Solved

SBS Server Crashed - Active Directory

Posted on 2014-04-22
12
129 Views
Last Modified: 2014-11-24
Hi,

A client called me this morning saying their server had crashed.

They couldn't gain access to the server at all.

two users came in at 7.30am this morning and everything was working ok.

The MD came into the office about 9am connected his laptop and that's when the problems happened. I logged into the server remotely and noticed these problems.

first error in event viewer

The "Windows default" Policy Module logged the following warning: The Active Directory connection to SERVER.domain.local has been reestablished to SERVER.Domain.local

Services stopped and will not start

Cryptographic Services
DRF Namespace
MS Exchange EdgeSync
MS Exchange File Distribution
MS Exchange Forms Based
MS Exchange Information Store
MS Exchange RPC Client Access
MS EXchange system attendant
MS Exchange Throttling - says starting
MS Exchange Transport - says starting

Netlogon won't start
Network location awareness won't start

nor will windows time or worksation service

The internet works fine but the local network is down. I have uninstalled the LAN card and reinstalled but nothing.

In the bottom right the network card looks unplugged but under network and sharing centre it's enabled and online.

When i try and look for the server shares locally \\servername and press enter it get the error message 'windows cannot access \\servername

When I ping the server name from the server it brings back the IP6 address but I can ping the IP4 address of 192.168.5.2

We are running SBS2011 with exchange

Any issues as I am stuck?

Ryan
0
Comment
Question by:ryank85
  • 6
  • 6
12 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40015030
Is this virtualized by any chance? I have seen an issue with NIC drivers blowing up with corrupt VMTools....
0
 

Author Comment

by:ryank85
ID: 40015047
No not virtualised - I hope I don't need to reinstall the OS. I have run out of idea's now.

Its just strange that I can see the internet but the lan card is showing as disconnected.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40015078
Any firewalls enabled on the server? Have you tried a different switch port? Does the server have a second NIC?

Is there by any chance an IP conflict on the network? Try rebooting the server. It will announce an IP conflict within a few minutes of booting.

Did the server lose its static IP? Switch to DHCP? What do you get if you run IPCONFIG from command line. Is it showing a 169.x.x.x.

TCP/IP could be hosed. You could try running NETSH WINSOCK RESET from the command line.
0
 

Author Comment

by:ryank85
ID: 40015117
Hi,

The server has a local firewall - I will try and disable that

I have removed everything from the network, I only have the server which is connected directly into the router, it can see that ok.

It has a 2nd NIC and I have tried that, still nothing.

It kept all the static IP address settings however when I ran ipconfig it was pining the IP6 address and not the IP4 of 192.168.5.2 - when i disable the IP6 and ping servername its doesnt ping anything.

I will try the winsock now

Ryan
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40015123
I think you are confusing IPCONFIG with the PING command.

PING will always default to IPv6. If you need to PING with IPv4 just add the "-4" switch to the end. e.g. PING MYSERVERNAME -4

Check IPCONFIG to see what is listed as IP Address. If there is an IP conflict it will list 169. I believe.
0
 

Author Comment

by:ryank85
ID: 40027752
Hi All

We managed to get the server working again, basically the DNS Client Server was stopping all the other services from starting, even though this was started itself.

All is working apart from an issue with the DHCP, when I am logged into the Server I run this command 'ping servername -4' and I get the correct IP address of the server.

However when I am using RRAS I cannot see the server. DHCP Relay is setup in RRAS Setting etc as I have configured this ok in the past, I can't even ping the server address - 192.168.5.2

Errors in Event Viewer.

1) This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

2) The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

3) Possible Memory Leak.  Application ("C:\Windows\system32\mmc.exe" "C:\Windows\system32\dhcpmgmt.msc" ) (PID: 9168) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.

I have tried the fix on number 2 above and that doesn't work once the service has been restarted.

regards
Ryan
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40027814
Hmm, I don't think any of these errors are related to not being able to ping the server.

So, to clarify, when you enable RRAS no one can ping the server anymore?

Do you have the Windows Firewall enabled? If so, that will block ICMP ping requests by default.
0
 

Author Comment

by:ryank85
ID: 40027845
Correct no one can ping the server from remotely when the connect to the VPN. They can't even access the server shares or connect to exchange server from their outlook.

I am working remotely so it's hard to tell whether the dhcp is working correctly now as I have just created a new scope so the only addresses showing the leased section are for RRAS.

Ryan
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40028036
Does it ping internally?
0
 

Author Comment

by:ryank85
ID: 40028050
I can only dial into the server at the moment as all the client machines are off. Nslookup works ok on the server. I'll check this tomorrow.
0
 

Author Comment

by:ryank85
ID: 40029236
all appears to be working now. I cleared all the DNS Cache on the server and rebooted and all the remote users could access shares and outlook.

I will keep an eye on the error logs

thanks again for all your help.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40463099
Awesome!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now