Solved

XP clients loose trust connection with server but a reboot rectifies this

Posted on 2009-07-09
36
395 Views
Last Modified: 2012-05-07
I've seen other posts but the fixes have not worked. We started with 1 xp client that would loose the trust with the server when accessing shares and a reboot would fix it. Seems like it happens overnight which it does, sometime between 6-7 each night something happens and trust is broken. A reboot fixes the problem. Now multiple machines have this problem.  We are now having this problem on two seperate networks with mutiple clients both using SBS 2003 server.  Removing from domain and readding as suggested doesn't fix the problem. Another solution was to remove from domain and clean out dns suffix information and that hasn't worked. We have installed all critical/security updates/patches for the clients and servers and still are getting no where. This has been happening for over two months and today another client caught the problem.  Where do I start looking now?
0
Comment
Question by:sraley
  • 19
  • 11
  • 5
  • +1
36 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24814538
Are your  event logs on the workstations showing an error similar to "cannot find domain controller" ?
0
 

Author Comment

by:sraley
ID: 24814568
I don't remember. I'm trying to find notes we made of what was in the event logs on the workstations
0
 

Author Comment

by:sraley
ID: 24814627
yes I don't have the event id but it does say can not find domain controller
0
 

Author Comment

by:sraley
ID: 24817711
Workstations have an error 40960 The security system detected an attempted downgrade attack for server ldap/SMHE. The failure code from authetication protocol Kerberos was "There are currently no logon servers available to service the logon request (0xc000005e)".

event id's 15 and 5719 show up for every morning that they are not realling being authenticated by the domain.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24820945
0
 
LVL 1

Expert Comment

by:realtec
ID: 24821525
Have you done a Virus Check ? Conficker worm comes to mind.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24821539
A quick check for that is to see if the DHCP client Service has stopped and if so, cannot be started
0
 

Author Comment

by:sraley
ID: 24821693
DHCP wasn't running, the router was doing DHCP so I changed that so the server is running it as well as I fixed w32time issue since it couldn't contact time.windows.com, now its syncing with a .gov time server.
0
 
LVL 10

Assisted Solution

by:Kieran_Burns
Kieran_Burns earned 100 total points
ID: 24821710
You need the DHCP client on workstations to have DNS working... is the service running on the client machines?
0
 

Author Comment

by:sraley
ID: 24821722
I found something on eventid.net that suggested they had problems with same intel gig nic so I updated drivers from v6.3.6.3 to v8.10.3.0, 6 years newer driver.
0
 

Author Comment

by:sraley
ID: 24821726
they have no issues getting on the internet so yes I'm guessing there are no dns issues on the clients. They had the domain controller listed as the third dns server though. I've changed that when I switched DHCP back to the domain controller and made it the dns server.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24821737
If you're seeing issues with the NIC then i would suggest forcing the cards to use 100/full rather than auto-config as they probably are at the moment
0
 

Author Comment

by:sraley
ID: 24821803
I don't know if the problem is with the NIC I was just reading comments at eventid.net and decided to try it. I also saw that with windows 2003 server turning off power management on the NIC fixed everything so I did that as well.  Right now on the server I'm getting Event 4004 which I saw a link to get a hotfix for Microsoft and I've been waiting for 3 hrs for that to be emailed to me. I already have Sp2 installed on the server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822440
The client must point to your internal DNS server/s for DNS and ONLY your server/s. Do not add the router or an ISP as an alternate DNS server or you will have name resolution and authentication issues on the LAN. This apples to both server and client. The ISP's DNS gets added as a forwarder on the server.

Do not set the NIC to a static speed or duplex unless you can do the same on the switch. If the switch is auto-negotiate only, the NIC must be as well or you will find you have severe performance issues after a couple of days.

Due to the lost connection/trust when idle for long periods of time, turning of NIC power management on the PC is an excellent move. If happening to more than 1 PC, do so on the server as well.

It can be a bad switch port, but if a reboot fixes it, that is unlikely.
Bad network cabling is the #1 cause of lost or flaky connections, can you try another connection and patch cable.

Try running Microsoft's NetDiag on the PC and see if it points to any network/DNS issues:
http://www.lan-2-wan.com/Diag-FAQ.htm#q1

You mention you "lose trust connection" is there an event log error that suggests this? If so could you post the ID# and source.

If having 4004 errors on the server you might also want to run NetDiag (different ver for server) and DCDiag on the server.
http://www.computerperformance.co.uk/w2k3/utilities/windows_dcdiag.htm
0
 

Author Comment

by:sraley
ID: 24827703
After I changed the NIC power management, upgraded the NIC driver on the server, changed DHCP DNS settings I'm still getting autoenrollment errors that it can't find server. I fixed the time sync on the server so the w32time errors are gone. I was not getting 4004 errors until I did these things but I also created a reverse dns zone since this was one thing mentioned that might help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24827722
Have you tried the suggested diagnostics?
0
 

Author Comment

by:sraley
ID: 24827739
trying to get on the server now to do that.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24827766
That may help to point out any specific DNS or name resolution issues.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:sraley
ID: 24827932
netdiag everything passed except I got a warning on netbt name test
"at least one of the <00> 'Workstation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. No remote names have been found.

trust relationship test and wan configuration test were skipped
0
 

Author Comment

by:sraley
ID: 24827970
everything passed in dcdiag
0
 

Author Comment

by:sraley
ID: 24828249
I removed the backup dns from DHCP that was for the router so only the domain controller has a dns entry and tested one of the clients with test account and it did not have an autoenrollment or any other errors in the event log.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
ID: 24828712
It is very important with Windows Active Director domains that DNS be configured properly. If not you can run into all sorts of issues, many of which seem totally unrelated.

Below is a check list for Windows 2003 servers, however if you are running Windows Small Business Server, though the rules still apply, the method for configuring is slightly different. The server NIC/s must point only to the server itself for DNS. If you have additional internal DCs/DNS servers, you can add those. Any others such as the ISPs must be removed from all NICs. Then run the CEICW (Configure E-mail and Internet Connection Wizard) which is located by going to Server Management | Internet and E-mail | Connect to the Internet. Within the wizard you will be prompted for the ISPs DNS servers which will automatically be added to the forwarders list. This also verifies DNS is properly configured, and assists with the configuration of your network related services. The wizard can be run as often as you like. If running it through a remote desktop session you may be disconnected for 5 to 30 seconds as it completes.

Clients MUST also point ONLY to your internal DNS servers. (likely just the SBS). Make sure whether assigned static addressing or DHCP addressing (preferred) they do not receive the ISPs DNS, even as an alternate.

As mentioned below, and especially with SBS, the server should be the DHCP server. If it is not have a look at the following document explaining how to move the DHCP service from the router to the SBS.
Set up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx

The following link explains in detail configuring networking with an SBS:
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763

0
 

Author Comment

by:sraley
ID: 24829873
the server nic only has 127.0.0.1 for its dns. I had dhcp sending clients the router as a secondary dns, the servers address was primary.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24830149
127.0.0.1  is fine for the server.
However the clients must point ONLY to your server. I understand the logic of having a secondary point to a router or ISP, but it will cause slow logons, name resolution issues, and other issues. The problem is Windows doesn't always use the the 1st DNS server first as it should.
http://rcpmag.com/articles/2004/05/01/10-dns-errors-that-will-kill-your-network.aspx
0
 

Author Comment

by:sraley
ID: 24830706
I understand that but I don't understand why it started happening out of the blue. We think there was a patch since we do windows updates on a monthly basis not as they come out and all the problems happened after the clients and server did their monthly updates.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24830842
You mentioned you "lose trust connection" is there an event log error that suggests this? Are you referring to the 4004 errors? If not could you post the ID# and source.

0
 

Author Comment

by:sraley
ID: 24831446
Yes I believe it was 1539 but the test client no longer has those and I am not getting the 4004 errors. I rebooted the server but I'm not getting it.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24831779
I am not sure I understand what the current problem is, if those errors are no longer present.
0
 

Author Comment

by:sraley
ID: 24831982
the problem appears to have dissappeared and the only thing that seems to have worked was taking out secondary dns out of dhcp.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24831990
That is important.
0
 

Author Comment

by:sraley
ID: 24832178
I understand just for the errors I was receiving things like the time sync and other issues I mentioned I tried were coming up in google searches so I did all of those.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24834438
So is everything working OK at this point?
0
 

Author Comment

by:sraley
ID: 24834662
I'm trying to verify a few more clients to make sure.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24834686
OK, let us know how it goes.
0
 

Author Comment

by:sraley
ID: 24847725
It appears everything is working
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24847806
Great! Glad to hear. Thanks sraley.
Cheers.
--Rob
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now