Announcement

Collapse
No announcement yet.

2012 Event on Domain Controllers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2012 Event on Domain Controllers

    In my environment, few internal developed applications are configured to get user and other details from active directory. So they frequently contacts AD to get user details.

    Recently, one of the dev team complained that, they occasionally facing problems while connecting to active directory through their application. It was working perfectly earlier but this problem raised recently. They are getting a JAVA exception "ERR_SSN_SRVC/Connection refused" which means that Domain controller is refusing the connections. Upon checking, I came across the below error but resolved it by creating MaxfreeConnections/MinFreeconnections.

    "The server was unable to find a free connection 164 times in the last 60 seconds. This indicates a spike in network traffic. If this is happening frequently, you should consider increasing the minimum number of free connections to add headroom. To do that, modify the MinFreeConnections and MaxFreeConnections for the LanmanServer in the registry."

    Ever after doing the above, my dev team is still facing the problems and I am not seeing any errors in event viewer except the below.

    Any one has idea what does this error means and how can I rectify this? Again, I am not sure if this is the real culprit, let me know if you have any best method to isolate the problem.

    Event Type: Warning
    Event Source: Srv
    Event Category: None
    Event ID: 2012
    Date: 11/14/2008
    Time: 5:43:08 PM
    User: N/A
    Computer: MYDC1
    Description:
    While transmitting or receiving data, the server encountered a network error. Occasional errors are expected, but large amounts of these indicate a possible error in your network configuration. The error status code is contained within the returned data (formatted as Words) and may point you towards the problem.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 04 00 01 00 54 00 ......T.
    0008: 00 00 00 00 dc 07 00 80 ......
    0010: 00 00 00 00 84 01 00 c0 ......
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    0028: 7a 09 00 00 z...

  • #2
    Re: 2012 Event on Domain Controllers

    Are your servers fully patched, drivers up to date (especially for the NICs) and what performance are you seeing from them?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: 2012 Event on Domain Controllers

      My servers are patched upto date and has latest drivers. One more thing I have noticed is, I am facing this problem only with few internal applications. Remaining applications are running fine and not throwing any errors.

      Thanks,
      Sitaram

      Comment


      • #4
        Re: 2012 Event on Domain Controllers

        Can you run a wireshark scan when the servers are talking?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: 2012 Event on Domain Controllers

          I haven't reviewed the whole article but you might review this one:
          http://support.microsoft.com/kb/898060
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: 2012 Event on Domain Controllers

            Thanks for the note, Marcel. I referred this article but my machine is running with SP2 and I am not having MS05-019 installed. So, this may not be applicable to me.

            AndyJG247, Can I make use of Microsoft Netmon 3.2 instead of wireshark? I am asking this because, I already have netmon installed on Domain controllers. Again, Do I need to capture all the traffic or any particular pattern?

            Thanks,
            Stiaram

            Comment


            • #7
              Re: 2012 Event on Domain Controllers

              Is there any way I can increase logging level in domain controller to capture what authentications are getting rejected?

              As the error message is saying "Connection Refused", I am thinking that problem is with authentication. Because, Connection Refused error will be generated only when the client is able to connect to destination server on required port but not having enough permissions to establish a connection. Let me know if my thinking is wrong.

              Thanks,
              Sitaram

              Comment

              Working...
              X