Solved

Event ID 4015 -- functioning active directory

Posted on 2009-05-13
10
2,568 Views
Last Modified: 2012-05-06
Hello all, new user here, first post.

I have been banging my head against the wall on this one, can't find any information on this that makes sense to me.

We have 2 domain controllers, both Win2k3 with latest SP and security updates.  Recently, about a month ago, we started experiencing DNS/Active Directory issues with our Mac clients.  We found a work around but now our VPN uers are having errors that is leading me to believe our domain controllers/active directory is corrupt or not functioning properly.

I've gone into the event view and started noticing event id 4015 in the DNS Server and in Directory Service event ID 1168.

I'm fairly new to administering Active Directory and Domain Controllers, so any help would be greatly appreciated.

nix-IT
0
Comment
Question by:nix-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24378172
What are the actual problems the VPN users are having.  Are they having issues access email or file shares?
Thanks
Mike
0
 

Author Comment

by:nix-IT
ID: 24378233
The users can't access their email or the file shares and the problem is intermittent.  I've been working with our VPN service provider for the past 2 weeks, and they claim nothing has changed.  The VPN service providers state that it could be a DNS issue.

The users can sometimes access the shares by share name, but when they can't, they can access them by IP address.

Today a user can't access any of the shares by IP or name.

nix-IT

0
 

Author Comment

by:nix-IT
ID: 24378834
more on this issue.  during my searching online, I found a microsoft article that stated to check the Active Directory database location with the following command:

ntdsutil files info

This returned the location of:

c:\windows\ntds and the database file.  I confirmed that the database file is in that location with a current date/time stamp.

not sure if this helps.

look forward to some responses.

nix-IT
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 24379181
We have had something similar with users when they VPN in (outlook/mail issues).  What we are trying is forcing the clients to use TCP for kerberos (it is helping)

http://support.microsoft.com/kb/244474 
How to force Kerberos to use TCP instead of UDP in Windows

http://blogs.technet.com/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx

&A common problem is that routers will arbitrarily fragment UDP packets; when this happens the Kerberos ticket request packets are discarded by the KDC. Windows Vista and Windows Server 2008 now default to using TCP for Kerberos ticket requests&
 
May want to try that registy change on one or two test machines.
Thanks
Mike
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24379359
Can you post the contents of the 4015 event?  Was anything changed with your Active Directory or DNS about a month ago?
0
 

Author Comment

by:nix-IT
ID: 24379425
Here are the contents:

Event Type:      Error

Event Source:      DNS

Event Category:      None

Event ID:      4015

Date:            5/13/2009

Time:            12:35:54 PM

User:            N/A

Computer:      SRVPDC

Description:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00000051
------------------------------------------

In directory service, I also see event id: 1168, with the contents:

Event Type:      Error

Event Source:      NTDS General

Event Category:      Internal Processing

Event ID:      1168

Date:            5/13/2009

Time:            12:45:16 PM

User:            NT AUTHORITY\ANONYMOUS LOGON

Computer:      SRVPDC

Description:

Internal error: An Active Directory error has occurred.

 

Additional Data

Error value (decimal):

1053

Error value (hex):

41d

Internal ID:

3000502

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------

not sure if this helps.

Thanx all for your help.

nix-IT
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24379565
Does the 4015 event happen after a reboot/restart?  Are you pointing the boxes to themselves for primary DNS?
Thanks
Mike
0
 

Author Comment

by:nix-IT
ID: 24379598
yes, this happens after a reboot, and yes, they are pointing to themselves.

I want to clarify, I did not set up the domain controllers or these DNS servers.  :)

nix-IT

0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24379646
Well setting them up to point to themselves is ok, but I've seen this 4015 before and you will hear it called the "race condition" problem.  So DNS and AD are both trying to start and they depend on each other and then they fail.
Try pointing to each other for primary and to themselves as secondary and then during your next maintenance cycle reboot one of the boxes and see if you get the 4015 errors still.
Then reboot the other and observe the results.
We have had luck with that configuration on our DCs that had this issue.
Thanks
Mike
0
 

Author Comment

by:nix-IT
ID: 24379661
Mike,

Thanks, I will give this a shot and report back in the AM.

nix-IT
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question