Announcement

Collapse
No announcement yet.

Major Network Outage - Server 2k3 and GPO problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Major Network Outage - Server 2k3 and GPO problems

    hi guys,
    first of ill like to say im holding back not to use caps , cause this problem has been flipping me off for more then 3 days now and its causing some serious problems.

    We have a network based on a single server 2003 DC ( sp2 R2), around 60-70 clients.
    since the past 3 days we have been very long logon times( which suggests authentication problems), computers sometimes freeze and the desktok goes missing and ctrl-alt-del isnt working(i assume its when they are trying to authenticate through AD).

    I have been trying to trouble shoot this for a while now...
    I have picked up some event logs from clients and i encountered various errors.
    ill sum them up here:
    Error:dcom:10016
    warning:MRxSmb:3019
    i have had some errors regarding ntp infrastructure and the dc not being able to retreive a valid source of time.
    i.e, one of those:
    Time Provider NtpClient: No valid response has been received from manually configured peer 192.168.254.13 after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.

    I have also found this error on many clients:
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-1 from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Have also tried rsop to see if my clients are getting gpos, and i found they dont, the errors in most cases are path not found and domain not exiting or cant be found.

    also tried gpotool , on clients i have checked it finds the gpos and the dc, but it wont apply them.

    Main issue here seems to be the clients wont authenticate with my domain, either they cant find it or some other issue.

    please advise here , im clueless

    thanks !

    Roy

  • #2
    Re: Major Network Outage - Server 2k3 and GPO problems

    long or slow logons alo suggests DNS problems.

    My first question is, what changed before this problem started occuring?
    Did you, or anyone else, make any changes, or do anything.. ? a ne application, a new gpo, new hardware, change network configuration, etc ?

    I'm going to look at it from dns pov for now.
    do an IPconfig for me on the client workstations, and make sure theDNS server points to your Domain controller.
    then, run the nslookup program, and ensur you can resolve the domaincontroller by name.
    then try resolving some of the AD DNS entries, like _ldap._tcp.domain.com etc

    review all the services on your domaincontroller - make sure they are started and running as expected.

    run dcdiag on your domain controller.

    see if any of this helps at all, or gives you any hints?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Major Network Outage - Server 2k3 and GPO problems

      Originally posted by tehcamel View Post
      long or slow logons alo suggests DNS problems.

      My first question is, what changed before this problem started occuring?
      Did you, or anyone else, make any changes, or do anything.. ? a ne application, a new gpo, new hardware, change network configuration, etc ?

      I'm going to look at it from dns pov for now.
      do an IPconfig for me on the client workstations, and make sure theDNS server points to your Domain controller.
      then, run the nslookup program, and ensur you can resolve the domaincontroller by name.
      then try resolving some of the AD DNS entries, like _ldap._tcp.domain.com etc

      review all the services on your domaincontroller - make sure they are started and running as expected.

      run dcdiag on your domain controller.

      see if any of this helps at all, or gives you any hints?
      Thanks for reponding
      i have done some basic dns checks .. my dc is also the dhcp and dns( like most networks are)and clients are pointed to the dc as a dns.
      i have managed to query the dns with nslookup prior to you asking me, but i will do some more specific queries as you suggested.

      Prior to this happening i was doing some things that made sense doing, since im new to this network and its thing i found to be not in place:
      1. in dns i removed some records(srv) that belonged to expired servers records, i did it cause i noticed after nslookup im receiving addresses that are not the dc. since then i've registered my dns to itself many times.
      2. i have a server which holds no ad responsabilites, it is a file server that we want to expire from service, i removed the smb protocol from it ( took of the V in the network card for microsoft networks).
      3. i also did took copied the db of an internet ftp we are hodling. but i dont think that could do anything with it

      thats all i can remember for now
      i tried to query your suggested query and it found my dc. also tried it on 10 more srv records , found them all and they are pointing to the right place.

      dcdiag doesnt show any useful output

      hope that was enough info , at least untill the next time

      Roy

      Comment


      • #4
        Re: Major Network Outage - Server 2k3 and GPO problems

        uhm.. i'd rerun ipconfig /registerdns on the DC and see if it helps.. you may have accidently deleted an incorrect SRV record..

        based on the 3 things you said, it's most likely a mistake was made during the cleanup of DNS.,
        alternately - the file/print server WAS functioning as a master browser in some way.. try re-enabling the smb service on that server also


        remember to do each of these things one at a time though, so you know what worked..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Major Network Outage - Server 2k3 and GPO problems

          What are the outputs of DCDIAG and NETDIAG like???

          What DNS servers are you using for resolution??

          Comment


          • #6
            Re: Major Network Outage - Server 2k3 and GPO problems

            Originally posted by tehcamel View Post
            uhm.. i'd rerun ipconfig /registerdns on the DC and see if it helps.. you may have accidently deleted an incorrect SRV record..

            based on the 3 things you said, it's most likely a mistake was made during the cleanup of DNS.,
            alternately - the file/print server WAS functioning as a master browser in some way.. try re-enabling the smb service on that server also


            remember to do each of these things one at a time though, so you know what worked..
            hi, sounds reasonble cause i have had many errors with from MrXSmb saying a redirector is lost , how do i set my dc as a the master browser for my network ?

            ill post the output of dcdiag later on today.

            Comment


            • #7
              Re: Major Network Outage - Server 2k3 and GPO problems

              it _should_ happen automatically...
              I know that with older versions of SAMBA for linux, there used to be hints on how to set registry options that prevented windows servers from entering browser election races, however that was back in Win2k days, dunno if it's still of any use.

              Try re-enabling SMB on your other server, to see if it is in fact the source of your issue?
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment

              Working...
              X