XP clients loose trust connection with server but a reboot rectifies this

I've seen other posts but the fixes have not worked. We started with 1 xp client that would loose the trust with the server when accessing shares and a reboot would fix it. Seems like it happens overnight which it does, sometime between 6-7 each night something happens and trust is broken. A reboot fixes the problem. Now multiple machines have this problem.  We are now having this problem on two seperate networks with mutiple clients both using SBS 2003 server.  Removing from domain and readding as suggested doesn't fix the problem. Another solution was to remove from domain and clean out dns suffix information and that hasn't worked. We have installed all critical/security updates/patches for the clients and servers and still are getting no where. This has been happening for over two months and today another client caught the problem.  Where do I start looking now?
sraleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kieran_BurnsCommented:
Are your  event logs on the workstations showing an error similar to "cannot find domain controller" ?
0
sraleyAuthor Commented:
I don't remember. I'm trying to find notes we made of what was in the event logs on the workstations
0
sraleyAuthor Commented:
yes I don't have the event id but it does say can not find domain controller
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

sraleyAuthor Commented:
Workstations have an error 40960 The security system detected an attempted downgrade attack for server ldap/SMHE. The failure code from authetication protocol Kerberos was "There are currently no logon servers available to service the logon request (0xc000005e)".

event id's 15 and 5719 show up for every morning that they are not realling being authenticated by the domain.
0
Kieran_BurnsCommented:
0
realtecCommented:
Have you done a Virus Check ? Conficker worm comes to mind.
0
Kieran_BurnsCommented:
A quick check for that is to see if the DHCP client Service has stopped and if so, cannot be started
0
sraleyAuthor Commented:
DHCP wasn't running, the router was doing DHCP so I changed that so the server is running it as well as I fixed w32time issue since it couldn't contact time.windows.com, now its syncing with a .gov time server.
0
Kieran_BurnsCommented:
You need the DHCP client on workstations to have DNS working... is the service running on the client machines?
0
sraleyAuthor Commented:
I found something on eventid.net that suggested they had problems with same intel gig nic so I updated drivers from v6.3.6.3 to v8.10.3.0, 6 years newer driver.
0
sraleyAuthor Commented:
they have no issues getting on the internet so yes I'm guessing there are no dns issues on the clients. They had the domain controller listed as the third dns server though. I've changed that when I switched DHCP back to the domain controller and made it the dns server.
0
Kieran_BurnsCommented:
If you're seeing issues with the NIC then i would suggest forcing the cards to use 100/full rather than auto-config as they probably are at the moment
0
sraleyAuthor Commented:
I don't know if the problem is with the NIC I was just reading comments at eventid.net and decided to try it. I also saw that with windows 2003 server turning off power management on the NIC fixed everything so I did that as well.  Right now on the server I'm getting Event 4004 which I saw a link to get a hotfix for Microsoft and I've been waiting for 3 hrs for that to be emailed to me. I already have Sp2 installed on the server.
0
Rob WilliamsCommented:
The client must point to your internal DNS server/s for DNS and ONLY your server/s. Do not add the router or an ISP as an alternate DNS server or you will have name resolution and authentication issues on the LAN. This apples to both server and client. The ISP's DNS gets added as a forwarder on the server.

Do not set the NIC to a static speed or duplex unless you can do the same on the switch. If the switch is auto-negotiate only, the NIC must be as well or you will find you have severe performance issues after a couple of days.

Due to the lost connection/trust when idle for long periods of time, turning of NIC power management on the PC is an excellent move. If happening to more than 1 PC, do so on the server as well.

It can be a bad switch port, but if a reboot fixes it, that is unlikely.
Bad network cabling is the #1 cause of lost or flaky connections, can you try another connection and patch cable.

Try running Microsoft's NetDiag on the PC and see if it points to any network/DNS issues:
http://www.lan-2-wan.com/Diag-FAQ.htm#q1

You mention you "lose trust connection" is there an event log error that suggests this? If so could you post the ID# and source.

If having 4004 errors on the server you might also want to run NetDiag (different ver for server) and DCDiag on the server.
http://www.computerperformance.co.uk/w2k3/utilities/windows_dcdiag.htm
0
sraleyAuthor Commented:
After I changed the NIC power management, upgraded the NIC driver on the server, changed DHCP DNS settings I'm still getting autoenrollment errors that it can't find server. I fixed the time sync on the server so the w32time errors are gone. I was not getting 4004 errors until I did these things but I also created a reverse dns zone since this was one thing mentioned that might help.
0
Rob WilliamsCommented:
Have you tried the suggested diagnostics?
0
sraleyAuthor Commented:
trying to get on the server now to do that.
0
Rob WilliamsCommented:
That may help to point out any specific DNS or name resolution issues.
0
sraleyAuthor Commented:
netdiag everything passed except I got a warning on netbt name test
"at least one of the <00> 'Workstation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. No remote names have been found.

trust relationship test and wan configuration test were skipped
0
sraleyAuthor Commented:
everything passed in dcdiag
0
sraleyAuthor Commented:
I removed the backup dns from DHCP that was for the router so only the domain controller has a dns entry and tested one of the clients with test account and it did not have an autoenrollment or any other errors in the event log.
0
Rob WilliamsCommented:
It is very important with Windows Active Director domains that DNS be configured properly. If not you can run into all sorts of issues, many of which seem totally unrelated.

Below is a check list for Windows 2003 servers, however if you are running Windows Small Business Server, though the rules still apply, the method for configuring is slightly different. The server NIC/s must point only to the server itself for DNS. If you have additional internal DCs/DNS servers, you can add those. Any others such as the ISPs must be removed from all NICs. Then run the CEICW (Configure E-mail and Internet Connection Wizard) which is located by going to Server Management | Internet and E-mail | Connect to the Internet. Within the wizard you will be prompted for the ISPs DNS servers which will automatically be added to the forwarders list. This also verifies DNS is properly configured, and assists with the configuration of your network related services. The wizard can be run as often as you like. If running it through a remote desktop session you may be disconnected for 5 to 30 seconds as it completes.

Clients MUST also point ONLY to your internal DNS servers. (likely just the SBS). Make sure whether assigned static addressing or DHCP addressing (preferred) they do not receive the ISPs DNS, even as an alternate.

As mentioned below, and especially with SBS, the server should be the DHCP server. If it is not have a look at the following document explaining how to move the DHCP service from the router to the SBS.
Set up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx

The following link explains in detail configuring networking with an SBS:
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sraleyAuthor Commented:
the server nic only has 127.0.0.1 for its dns. I had dhcp sending clients the router as a secondary dns, the servers address was primary.
0
Rob WilliamsCommented:
127.0.0.1  is fine for the server.
However the clients must point ONLY to your server. I understand the logic of having a secondary point to a router or ISP, but it will cause slow logons, name resolution issues, and other issues. The problem is Windows doesn't always use the the 1st DNS server first as it should.
http://rcpmag.com/articles/2004/05/01/10-dns-errors-that-will-kill-your-network.aspx
0
sraleyAuthor Commented:
I understand that but I don't understand why it started happening out of the blue. We think there was a patch since we do windows updates on a monthly basis not as they come out and all the problems happened after the clients and server did their monthly updates.
0
Rob WilliamsCommented:
You mentioned you "lose trust connection" is there an event log error that suggests this? Are you referring to the 4004 errors? If not could you post the ID# and source.

0
sraleyAuthor Commented:
Yes I believe it was 1539 but the test client no longer has those and I am not getting the 4004 errors. I rebooted the server but I'm not getting it.
0
Rob WilliamsCommented:
I am not sure I understand what the current problem is, if those errors are no longer present.
0
sraleyAuthor Commented:
the problem appears to have dissappeared and the only thing that seems to have worked was taking out secondary dns out of dhcp.
0
Rob WilliamsCommented:
That is important.
0
sraleyAuthor Commented:
I understand just for the errors I was receiving things like the time sync and other issues I mentioned I tried were coming up in google searches so I did all of those.
0
Rob WilliamsCommented:
So is everything working OK at this point?
0
sraleyAuthor Commented:
I'm trying to verify a few more clients to make sure.
0
Rob WilliamsCommented:
OK, let us know how it goes.
0
sraleyAuthor Commented:
It appears everything is working
0
Rob WilliamsCommented:
Great! Glad to hear. Thanks sraley.
Cheers.
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.