checked the box for the appropriate NIC card these rogue computers worked just fine. I went to each of them and used IPCONFIG to flush and then register the DNS and the RENEW the IP.

Whala...

Thanks to all of you for your help and advice.
0
 
ormerodrutterCommented:
Do you mind telling me how much MS charge for this kind of support? Or you have a supporting agreement inplace with them (e.g. x number of calls/issues for $x)?
0
 
stullhe104Author Commented:
The charge for support during regular business hours is $245 + tax. For after hours support the charge is more like $575.
In this case I felt the money was well worth it. Much of our business operation was inoperable and I had to get it fixed quickly.
The MS Support engineer remoted into my server and was able to quickly discover what was wrong and get it fixed. Compare that to me working my way through it while I'm working on several other issues and attending meetings at the same time.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 7
  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now