Solved

AD and DNS errors on 2003 Domain Controller.

Posted on 2014-02-03
11
603 Views
Last Modified: 2014-02-03
So I got into the office this morning and starting checking my servers. I logged into my FSMO role holder to view the event log and this is what I saw.

Event Type:      Warning
Event Source:      NTDS General
Event Category:      Global Catalog
Event ID:      1655
Date:            2/2/2014
Time:            4:21:19 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SERVER1
Description:
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
 
Global catalog:
\\server1.intranet.domain.com
 
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an available global catalog server.
 
Additional Data
Error value:
1722 The RPC server is unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      NTDS General
Event Category:      Global Catalog
Event ID:      1126
Date:            2/2/2014
Time:            4:21:20 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SERVER1
Description:
Active Directory was unable to establish a connection with the global catalog.
 
Additional Data
Error value:
8240 There is no such object on the server.
Internal ID:
3200ba0
 
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller.  You may use the nltest utility to diagnose this problem.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            2/2/2014
Time:            3:41:28 PM
User:            N/A
Computer:      SERVER1
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4000
Date:            2/2/2014
Time:            3:50:55 PM
User:            N/A
Computer:      SERVER1
Description:
The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    


I also noticed that in vCenter it was showing high CPU usage for this VM. It was also giving me a message inside the VM that it was increasing memory.

With the VM running HIGH CPU, could that of caused the issues? I think I need to add more RAM to this VM as I am only using 1 GB. I only have around 100 users. the CPU has returned to normal and no additional errors are being reported in the event viewer.
0
Comment
Question by:victordr
  • 5
  • 5
11 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 400 total points
ID: 39829593
First off run the below commands to check on the replicaiton and AD diagnostic tests...
- repadmin /replsum
- repadmin /showrepl
- dcdiag /v

Also can you open AD Sites and Services and under the Computer>NTDS Settings>Properties>General Tab change to see if your DC is actually a GC or if it has been changed.

Will.
0
 

Author Comment

by:victordr
ID: 39829605
i already ran these tests and everything looked good. I did verify the server is a GC. all of the other Domain Controllers showed no errors.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829611
Ok, check to ensure that all of the services on that box have been started correctly. Also run "netdom query fsmo" and ensure that your FSMO role holder is actually seen as this FSMO holder by the DC itself and also other DC's in your environment.

Will.
0
 

Author Comment

by:victordr
ID: 39829616
ok. So do you think the hiccup may have been caused by the high cpu usage?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829637
Not sure i understand your last statment. Have you been able to try and rreboot that DC in question?

Will.
0
 

Author Comment

by:victordr
ID: 39829649
No i haven't rebooted it. I am asking that because the CPU was pegged on the VM, could this of caused the issues with AD on the server?
0
 
LVL 2

Assisted Solution

by:dalberson
dalberson earned 100 total points
ID: 39829731
Will gave some very good instructions, and I understand you have tried these and found no "smoking gun".

It IS theoretically possible that during a time of extremely high CPU usage, I suppose a "time out" could have been experienced, causing an "non-responsive" global catalog temporarily.

So the answer is "yes, in my opinion" - High CPU could have caused the error.

This is reinforced as "what happened" especially if you no longer are experiencing any problems...
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829773
What specific services / processes chewing up the CPU on the server? If it is lsass.exe or some other AD process is could be the culprit.

Do you have an Anti-virus software installed on this server?

Will.
0
 

Author Comment

by:victordr
ID: 39829795
by the time I logged into the VM, the CPU was back to normal. Yes I have Symantec Endpoint 12.1
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829830
Are you still encountering the issues of slow performance? If you are and the processes are good, also reference the event log as well to ensure that there are no issues related listed in there.

Will.
0
 

Author Comment

by:victordr
ID: 39829977
no everything is fine now. I just wanted to make sure there was no more additional issues.

I am going to bump up the RAM tonight in the VM.
0

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now