• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2588
  • Last Modified:

Event ID 4015 -- functioning active directory

Hello all, new user here, first post.

I have been banging my head against the wall on this one, can't find any information on this that makes sense to me.

We have 2 domain controllers, both Win2k3 with latest SP and security updates.  Recently, about a month ago, we started experiencing DNS/Active Directory issues with our Mac clients.  We found a work around but now our VPN uers are having errors that is leading me to believe our domain controllers/active directory is corrupt or not functioning properly.

I've gone into the event view and started noticing event id 4015 in the DNS Server and in Directory Service event ID 1168.

I'm fairly new to administering Active Directory and Domain Controllers, so any help would be greatly appreciated.

nix-IT
0
nix-IT
Asked:
nix-IT
  • 5
  • 4
1 Solution
 
Mike KlineCommented:
What are the actual problems the VPN users are having.  Are they having issues access email or file shares?
Thanks
Mike
0
 
nix-ITAuthor Commented:
The users can't access their email or the file shares and the problem is intermittent.  I've been working with our VPN service provider for the past 2 weeks, and they claim nothing has changed.  The VPN service providers state that it could be a DNS issue.

The users can sometimes access the shares by share name, but when they can't, they can access them by IP address.

Today a user can't access any of the shares by IP or name.

nix-IT

0
 
nix-ITAuthor Commented:
more on this issue.  during my searching online, I found a microsoft article that stated to check the Active Directory database location with the following command:

ntdsutil files info

This returned the location of:

c:\windows\ntds and the database file.  I confirmed that the database file is in that location with a current date/time stamp.

not sure if this helps.

look forward to some responses.

nix-IT
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Mike KlineCommented:
We have had something similar with users when they VPN in (outlook/mail issues).  What we are trying is forcing the clients to use TCP for kerberos (it is helping)

http://support.microsoft.com/kb/244474 
How to force Kerberos to use TCP instead of UDP in Windows

http://blogs.technet.com/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx

&A common problem is that routers will arbitrarily fragment UDP packets; when this happens the Kerberos ticket request packets are discarded by the KDC. Windows Vista and Windows Server 2008 now default to using TCP for Kerberos ticket requests&
 
May want to try that registy change on one or two test machines.
Thanks
Mike
0
 
ISWSIMBXCommented:
Can you post the contents of the 4015 event?  Was anything changed with your Active Directory or DNS about a month ago?
0
 
nix-ITAuthor Commented:
Here are the contents:

Event Type:      Error

Event Source:      DNS

Event Category:      None

Event ID:      4015

Date:            5/13/2009

Time:            12:35:54 PM

User:            N/A

Computer:      SRVPDC

Description:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00000051
------------------------------------------

In directory service, I also see event id: 1168, with the contents:

Event Type:      Error

Event Source:      NTDS General

Event Category:      Internal Processing

Event ID:      1168

Date:            5/13/2009

Time:            12:45:16 PM

User:            NT AUTHORITY\ANONYMOUS LOGON

Computer:      SRVPDC

Description:

Internal error: An Active Directory error has occurred.

 

Additional Data

Error value (decimal):

1053

Error value (hex):

41d

Internal ID:

3000502

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------

not sure if this helps.

Thanx all for your help.

nix-IT
0
 
Mike KlineCommented:
Does the 4015 event happen after a reboot/restart?  Are you pointing the boxes to themselves for primary DNS?
Thanks
Mike
0
 
nix-ITAuthor Commented:
yes, this happens after a reboot, and yes, they are pointing to themselves.

I want to clarify, I did not set up the domain controllers or these DNS servers.  :)

nix-IT

0
 
Mike KlineCommented:
Well setting them up to point to themselves is ok, but I've seen this 4015 before and you will hear it called the "race condition" problem.  So DNS and AD are both trying to start and they depend on each other and then they fail.
Try pointing to each other for primary and to themselves as secondary and then during your next maintenance cycle reboot one of the boxes and see if you get the 4015 errors still.
Then reboot the other and observe the results.
We have had luck with that configuration on our DCs that had this issue.
Thanks
Mike
0
 
nix-ITAuthor Commented:
Mike,

Thanks, I will give this a shot and report back in the AM.

nix-IT
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now