Solved

Active Directory on Windows 2003 becomes non-responsive

Posted on 2009-05-05
5
239 Views
Last Modified: 2012-05-06
A friend of mine has set up Active Directory on a local school's server, which is running Windows Server 2003. The primary purpose of this is to allow a group policy to be applied to the laptops. He may also be providing server-side storage for the accounts, but I'm not 100% sure if that is set up.
The server is connected to a network switch, which in turn is connected to a wireless access point. The server runs a proxy server which, when authenticated by Active Directory, is used by clients clients to access the internet. In their IT facilities there are 20 laptops which connect to the wireless access point, each of which is configured to access Active Directory on the server.

The problem is that when the laptops log into the server, it works for a short time then the laptops can no longer access Active Directory server. At first he thought the wireless AP was being overloaded, so he changed it but the problem remained. When this issue arises, the server machine freezes on "Loading your settings..." when you attempt to log in to the server physically. To regain control, the server must be hard rebooted (reset button on front of case).

The network connection itself seems fine as two network switches and two wireless APs have been used with no resolution to the problem. The event log shows nothing suspicious other than a few unusual network disconnections and automatic reconnects.

This is a reasonably urgent issue and a speedy response would be highly appreciated. Thank you in advance.
0
Comment
Question by:burningmace
  • 3
5 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 250 total points
ID: 24316398
1) Make sure the access points are on different channels.  Use only base channels of 1,6,11.  Channel 6 is a common default, so having one on channel 1 and the other on 11 is probably best.

2) Is there any difference between users closer to the access points vs. in the middle between them?  They may be skipping between them and not handling that properly.

3) Laptops and server OS are patched up to current including service packs, correct?

4) This is weird that the laptops authenticating causes the (radius?) server to hang.  Have you checked the server's event logs?

5) Try having only one laptop connect over wireless - maybe after hours or something if necessary.  Try a couple more individually in case one of them is causing the issue somehow.

6) Especially with this being a school, are the access points secured using WPA?  Is EAP-TLS being implemented?  If you are relying on WEP or wide open, expect that some of the students may be messing with your server...
0
 
LVL 14

Assisted Solution

by:Shabarinath Ramadasan
Shabarinath Ramadasan earned 250 total points
ID: 24325147
I would like to recommend few things to narrow down the issue.

1) At the time of the issue, check if DC is able to process LDAP queries.
You an try running a simple dsquery command pointing to the server and see the response.

2) Telnet to the LDAP port and see if its responsive
OR Use portqry to see if port 389/3268 is listening.

3) Check if the SYSVOL share is accessible through UNC
ie \\dcname\sysvol should open up from any client at any time.

4) If any of these steps fails, check if the server is over loaded or any process is hung.
Also, disable any Antivirus on the DC, just to ensure that AV is not filtering any requests.

5) Run perfmon from another server and connect to the DC - Just to have a look on the memory / processor Utilization as well as the AD related threads.

IF  YOU ARE NOT ABLE TO LOGIN TO THE SERVER AT THE TIME OF THIS ISSUE - CONCENTRATE ON THE SERVER PERFOMANCE COUNTERS. NO POINT IN CHECKING THE NETWORK AT THIS TIME.

Hope this helps.

Cheerio
Shaba
0
 
LVL 5

Author Comment

by:burningmace
ID: 24325711
I've forwarded the comments you've posted to the guy, should get a response soon.
0
 
LVL 5

Author Comment

by:burningmace
ID: 24370493
No response from him in a while, I'll assume he fixed the issue. I'll split points accordingly.
0
 
LVL 5

Author Closing Comment

by:burningmace
ID: 31578273
Thanks guys.
0

Join & Write a Comment

Suggested Solutions

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now