AD vanishing act

Posted on 2010-01-04
Last Modified: 2012-05-08
Today we've had ongoing issues with a windows 2003 based network. The network has seen strange issues with XP based workstations hanging at "applying computer settings" for at least 20 minutes before finally showing the desktop. The workstations would then be unable to access any network files. The network folders showed normally, they could view the contents of any folder, but when they tried an excel file, for example, Excel just said "downloading <filename>" and sat there and explorer would stop responding.

We have an EE post of the issue here:

The situation got worse later on in the day and the reason I've created a new EE post is that I'm not sure the issues are related or just very poor coincidence.

At about 4pm suddenly the server just stopped responding. Email (it runs Exchange) says it couldnt find the server. DNS appeared not to work for the network. RDP to the server failed at the same time. The event log at that time gets jammed with loads of errors from apps reporting that suddenly there were no Active Directory servers available. However, the first few logs are included below. In the end we had to cold reboot the server by removing the power cable. When it came back up everything, including the other issues from the previous EE post, was back and working again.

Does anyone know of a way to fault find the cause of this or perhaps view some other log files somewhere that may give an indication as to the cause?

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4016
Date:            04/01/2010
Time:            15:57:39
User:            N/A
Computer:      myserver
The DNS server timed out attempting an Active Directory service operation on DC=desktop9,DC=domain.local,cn=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=local.  Check Active Directory to see that it is functioning properly. The event data contains the error.

0000: 55 00 00 00               U...    
Event Type:      Warning
Event Source:      NTDS General
Event Category:      Global Catalog
Event ID:      1655
Date:            04/01/2010
Time:            16:44:52
Computer:      myserver
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
1818 The remote procedure call was cancelled.
Event Type:      Error
Event Source:      MSExchange ADAccess
Event Category:      Topology
Event ID:      2102
Date:            04/01/2010
Time:            16:00:10
User:            N/A
Computer:      myserver
Process MAD.EXE (PID=2832). All Domain Controller Servers in use are not responding:
Question by:stonneway
    LVL 19

    Expert Comment

    Sounds like a DNS issue from the start (though I haven't looked at the other Q yet). But certainly I'd say every problem you mentioned in this particular Q likely stem from some sort of DNS issue.

    Can you run a dcdiag /test:DNS on the DC, check everything passes ok, and post the results here too?


    LVL 1

    Author Comment

    Not much to see I'm afraid. In normal usage the network behaves very well.

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests
       Testing server: Default-First-Site-Name\myserver
          Starting test: Connectivity
             ......................... myserver passed test Connectivity

    Doing primary tests
       Testing server: Default-First-Site-Name\myserver

    DNS Tests are running and not hung. Please wait a few minutes...
       Running partition tests on : ForestDnsZones
       Running partition tests on : DomainDnsZones
       Running partition tests on : Schema
       Running partition tests on : Configuration
       Running partition tests on : domain
       Running enterprise tests on : domain.local
          Starting test: DNS
             ......................... domain.local passed test DNS
    LVL 19

    Expert Comment

    Hmmmm... If this is the only DC in the domain, and also runs Exchange and acts as the file server etc, there are many many possibilities - The OS could simply have had a 'wobbly', and brought everything else down with it.

    You might want to check for disk errors etc, in case one of the disks in the server is on it's way out or something... Other than that, if there are no more errors in the event logs, I can't even think where to start really!

    What was showing on the actual console of the server once it had 'failed' completely (i.e. just prior to the hard boot you did)?

    LVL 7

    Accepted Solution


    Are there any LSASRV or netlogon events in the event viewer on the server?
    If yes then ,apply the fix in the following kb's and reboot the server:

    -Let us know the end results.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now