Event ID: 10028 - DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocols; requested by PID

Has any seen this issue before? Get following error on DC. Windows 2012 R2 did move Dc from 2008 R2.
208.67.222.222 is OpenDNs
Any Ideas
Thank you a head of time
 



Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          5/18/2015 6:50:12 PM
Event ID:      10028
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      xxxxx
Description:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocols; requested by PID     184c (C:\Windows\system32\dcdiag.exe).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10028</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-18T23:50:12.973604000Z" />
    <EventRecordID>23774</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="7008" />
    <Channel>System</Channel>
    <Computer>xxxx</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="param1">208.67.222.222</Data>
    <Data Name="param2">    184c</Data>
    <Data Name="param3">C:\Windows\system32\dcdiag.exe</Data>
    <Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D313732323B47656E636F6D703D323B4465746C6F633D313731303B466C6167733D303B506172616D733D313B7B506172616D23303A307D3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D313434323B466C6167733D303B506172616D733D313B7B506172616D23303A3230382E36372E3232322E3232327D3E3C5265636F726423333A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D3332333B466C6167733D303B506172616D733D303B3E3C5265636F726423343A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D313233373B47656E636F6D703D31383B4465746C6F633D3331333B466C6167733D303B506172616D733D303B3E3C5265636F726423353A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331313B466C6167733D303B506172616D733D333B7B506172616D23303A3133357D7B506172616D23313A307D7B506172616D23323A3078646564653433643030303030303030307D3E3C5265636F726423363A20436F6D70757465723D286E756C6C293B5069643D3732343B352F31382F323031352032333A35303A31323A3937333B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331383B466C6167733D303B506172616D733D303B3E</Binary>
  </EventData>
</Event>
jyoung127Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
Maybe this will help. Can you ping from this server?

EV100428 recommends: Disabling TCP Chimney, TCPIP Offload Engine and/or TCP Segmentation Offload

This event indicates a communication problem between the local computer and the one specified in the event. The problem can be caused by several factors:
- remote computer is offline
- the network is experiencing problems (cabling, switches, routers, etc)
- firewalls may block the traffic between the two computers
- the DNS servers may be unavailable or they may provide the wrong IP address for that particular host name

Verify each of the potential issues mentioned above and ensure that they are not blocking the communication between the computers.

In certain cases, the settings of the TCP/IP protocol can affect the network traffic. See the explanations and the adjustments described in EV100428 (Symantec TECH197934).
jyoung127Author Commented:
The instructions seem to be for windows 2003 or 2008 and not match up with windows 2012 R2.

Pinging 208.67.222.222 with 32 bytes of data:
Reply from 208.67.222.222: bytes=32 time=7ms TTL=58
Reply from 208.67.222.222: bytes=32 time=7ms TTL=58
Reply from 208.67.222.222: bytes=32 time=7ms TTL=58
Reply from 208.67.222.222: bytes=32 time=6ms TTL=58


nslookup
C:\Users\james.young>nslookup 208.67.222.222
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  ::1

Name:    resolver1.opendns.com
Address:  208.67.222.222
n2fcCommented:
Your ping uses IPV4... Your nslookup is shows ipv6...

1) Try the ping using ipv6 (add -6 flag: ping -6 resolver1.opendns.com)

2) Verify you REALLY need IPV6?  You can temporarily disable to see if that is the issue...
Perhaps some of your infrastructure doesn't support it?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Randy DownsOWNERCommented:
Sorry didn't realize that was for 2003.  Here's instructions for 2012  but it seems to be better on newer servers.

These can be set in the NIC properties but are generally very very safe to leave on. You may want to disable LSO if you're sniffing traffic as you wont be seeing the packets as they are transmitted on the wire

Maybe this will help.

This problem may be the result of a firewall blocking the connection. For security, COM+ network access is not enabled by default.
•Check the system to determine whether the firewall is blocking the remote connection.

1. Disable Offload/SNP features from registry
 
Please backup system state before making any registry changes.
 
a. Disable RSS in the Registry by adding a DWORD registry key value for
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableRSS and setting it to 0.
 
b. DisableTaskOffload in the Registry by adding a DWORD value for
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload and set it to 1.

c. Disable TCPChimney in the Registry by adding a DWORD value for
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPChimney and set it to 0.

d. Disable EnableTCPA in the Registry by adding a DWORD value for
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPA and set it to 0.

e. Configure HKLM\Software\Policies\Microsoft\Windows NT\Rpc\IgnoreDelegationFailure =1


2. Make the following changes on your physical NIC
 
Go to the NIC properties, click on advanced button, disable features that has the "Offload" or "RSS" wording in feature name.
For examples, below is some of the features commonly seen in NIC's advanced properties:
 
- IPv4 Checksum Offload

- IPv6 Checksum Offload

- IPv4 Large Send Offload

- IPv6 Large Send Offload

- Receive Side Scaling
jyoung127Author Commented:
I had disable IpV6 last night and was still getting error so I turned it back on.
here is the result of nslookup with it disabled:

Server:  DC1
Address:  xxx.xxx.xxx.xxx (IP address masked)

Name:    resolver1.opendns.com
Address:  208.67.222.222

Just as a note on the secondary DC I am getting the same error and that server had IpV6 turned off already.
jyoung127Author Commented:
Sorry this did not fix the issue but cause more issues. Any other Ideas?
Randy DownsOWNERCommented:
Evidently the DCs are having trouble communicating with OpenDNS server. Maybe this will help.

If nothing else try hitting the 208.67.220.220 Open DNS servers instead of 208.67.222.222
jyoung127Author Commented:
Randy sorry for the delayed response. The DC is not having issues seeing the openDNS server. Both forwarders check ok. Also get the same error for both IPs. 208.67.220.220 and 208.67.222.222.
Randy DownsOWNERCommented:
Have you tried removing the entries in DNS? The article is about migrating and non-existent computers but maybe its applicable in your migration. The machines are obviously not missing but maybe the entries are corrupted somehow.

I used to get a lot of these, mostly for desktops, but some servers.  I found, once I removed them from DNS, all of these errors went away.
jyoung127Author Commented:
The only reference to 208.67.222.222 is under forwarders. Unless I am missing something not much I can delete.
Randy DownsOWNERCommented:
Maybe this will help.

Windows DNS servers perform their lookups against the root hints servers; so, if you want to ensure that users on your network receive DNS information from OpenDNS (typically for filtering purposes), you’ll have to make some easy changes to your Windows DNS.
jyoung127Author Commented:
Randy this was already setup correctly.
Randy DownsOWNERCommented:
It was setup prior to the migration , right?  have you tried removing and setting up again. I know the forwarders seem to work but it may go better if it's setup under  Windows 2012 R2.
jyoung127Author Commented:
I tired removing them and readding them.
Randy DownsOWNERCommented:
Do the openDNS servers show up in server manager as disconnected (red x) like this article?


Launching Windows Manager (type servermanager.exe at prompt), and opening All Servers, I noticed Node3 was still listed there. Right-click it and select Remove Server. After removing it from Server Manager, this error (Event ID 10028) no longer occurs.

Node3 was automatically added to All Servers in Server Manager at all other cluster nodes in Windows Server 2012 when Node3 joined the cluster. After removing Node3 from the cluster, the Server Manager at other cluster nodes still continue monitoring Node3. When Node 3 was turned off (as Lawrence mentioned above), Server Manager will report Event ID 10028 at all other cluster nodes.
jyoung127Author Commented:
Unfortunately They don't. It is a crazy issue.
Randy DownsOWNERCommented:
have you seen this? Looks pretty straight forward. At the bottom of the page is a link to test forwarders. Does it pass test?
jyoung127Author Commented:
Yes it passes the test.
Randy DownsOWNERCommented:
Randy DownsOWNERCommented:
You may also want to run a tracert to see if you are being blocked.

Command syntax:

tracetcp.exe hostname:port

Example:

tracetcp.exe api.opendns.com:443)
jyoung127Author Commented:
NO issues with Tracert sorry for the delay response.
Randy DownsOWNERCommented:
Since the forwarders seem to work the this may be an error generated on the other end (openDNS) in which case you can safely ignore it.

Something similar to this thread although it's another error code.

This article has some good info

about Root hints and forwarders,

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/16c8211b-eaea-4c78-beea-4356860... and

http://technet.microsoft.com/en-us/library/ff807391%28v=ws.10%29.aspx

It looks like the issue is with what the actual "dcdiag /test:dns

/dnsforwarders" command is designed to test and how it goes about it (http://technet.microsoft.com/en-us/library/cc776854%28v=ws.10%29.aspx).

Your servers just don't have access to your ISP's or Google's DNS

server through the DCOM protocols (probably due to the firewall

restrictions mentioned earlier in this thread), where as if you run that

command on a dns server forwarding to an internal DNS

server that is then relaying all dns out through root hints or another

forwarder you wont get any errors.

In which case the Labtech script attempting to monitor the dns

forwarders is whats actually at fault becuase its not using the dcdiag

command as intended.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.