Solved

Losing connection to Win2008 DC and Exchange - Event ID 205

Posted on 2012-04-10
10
1,160 Views
Last Modified: 2012-04-18
I'm having a problem with a DC & Exchange setup. It seems that every night at 03:00 it goes down. After 03:00 I get a bunch of errors in Application and System logs but the first one is this:

Log Name:      Application
Source:        MSExchange Common
Date:          10/4/2012 3:00:27 pµ
Event ID:      205
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dc.domain.local
Description:
No DNS servers could be retrieved from network adapter 00000000-0000-0000-0000-000000000000. Check if the computer is connected to a network and Get-NetworkConnectionInfo returns any results.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange Common" />
    <EventID Qualifiers="49156">205</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-10T00:00:27.000000000Z" />
    <EventRecordID>10030</EventRecordID>
    <Channel>Application</Channel>
    <Computer>dc.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>00000000-0000-0000-0000-000000000000</Data>
  </EventData>
</Event>

Any ideas where I should start?
0
Comment
Question by:iJeff555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37826698
Do you have any form of backups that runs at around this time every night?
Is this a physical or a virtual server?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37826710
Also is it working again by the time you get in? You dont need to do anything to get services back up and running?
How many NICs in the exchange server?
0
 

Author Comment

by:iJeff555
ID: 37826722
Yes, I thought of the backup possibility too, I have a DPM server, it did have a schedule for recovery points at that time (03:00), I changed that to see if it has any relation to the errors.

It's a Hyper-V VM, maybe there was some mix up with the virtual networks so I simplified those too. It's now using only one NIC and one virtual network. At the Hyper-V host I was getting a 4319 error:

Log Name:      System
Source:        NetBT
Date:          9/4/2012 3:00:04 µµ
Event ID:      4319
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      hyperv.domain.local
Description:
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NetBT" />
    <EventID Qualifiers="49152">4319</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-09T12:00:04.659420800Z" />
    <EventRecordID>2943</EventRecordID>
    <Channel>System</Channel>
    <Computer>hyperv.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Binary>000000000100320000000000DF1000C0050100000310A8C068000000000000000000000000000000</Binary>
  </EventData>
</Event>
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:iJeff555
ID: 37826729
No, it's not working when I get in. It needs a restart. After that everything is OK.

One NIC on the server. By the way, it's a DC too, DC & Exchange are installed on the same VM.

I also get a "shutting down microsoft echange replication service" message while shutting down which stays on for about 2 minutes or so...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 37826835
Ok well the event their is pretty self explanitory!

"Description:
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state."

Have you run an nbstat -n ?
What results you get?

Was the server cloned from a physical box?
0
 

Author Comment

by:iJeff555
ID: 37826849
I did but after I switched back to just one NIC on the host and one virtual network. The results with this setup at this time are:

Hyper-V LAN 1:
Node IpAddress: [192.168.16.2] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    DOMAIN         <00>  GROUP       Registered
    HYPERV         <00>  UNIQUE      Registered
    HYPERV         <20>  UNIQUE      Registered

\Device\NetBT_Tcpip_{03E1F6F4-E247-47F0-BB51-75289CD80E15}:
Node IpAddress: [0.0.0.0] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    DOMAIN         <00>  GROUP       Registered
    HYPERV         <00>  UNIQUE      Registered
    HYPERV         <20>  UNIQUE      Registered

LAN 3:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

LAN 4:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

--------------

No, the server was not cloned from a physical box.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37826859
When did this start happening? What changed on your network on that day.
You you have ANY systems or VM's that autostart around that time of day?
0
 

Author Comment

by:iJeff555
ID: 37826866
The backup is the first thing that comes to mind that was setup recently.

But let's see if the backup rescheduling or the network changes resolve this today and we'll take it from there I guess.
0
 

Author Comment

by:iJeff555
ID: 37832471
I believe the simplification of the network on the host has resolved the problem. I had no problem for the past 24hours.

But I'll wait a couple more days until I consider this fixed...
0
 

Author Comment

by:iJeff555
ID: 37860239
After a week no problem at all. The simplification of the network on the host has resolved the problem.

Thanks, your answer pointed to the right direction!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question