Server 2008 Stalling

We have a Windows 2008 server that is mainly our file server. For the past 2 days in the morning the server is inaccessable the network drives don't respond even the display on it don't respond and I have to hard boot it. The only thing I see in the event viewer s this error at 12:38AM and then nothing till I reboot it in the morning. Does anyone have any ideas what may be causing this

Event ID 1058

The processing of Group Policy failed. Windows attempted to read the file \\MYDOMAIN.local\sysvol\MYDOMAIN.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
LVL 2
Axis52401Security AnalystAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

smckeown777Commented:
How many domain controllers have you in this site?

Those errors could be DNS related

Give us more details on your environment

Also post the output of

ipconfig /all

on this server...
0
Axis52401Security AnalystAuthor Commented:
15 servers all running on VMware all Windows 2008, this server is the only one stalling

IPConfig


Windows IP Configuration

   Host Name . . . . . . . . . . . . : FS1
   Primary Dns Suffix  . . . . . . . : MYDOMAIN..local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MYDOMAIN.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : MYDOMAIN.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-25-8A-EA
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.10.250(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.2
   DNS Servers . . . . . . . . . . . : 192.168.10.24
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.midamar-cr.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : MY DOOMAIN.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Open in new window

0
Axis52401Security AnalystAuthor Commented:
That was supposed to be 5 servers not 15, not that I think that is all that important
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

smckeown777Commented:
Right...but how many DC's? DNS looks fine on this machine but with 5 servers how many are actual domain controllers? Cause those errors are related to ad replication from that I read...which means this current stalling server is a DC yes?

From a DC run

dcdiag /e /v /c > dcdiag.txt

Will create a txt file called dcdiag in the directory from where you run the command prompt - attach here so we can check

Also run if you have multiple DC's...

repadmin /showrepl
repadmin /replsummary

Note this may have nothing to do with AD(I'm working on the error you saw) but you say these are all running on VMWare? VMWare what? ESX/ESXi? Workstation?

Also you 'hard boot' the box - normally when I hear hard boot it means physical hardware switch off and back on - but I assume you mean the VM is just forced down?

What version of ESX(i) if you have that?
0
Axis52401Security AnalystAuthor Commented:
1 DC
No this server thats stalling is not a domain controller we use it as a file server.

Its VMware ESXI 5
And by Hard boot I meant I logged in and reset just this server (hard boot as if it were a physical server) The other 2 servers running on tis V box are stable



DCDIAG results

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine DC1, is a Directory Server. 
   Home Server = DC1

   * Connecting to directory service on server DC1.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DC1

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... DC1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DC1

      Starting test: Advertising

         The DC DC1 is advertising itself as a DC and having a DS.
         The DC DC1 is advertising as an LDAP server
         The DC DC1 is advertising as having a writeable directory
         The DC DC1 is advertising as a Key Distribution Center
         The DC DC1 is advertising as a time server
         The DS DC1 is advertising as a GC.
         ......................... DC1 passed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC DC1 for domain midamar-cr.local in site Default-First-Site-Name
         Checking machine account for DC DC1 on DC DC1.
         * SPN found :LDAP/DC1.midamar-cr.local/midamar-cr.local
         * SPN found :LDAP/DC1.midamar-cr.local
         * SPN found :LDAP/DC1
         * SPN found :LDAP/DC1.midamar-cr.local/MIDAMAR-CR
         * SPN found :LDAP/a53b88e0-d034-4784-a45b-88a32660bd6c._msdcs.midamar-cr.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a53b88e0-d034-4784-a45b-88a32660bd6c/midamar-cr.local
         * SPN found :HOST/DC1.midamar-cr.local/midamar-cr.local
         * SPN found :HOST/DC1.midamar-cr.local
         * SPN found :HOST/DC1
         * SPN found :HOST/DC1.midamar-cr.local/MIDAMAR-CR
         * SPN found :GC/DC1.midamar-cr.local/midamar-cr.local
         [DC1] No security related replication errors were found on this DC!

         To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... DC1 passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... DC1 passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... DC1 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         Skip the test because the server is running FRS.

         ......................... DC1 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... DC1 passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... DC1 passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... DC1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local
         ......................... DC1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC DC1 on DC DC1.
         * SPN found :LDAP/DC1.midamar-cr.local/midamar-cr.local
         * SPN found :LDAP/DC1.midamar-cr.local
         * SPN found :LDAP/DC1
         * SPN found :LDAP/DC1.midamar-cr.local/MIDAMAR-CR
         * SPN found :LDAP/a53b88e0-d034-4784-a45b-88a32660bd6c._msdcs.midamar-cr.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a53b88e0-d034-4784-a45b-88a32660bd6c/midamar-cr.local
         * SPN found :HOST/DC1.midamar-cr.local/midamar-cr.local
         * SPN found :HOST/DC1.midamar-cr.local
         * SPN found :HOST/DC1
         * SPN found :HOST/DC1.midamar-cr.local/MIDAMAR-CR
         * SPN found :GC/DC1.midamar-cr.local/midamar-cr.local
         ......................... DC1 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC DC1.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=midamar-cr,DC=local
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=midamar-cr,DC=local
         * Security Permissions Check for

           DC=DomainDnsZones,DC=midamar-cr,DC=local
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=midamar-cr,DC=local
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=midamar-cr,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=midamar-cr,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=midamar-cr,DC=local
            (Domain,Version 3)
         ......................... DC1 failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\DC1\netlogon
         Verified share \\DC1\sysvol
         ......................... DC1 passed test NetLogons

      Starting test: ObjectsReplicated

         DC1 is in domain DC=midamar-cr,DC=local
         Checking for CN=DC1,OU=Domain Controllers,DC=midamar-cr,DC=local in domain DC=midamar-cr,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local in domain CN=Configuration,DC=midamar-cr,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... DC1 passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... DC1 passed test OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=midamar-cr,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=midamar-cr,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=midamar-cr,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=midamar-cr,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=midamar-cr,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... DC1 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 2603 to 1073741823
         * DC1.midamar-cr.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2103 to 2602
         * rIDPreviousAllocationPool is 2103 to 2602
         * rIDNextRID: 2201
         ......................... DC1 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DC1 passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:02:15

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:07:15

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:12:16

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:17:17

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:22:17

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:27:18

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:32:19

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:37:19

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:42:20

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:47:21

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:52:21

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:56:41

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:44

            Event String:

            Driver Dell Open Print Driver (PCL XL) required for printer !!jclarahan!Dell 2350DN is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:45

            Event String:

            Driver SAVIN C3535 PCL 5c required for printer Copy Room is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:46

            Event String:

            Driver Datamax I-4212e MarkII required for printer Datamax4212Dock is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:46

            Event String:

            Driver HP LaserJet P2035n required for printer HP LaserJet P2035n is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:47

            Event String:

            Driver Lexmark MX310 Series XL required for printer Lexmark MX310 Series XL is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:47

            Event String:

            Driver SAVIN 816 PCL 5e required for printer SAVIN 816 PCL 5e is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:48

            Event String:

            Driver Xerox WorkCentre 3220 PCL 6 required for printer Savin 816 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:49

            Event String:

            Driver HP LaserJet P2035n required for printer X is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:49

            Event String:

            Driver Xerox WorkCentre 3220 PCL 6 required for printer Xerox WorkCentre 3220 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:50

            Event String:

            Driver Gestetner MP C305 PCL 5c required for printer !!Utility!Savin MP C305 PCL 5c is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:51

            Event String:

            Driver SAVIN C3535 PCL 5c required for printer !!Utility!Ricoh MPC 3500 PCL5 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:51

            Event String:

            Driver Epson DFX-8500 required for printer !!mi2k3ms!Epson DFX-8500 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:52

            Event String:

            Driver Brother HL-5250DN series required for printer !!mi2k3ms!Brother HL-5250DN series (reception) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:52

            Event String:

            Driver HP LaserJet P2035n required for printer !!MI2K3FS!Jalel's desk P2035n is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 08/30/2013   08:56:53

            Event String:

            Driver HP LaserJet P2035n required for printer !!HPMID01!HP LaserJet P2035n is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 08/30/2013   08:57:22

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\midamar-cr.local\sysvol\midamar-cr.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

            a) Name Resolution/Network Connectivity to the current domain controller. 

            b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

            c) The Distributed File System (DFS) client has been disabled.

         ......................... DC1 failed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=midamar-cr,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... DC1 passed test Topology

      Starting test: VerifyEnterpriseReferences

         The following problems were found while verifying various important DN

         references.  Note, that  these problems can be reported because of

         latency in replication.  So follow up to resolve the following

         problems, only if the same problem is reported on all DCs for a given

         domain or if  the problem persists after replication has had

         reasonable time to replicate changes. 
            [1] Problem: Missing Expected Value

             Base Object: CN=DC1,OU=Domain Controllers,DC=midamar-cr,DC=local

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: msDFSR-ComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            LDAP Error 0x20 (32) - No Such Object. 
         ......................... DC1 failed test VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=DC1,OU=Domain Controllers,DC=midamar-cr,DC=local and backlink on

         CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local

         are correct. 
         The system object reference (serverReferenceBL)

         CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=midamar-cr,DC=local

         and backlink on

         CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=midamar-cr,DC=local

         are correct. 
         The system object reference (frsComputerReferenceBL)

         CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=midamar-cr,DC=local

         and backlink on CN=DC1,OU=Domain Controllers,DC=midamar-cr,DC=local

         are correct. 
         ......................... DC1 passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... DC1 passed test VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... DC1 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : midamar-cr

      Starting test: CheckSDRefDom

         ......................... midamar-cr passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... midamar-cr passed test CrossRefValidation

   
   Running enterprise tests on : midamar-cr.local

      Starting test: DNS

         Test results for domain controllers:

            
            DC: DC1.midamar-cr.local

            Domain: midamar-cr.local

            

                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Enterprise  (Service Pack level: 1.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:0C:29:2E:D9:21
                     IP Address is static 
                     IP address: 192.168.10.24
                     DNS servers:

                        127.0.0.1 (DC1) [Valid]
                        192.168.10.24 (DC1) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     4.2.2.2 (<name unavailable>) [Valid] 
                     8.8.4.4 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  Delegation information for the zone: midamar-cr.local.
                     Delegated domain name: _msdcs.midamar-cr.local.
                        Error: DNS server: mi2k3ms.midamar-cr.local.

                        IP:<Unavailable> [Missing glue A record]

                        [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
                  
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone midamar-cr.local
                  Test record dcdiag-test-record deleted successfully in zone midamar-cr.local
                  
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Intel(R) PRO/1000 MT Network Connection:

                     Matching CNAME record found at DNS server 192.168.10.24:
                     a53b88e0-d034-4784-a45b-88a32660bd6c._msdcs.midamar-cr.local

                     Matching A record found at DNS server 192.168.10.24:
                     DC1.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.3463b218-4d9b-45d1-a88b-d37210dc09ec.domains._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._udp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kpasswd._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.gc._msdcs.midamar-cr.local

                     Matching A record found at DNS server 192.168.10.24:
                     gc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _gc._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.pdc._msdcs.midamar-cr.local

                     Matching CNAME record found at DNS server 192.168.10.24:
                     a53b88e0-d034-4784-a45b-88a32660bd6c._msdcs.midamar-cr.local

                     Matching A record found at DNS server 192.168.10.24:
                     DC1.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.3463b218-4d9b-45d1-a88b-d37210dc09ec.domains._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._udp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kpasswd._tcp.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _kerberos._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.gc._msdcs.midamar-cr.local

                     Matching A record found at DNS server 192.168.10.24:
                     gc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _gc._tcp.Default-First-Site-Name._sites.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.midamar-cr.local

                     Matching  SRV record found at DNS server 192.168.10.24:
                     _ldap._tcp.pdc._msdcs.midamar-cr.local

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.10.24 (DC1)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 4.2.2.2 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 8.8.4.4 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: midamar-cr.local

               DC1                          PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... midamar-cr.local failed test DNS

      Starting test: LocatorCheck

         GC Name: \\DC1.midamar-cr.local

         Locator Flags: 0xe00033fd
         PDC Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         KDC Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         ......................... midamar-cr.local passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\DC1.midamar-cr.local

         Locator Flags: 0xe00033fd
         PDC Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         KDC Name: \\DC1.midamar-cr.local
         Locator Flags: 0xe00033fd
         ......................... midamar-cr.local passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... midamar-cr.local passed test Intersite

Open in new window

0
smckeown777Commented:
Ok, again not sure this was a DC issue but based on the error its not seeing GPO's

Can you on your DC browse to
\\midamar-cr.local\sysvol\midamar-cr.local\Policies

Can you see all the policy folders in that?

On the machine that is hanging - you can't even open the VM Console and access? You said
network drives don't respond even the display on it don't respond

What display? RDP? Or the VM Console?

Also give us a bit of history - this has started happening in the last 2 days only - what changed that you know of? How much space is left on the C drive for example?
When its hung can you from a remote system ping it?
0
Axis52401Security AnalystAuthor Commented:
Yes on the DC I can broswe to \\midamar-cr.local\sysvol\midamar-cr.local\Policies and see 3 folders there.

From another machine I can login to VShpere and open a console to the problem server it shows the Cntl, Alt Delete screen. When I hit send Cntl, Alt Delete, that disappears and the next part that is supposed to show the logged in user so i can put in the password never appears. From there I have to reset that server.

This is happening every night about 12:32 AM. Then I get that error 1058 in the event viewer and then nothing till I reset it each day. As far as I can tell nothing has changed. There is almost 60G free on the C Drive.
I didn't think of trying to ping it I can try that the next time but when its down in the morning, i can't rdp into in nor access the shared documents.
0
Axis52401Security AnalystAuthor Commented:
It also shows that error 1058 at various times during the day so it may not be relevant, its just been the last one recorded before the server stalls
0
Axis52401Security AnalystAuthor Commented:
Yes it responds to ping while its stalling
0
smckeown777Commented:
Ok, good info...

Responds to pings - but can't access shared folders

Have you tried accessing those same shared folders by ip?

\\ip of server\sharedfolder

Does that work I wonder? Same for RDP - can you RDP by ip if you normally use dns name?
That would point to a dns issue...

12.30AM - when do you run backups on this? Its a VM but are backups run at night and if so what time? I've heard of running backups causing the console to lock up...but then things should come back to norm once it finishes...

Also what AV is installed on this machine? Sometimes AV products can cause these things - like a scheduled scan for example can cause these issues

What other errors are in event log? Not always the last error that is relevant...usually it is if server crashed completely...but this is staying up so wondering if there are others previous to the 1058...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Axis52401Security AnalystAuthor Commented:
I disabled the scheduled scan of Trend Micro and that seems to have stopped it. I'm going to reinstall it and set that scan back up and see if that resolves it. I don't want to leave the nightly scan turned off indefinately
0
Axis52401Security AnalystAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Jason0923's comment #a39467798

for the following reason:

Trend Micro problem
0
smckeown777Commented:
You should close this the correct way - my answer http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28225218.html#a39456467 points to the AV being the possible culprit...which it was...think I deserve credit for that do you not?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.