Solved

Domain Failure

Posted on 2009-04-06
18
228 Views
Last Modified: 2012-05-06
I have an SBS2003 Domain Controller that has been working fine for several years now. Yesterday I decided to move the PageFile from C: to D: because I was running low on C: disk space.

To do this I went into the Virtual Memory settings, changed C: to No Paging File, changed D: to System Managed Size and then rebooted the server.

Since this reboot nothing is working properly. Workstations take 5 times longer to boot because they stall for 10 minutes at "Preparing Network Connections". Event log entries at the workstation say that no DC was found. DHCP fails but if I assign a static IP I can ping the DC and get my SQL Server apps to run. Attempts to map a share on the DC fail. No error message, they just never get mapped and you have to close Windows Explorer down. DNS is working fine as I can ping the DC's computer name from teh workstation and the response is fine.

Event log entires on the DC say that there is a critical error reading a group policy file (I'm sorry that I don't have the exact error message here). I cannot RDC to the server because after entering credentials it goes to a gray screen and never displays the desktop.

Attempts to access the Domain Controller Security Policy or Domain Security Policy consoles fail. I have moved the PageFile back to C: but that has not corrected the issue.



0
Comment
Question by:stullhe104
  • 7
  • 6
  • 5
18 Comments
 
LVL 6

Expert Comment

by:matt_beatt
Comment Utility
Try Page File from System Managed, 1.5 x Physical Memory for initial and maximum size, see how that works for you

Then can see how that goes, can you then check what the error in the Event Log is relating to Group Policy
0
 
LVL 6

Expert Comment

by:matt_beatt
Comment Utility
Woops sorry typed that too quick - doesnt make much sense!!  See below

Try changing the Page File from System Managed, to 1.5 x Physical Memory for initial and maximum size, reboot and see how that works for you

If that doesnt fix things can you then check what the error in the Event Log is relating to Group Policy
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
By default you need to retain a small page file on C:\ drive (your boot partition) for dumping purpose. So check on C:\ drive that if system automatically retain a 256Mb (or 512Mb I can't quite remember) page file.

The problem you are having don't seem to be a page file issue, instead it looks like DNS error. Do an IPCONFIG on workstation to see if it gets IP address from the server (DHCP). Anything begins with 169 or 127 represents a problem.

If you use static ip ensure the dns server is set to your server and gateway to your router.
0
 

Author Comment

by:stullhe104
Comment Utility
I've already moved the PageFile back to the C: drive and given it as much room as I possibly can at this time.

I agree with ormerodrutter that this is not a pagefile issue. It more of a domain controller issue.

The errors I see in Event Log are:
1030 Cannot query for the list of GP objects.
1058 Cannot access gpt.ini for GPO=... The file must be present at the location \\ptlp.local\sysvol\ptlp.local\sysvol\policies\...\gpt.ini  Windows cannot ind the network path.

There is a SYSVOL on both the C: and D: drives so I don't know which one this is referencing, Either way I do not see a Policies folder anywhere in the SYSVOL path.

0
 
LVL 6

Expert Comment

by:matt_beatt
Comment Utility
\\ptlp.local

YOu should find sysvol in there.  If there is no policies folder that will be why your logon is taking so long.

Do you have more than one DC?  If not you may have go do a restore
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
Thats my next question as well MATT.

Since you are dealing with SBS, is it the only DC in your network? And/or, if there is at one time more than one DC in your network? It might be a global catalogue thing.....
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
Please post an IPCONFIG result (from client workstations).
0
 

Author Comment

by:stullhe104
Comment Utility
Sorry folks. I ended up calling Microsoft for support on this one because the network was down and I had users breathing down my neck!

I had made another change that wasn't mentioned in my original post that caused the problem. After switching the PageFile I lost all network connectivity on the server. It was as if the network card had faild. The card is dual ported so I switched to the second port and connectivity was restored.

Unfortunately SBS remembers the name of the Network Connection used (something to do with ICS (internet connection sharing) so even though my NSLOOKUP queries were working fine the DNS was not functioning correctly and that caused the GP failure.

The MS Engineer made some adjustments to the registry and then flushed/registered the DNS using an IPCONFIG command. Now things are working better but they are still not 100 percent right.

Many of the workstations are still not seeing the DC at boot time and therefore are not obtaining an IP Address. I have to set static IPs for those workstations to work.

I'll do some research on that front but if anyone has a clue as to why that is failing, please let me know.

Thanks for you help... Herb
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
Flush DNS cache on workstations using this IPCONFIG /flushdns
Basically if workstations not seeing the DC 90% is a DNS problem. Still, if you can post an ipconfig log here we might be able to give further help. Remember change setting to "obtain ip address from server" first before doing the ipconfig /all
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:stullhe104
Comment Utility
I did change the card's setting to Obtain an IP. I executed IPCONFIG /FlushDSN, IPCONFIG /RegisterDNS and then IPCONFIG /RENEW. Still did not get an IP.

It's very frustrating because I have other computers that are on the same network switch that have no problem seeing the DC and I compared the settings on their NIC card to the NIC cards that are failing and all settings are exactly the same.

I've attached a screenshot of the results from IPCONFIG /ALL.
Net1.jpg
Net2.jpg
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
Have you considered it is a faulty NIC or cable?
0
 

Author Comment

by:stullhe104
Comment Utility
There are 9 or 10 computers that are failing like this. I can't believe that it is a faulty NIC or cable, especially when assigning a static IP fixes the issue. That means that both the cable and NIC are working.
It's gotta be something else! I'm trying to reach the MS Engineer again to revisit the problem.
0
 
LVL 6

Expert Comment

by:matt_beatt
Comment Utility
Are you using a single subnet or have you multiple?  Is the gateway for your network your SBS server?
0
 

Author Comment

by:stullhe104
Comment Utility
I have a single subnet, 192.168.100.x, whos gateway is an ISA Server box that is seperate from the SBS DC. The gateway is at 192.168.100.1 and has a dual port NIX with one going to the Internet while the other connects to a switch.
The SBS box has a dual ported NIC of which one port connects to the switch.
I have DNS set up to tell teh client machines where to find both the gateways and DNS server (SBS box).
0
 
LVL 6

Expert Comment

by:matt_beatt
Comment Utility
You mentioned earlier that you are were using ICS - is there a reason you are using both ICS and ISA?

If memory serves me well, by default ICS uses its own DHCP services, if you have had problems with your SBS box and have had to do "something" to ICS to get the box working again perhaps this is your problem
0
 

Accepted Solution

by:
stullhe104 earned 0 total points
Comment Utility
Hi Matt, thanks for the reply. ISA provides firewall services and has nothing at all to do with DHCP. I really don't know what the significance of ICS is in the scheme of things, that's just what the Microsoft Engineer said (vaguely).

I did end up contacting him again and he resolved this second issue as well. In the DHCP console under the properties for the server is an Advanced tab that has a button called Bindings. Clicking the button opens a Binding windows where you can select the NIC card that DHCP will bind to.

Once we checked the box for the appropriate NIC card these rogue computers worked just fine. I went to each of them and used IPCONFIG to flush and then register the DNS and the RENEW the IP.

Whala...

Thanks to all of you for your help and advice.
0
 
LVL 23

Expert Comment

by:ormerodrutter
Comment Utility
Do you mind telling me how much MS charge for this kind of support? Or you have a supporting agreement inplace with them (e.g. x number of calls/issues for $x)?
0
 

Author Comment

by:stullhe104
Comment Utility
The charge for support during regular business hours is $245 + tax. For after hours support the charge is more like $575.
In this case I felt the money was well worth it. Much of our business operation was inoperable and I had to get it fixed quickly.
The MS Support engineer remoted into my server and was able to quickly discover what was wrong and get it fixed. Compare that to me working my way through it while I'm working on several other issues and attending meetings at the same time.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now