Solved

Event ID 4015 -- functioning active directory

Posted on 2009-05-13
10
2,529 Views
Last Modified: 2012-05-06
Hello all, new user here, first post.

I have been banging my head against the wall on this one, can't find any information on this that makes sense to me.

We have 2 domain controllers, both Win2k3 with latest SP and security updates.  Recently, about a month ago, we started experiencing DNS/Active Directory issues with our Mac clients.  We found a work around but now our VPN uers are having errors that is leading me to believe our domain controllers/active directory is corrupt or not functioning properly.

I've gone into the event view and started noticing event id 4015 in the DNS Server and in Directory Service event ID 1168.

I'm fairly new to administering Active Directory and Domain Controllers, so any help would be greatly appreciated.

nix-IT
0
Comment
Question by:nix-IT
  • 5
  • 4
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
What are the actual problems the VPN users are having.  Are they having issues access email or file shares?
Thanks
Mike
0
 

Author Comment

by:nix-IT
Comment Utility
The users can't access their email or the file shares and the problem is intermittent.  I've been working with our VPN service provider for the past 2 weeks, and they claim nothing has changed.  The VPN service providers state that it could be a DNS issue.

The users can sometimes access the shares by share name, but when they can't, they can access them by IP address.

Today a user can't access any of the shares by IP or name.

nix-IT

0
 

Author Comment

by:nix-IT
Comment Utility
more on this issue.  during my searching online, I found a microsoft article that stated to check the Active Directory database location with the following command:

ntdsutil files info

This returned the location of:

c:\windows\ntds and the database file.  I confirmed that the database file is in that location with a current date/time stamp.

not sure if this helps.

look forward to some responses.

nix-IT
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
We have had something similar with users when they VPN in (outlook/mail issues).  What we are trying is forcing the clients to use TCP for kerberos (it is helping)

http://support.microsoft.com/kb/244474
How to force Kerberos to use TCP instead of UDP in Windows

http://blogs.technet.com/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx

&A common problem is that routers will arbitrarily fragment UDP packets; when this happens the Kerberos ticket request packets are discarded by the KDC. Windows Vista and Windows Server 2008 now default to using TCP for Kerberos ticket requests&
 
May want to try that registy change on one or two test machines.
Thanks
Mike
0
 
LVL 3

Expert Comment

by:ISWSIMBX
Comment Utility
Can you post the contents of the 4015 event?  Was anything changed with your Active Directory or DNS about a month ago?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:nix-IT
Comment Utility
Here are the contents:

Event Type:      Error

Event Source:      DNS

Event Category:      None

Event ID:      4015

Date:            5/13/2009

Time:            12:35:54 PM

User:            N/A

Computer:      SRVPDC

Description:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00000051
------------------------------------------

In directory service, I also see event id: 1168, with the contents:

Event Type:      Error

Event Source:      NTDS General

Event Category:      Internal Processing

Event ID:      1168

Date:            5/13/2009

Time:            12:45:16 PM

User:            NT AUTHORITY\ANONYMOUS LOGON

Computer:      SRVPDC

Description:

Internal error: An Active Directory error has occurred.

 

Additional Data

Error value (decimal):

1053

Error value (hex):

41d

Internal ID:

3000502

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------

not sure if this helps.

Thanx all for your help.

nix-IT
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Does the 4015 event happen after a reboot/restart?  Are you pointing the boxes to themselves for primary DNS?
Thanks
Mike
0
 

Author Comment

by:nix-IT
Comment Utility
yes, this happens after a reboot, and yes, they are pointing to themselves.

I want to clarify, I did not set up the domain controllers or these DNS servers.  :)

nix-IT

0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
Well setting them up to point to themselves is ok, but I've seen this 4015 before and you will hear it called the "race condition" problem.  So DNS and AD are both trying to start and they depend on each other and then they fail.
Try pointing to each other for primary and to themselves as secondary and then during your next maintenance cycle reboot one of the boxes and see if you get the 4015 errors still.
Then reboot the other and observe the results.
We have had luck with that configuration on our DCs that had this issue.
Thanks
Mike
0
 

Author Comment

by:nix-IT
Comment Utility
Mike,

Thanks, I will give this a shot and report back in the AM.

nix-IT
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Weird DFS behavior... 5 44
Moving FSMO Roles 5 78
Windows 2012 R2 ADFS Farm 3 37
Home folder in File server 8 37
There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now