J-J-G
asked on
Netlogon Error 5774 - DNS - Users losing access to internet and network drives / applications
I am receiving intermittent issues on a client server. After a while, users cannot access the internet or internal servers. Unfortunately, I am not on site and only have access to the logs as we need to restart the server before I can get there to minimise down time for all users.
Once the server is restarted, all users can access the internet/internal servers/share drives etc.
This has only come up over the couple of months randomly. Previously the DNS servers on the server had another IP which is the virtual server NIC (nic 2) and the TCP/IP V4 DNS had 127.0.0.1. The 169.x.x.x has been removed and the 127.0.0.1 has been changed to 192.168.1.1.
Would really appreciate what else I should be looking at as this has me stumped. Are there any ports on the firewall that need to explicitly be open?
The errors at the times of the issue commencing is Netlogon error 5774 entries. I have copied one below however have slightly changed the DNS record of the internal domain name. The IP Address 192.168.1.1 is the Server 2012 R2 DC. It is the only one on the network.
The dynamic registration of the DNS record 'DomainDnsZones.DOMAINNAME
DNS server IP address: 192.168.1.1
Returned Response Code (RCODE): 0
Returned Status Code: 10054
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An existing connection was forcibly closed by the remote host.
Once the server is restarted, all users can access the internet/internal servers/share drives etc.
This has only come up over the couple of months randomly. Previously the DNS servers on the server had another IP which is the virtual server NIC (nic 2) and the TCP/IP V4 DNS had 127.0.0.1. The 169.x.x.x has been removed and the 127.0.0.1 has been changed to 192.168.1.1.
Would really appreciate what else I should be looking at as this has me stumped. Are there any ports on the firewall that need to explicitly be open?
The errors at the times of the issue commencing is Netlogon error 5774 entries. I have copied one below however have slightly changed the DNS record of the internal domain name. The IP Address 192.168.1.1 is the Server 2012 R2 DC. It is the only one on the network.
The dynamic registration of the DNS record 'DomainDnsZones.DOMAINNAME
DNS server IP address: 192.168.1.1
Returned Response Code (RCODE): 0
Returned Status Code: 10054
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An existing connection was forcibly closed by the remote host.
ASKER
Thanks Raneesh. Unfortunately it is still not resolved.
In the latest episide of this occurring, it dropped off after having restarted the server only 12 hours earlier.
Going to re-create the zone through the Wizard and see where we get to.
In the latest episide of this occurring, it dropped off after having restarted the server only 12 hours earlier.
Going to re-create the zone through the Wizard and see where we get to.
Could you post an Ipconfig /all from one of the problematic client machines?
ASKER
Hi Rob,
It seems to be that all machines on the network fail to find any of the share drives on the network and cant get an internet connection.
Will the response from any machine on the network do from an IPConfig perspective? The error above is on the actual DC (where DNS server is hosted).
It seems to be that all machines on the network fail to find any of the share drives on the network and cant get an internet connection.
Will the response from any machine on the network do from an IPConfig perspective? The error above is on the actual DC (where DNS server is hosted).
Yes, any PC
ASKER
Please find the attached.
Some of the details have been changed however they are:
Hostname: Workstation5 (for conversation)
All DNS suffix entries: domainname.local (for conversation)
screenshot.png
Some of the details have been changed however they are:
Hostname: Workstation5 (for conversation)
All DNS suffix entries: domainname.local (for conversation)
screenshot.png
I don't see a problem there, however I am bit surprised I don't see an IPv6 DNS server. What server version is it,
and It shows "Microsoft Hyper-V Network Adapter" is the a VM?
Do you have a VoIP system for phones? Long shot here.
and It shows "Microsoft Hyper-V Network Adapter" is the a VM?
Do you have a VoIP system for phones? Long shot here.
ASKER
Server version is 2012 R2.
That is a VM workstation that I use for end user testing.
Interestingly there is an Avaya phone system but don't believe they are integrated at all as it uses PTSN. Will check if there is any integration to the switch.
That is a VM workstation that I use for end user testing.
Interestingly there is an Avaya phone system but don't believe they are integrated at all as it uses PTSN. Will check if there is any integration to the switch.
The reason I ask is there is no Windows server assigned IPv6 DNS server and I have seen VoIP systems, if they enable DHCP IPv6, assign an IPv6 DNS server to the PCs. When this happens which may not be for 1-30 days depending on DHCP refresh rates, PCs can ping servers by IPv4 IPs and access shares with \\IPv4IP but host names try to resolve using IPv6 which is preferred over IPv4, and fail. This would require the VoIP system be on the same physical network. The way to find out is compare that IPconfig to an Ipconfig on the same device/VM when the failure occurs. If suddenly there is an IPv6 DNS server, you have found your problem. As I said, a long shot, but I have seen it a couple of times and took a long time to find the first time.
PSTN would be on the outside, would it not, and Ethernet on the inside/LAN.
PSTN would be on the outside, would it not, and Ethernet on the inside/LAN.
PS- It is also possible, if you have not configured IPv6 on your LAN, your router does not block IPv6 pass-through, and your ISP supports IPv6, that an IPv6 DNS server can randomly be assigned by an Internet based server, which again could not resolve host names. If an IPv6 server gets assigned, it is preferred over your 2012 R2 IPv4 server.
Not a lot of ISPs support IPv6 yet, so most of the time IPv6 DHCP requests don't get past the router, but we are soon going to see a lot of issues.
Not a lot of ISPs support IPv6 yet, so most of the time IPv6 DHCP requests don't get past the router, but we are soon going to see a lot of issues.
ASKER
I will go back on site but from memory the phones are on a different switch.
Is there any output from the DNS server itself you would like to see/confirm?
This one has truly stumped me.
Is there any output from the DNS server itself you would like to see/confirm?
This one has truly stumped me.
Server DNS issues would tend to affect Internet access but not file access by PCs. If the PCs cannot resolve the server name, they cannot access shares or Internet.
An IP config from a machine that wasn't working would be good though.
Though it likely won't help a lot, you could run DCdiag on the AD/DNS server and check for errors or post here.
I am headed out for the night (east coast Canada), but will check back in the morning.
An IP config from a machine that wasn't working would be good though.
Though it likely won't help a lot, you could run DCdiag on the AD/DNS server and check for errors or post here.
I am headed out for the night (east coast Canada), but will check back in the morning.
ASKER
I thought it may have been something else aside from DNS however when I try to remote in from the outside world to the server, there is also no response but the actual server is alive and well.
Both Internet and Shares seem to drop off which is annoying.
Will run dc diag.
Both Internet and Shares seem to drop off which is annoying.
Will run dc diag.
DNS is the route of all, or at least most evil :-)
As a test, next time it fails, from the LAN side try accessing a share using the IP \\192.168.1.123\ShareName.
How are you accesing the server from "the outside world"? Windows VPN, hardware VPN, RDP, or other?
As a test, next time it fails, from the LAN side try accessing a share using the IP \\192.168.1.123\ShareName.
How are you accesing the server from "the outside world"? Windows VPN, hardware VPN, RDP, or other?
ASKER
Typically RDP.
Will train a user on site to do it so we can get results as it drops.
Will train a user on site to do it so we can get results as it drops.
ASKER
Manages to get on site post failure.
Workstations can ping server by IP address and connect to network shares by IP address.
Completed a ipconfig on workstation during failure and no IPV6 DNS server was listed.
Workstations can ping server by IP address and connect to network shares by IP address.
Completed a ipconfig on workstation during failure and no IPV6 DNS server was listed.
ASKER
I removed the role and then readded the role back to the server. Interestingly the server couldn't resolve the forwarders until I rebooted the router.
After about 20 min or so, I also can no longer access the router on 192.168.1.254 and receive a connection refused error. Not sure if related but giving further picture.
I was able to ping and find shares using internal domain names after adding the DNS role again....i just couldn't access the Internet until I rebooted router.
Any help would be appreciated....happy to assign work to this for payment too.
After about 20 min or so, I also can no longer access the router on 192.168.1.254 and receive a connection refused error. Not sure if related but giving further picture.
I was able to ping and find shares using internal domain names after adding the DNS role again....i just couldn't access the Internet until I rebooted router.
Any help would be appreciated....happy to assign work to this for payment too.
>"Workstations ........... connect to network shares by IP address."
Then definitely DNS issue. I can't see it being a firewall issue as that wouldn't change on its own. DNS can be affected by other factors on the LAN, such as I mentioned earlier, VoIP, or actually not VoIP but the router or systems DHCP server service. Another issue I have seen, but generally does not affect LAN access, but can affect Internet is after someone connects by VPN, DNS adds the VPN IP and starts to fail. If you have a VPN, I can explain where to look.
Do you have the Ipconfig /all from when it was failing?
Then definitely DNS issue. I can't see it being a firewall issue as that wouldn't change on its own. DNS can be affected by other factors on the LAN, such as I mentioned earlier, VoIP, or actually not VoIP but the router or systems DHCP server service. Another issue I have seen, but generally does not affect LAN access, but can affect Internet is after someone connects by VPN, DNS adds the VPN IP and starts to fail. If you have a VPN, I can explain where to look.
Do you have the Ipconfig /all from when it was failing?
ASKER
Hi Rob,
Will attach this evening. Fell over again today even after I removed and re-added the role. Do you have any other ideas or is it time to do a full blown rebuild of the DC?
I am considering putting in a secondary DC in the meantime however it seems impossible that nothing can be done to fix it.
Will attach this evening. Fell over again today even after I removed and re-added the role. Do you have any other ideas or is it time to do a full blown rebuild of the DC?
I am considering putting in a secondary DC in the meantime however it seems impossible that nothing can be done to fix it.
In my "humble" opinion, it's not the server but something interfering with it and DNS. A rebuild may not solve anything.
ASKER
So adding to the greatness.... I think Im getting super close.
The VM host has been reporting some disconnection issues of the Broadcom card around the times things have been occurring.
I have enabled private domain again after the disconnections dropped the setting. I have also turned off power saving as it was checked.
Will update software and change network cable. It is getting error Id 4 on the host for disconnection. They aren't tied directly to the times but similar
The VM host has been reporting some disconnection issues of the Broadcom card around the times things have been occurring.
I have enabled private domain again after the disconnections dropped the setting. I have also turned off power saving as it was checked.
Will update software and change network cable. It is getting error Id 4 on the host for disconnection. They aren't tied directly to the times but similar
Though that would definitely cause problems as described, however you said when it happened you could still ping and access resources by IP?
I always disable power management on Network adapters. You shouldn't have to but I find occasionally it causes problems, so I just do it on all.
Assuming DNS, that is why I was asking about Ipconfig /all when problems occur. I'd like to compare working (above) with not working, and see if anything changes, IPv4 or 6
I always disable power management on Network adapters. You shouldn't have to but I find occasionally it causes problems, so I just do it on all.
Assuming DNS, that is why I was asking about Ipconfig /all when problems occur. I'd like to compare working (above) with not working, and see if anything changes, IPv4 or 6
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www.experts-exchange.com/questions/27783824/Netlogon-event-id-error-5774.html
https://www.experts-exchange.com/questions/26184369/NETLOGON-Error-5774.html
https://www.experts-exchange.com/questions/21856199/DNS-Netlogon-Error-5774.html