Announcement

Collapse
No announcement yet.

netlogon.log [CRITICAL]

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • netlogon.log [CRITICAL]

    Hi All,

    I have 2 domain controllers, running a single Domain, they don't run DNS or DHCP servers, they are relaying on the Linux Servers to do this.

    Both are Windows Server 2003, DC1 has Folder Redirection directories, DC2 has Roaming Profiles.
    The Clients are Windows 7 Enterprise.

    The problem occurs when logging into Windows 7 Desktop, which takes 172 seconds, according to the Winlogon Notification Service in the Event Log.

    I have enabled UserEnvDebugLevel to 30002.

    And when I login to my test account to the domain,
    I do receive the following lines:

    08/16 15:12:36 [CRITICAL] DOMAIN: NlTimeoutApiClientSession: Start RpcCancelThread on \\DC2.domain.com
    08/16 15:12:36 [MISC] Eventlog: 5783 (1) "\\DC2.domain.com" "DOMAIN" "CLIENT"
    08/16 15:12:36 [MISC] Didn't log event since it was already logged.
    08/16 15:12:36 [CRITICAL] DOMAIN: NlTimeoutApiClientSession: Finish RpcCancelThread on \\DC2.domain.com 0
    08/16 15:13:16 [CRITICAL] DOMAIN: NlFinishApiClientSession: timeout call to \\DC2.domain.com. Count: 2
    08/16 15:13:16 [CRITICAL] DOMAIN: NlFinishApiClientSession: dropping the session to \\DC2.domain.com

    see attachment

    Many thanks if you can help me out what the cause of the issue is.... brrrrrrr
    Attached Files

  • #2
    Re: netlogon.log [CRITICAL]

    do nslookups return relevant SRV records ?

    why don't you want to use AD-implemented DNS ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: netlogon.log [CRITICAL]

      Ok,

      If I nslookup press enter,
      I receive
      Server: dns2.domain.com,
      Address: xxx.xxx.x.160

      but if i ping dns2.domain.com it comes back Request Timeout and with a different IP.

      That IP address is assigned to a name dns1.domain.com

      dns2 hasn't existed in about 2 years...

      but if i do
      nslookup DC1
      Server: dns2.domain.com
      Address: xxx.xxx.x.160

      Name: DC1.domain.com
      Address: xxx.xxx.x.20

      Which is basically correct, apart from the dns2 name, same goes for DC2, that seems to come back correct too, apart from the DNS server.

      and it's not that I don't want to. It's the Unix SysAdmin, basically hates anything to do with windows.

      and since i dont have windows dns or dhcp turned on, i am not actually experienced with running the dns server

      Comment


      • #4
        Re: netlogon.log [CRITICAL]

        you need to do NSLookups on the SRV records.
        SRV records are critical to the correct functioning of Active Directory.

        http://www.petri.com/active_directory_srv_records.htm

        your DNS is screwy based on what you've told me - an excellent reason to take control of it off the linux admins..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: netlogon.log [CRITICAL]

          ok,

          I done a _ldap._tcp.dc._msdcs.Domain_Name

          and everything seems to be ok, both DC's are listed and both have correct IP's

          so basically, is this problem I am having is caused by DNS...

          But the Unix SysAdmin did say he will clean out all the DNS entries and let things put themselves back in.. so I may ask him to do that, when he comes back from holiday.

          and i certainly dont have expertise in this yet but reading up on it all.
          Last edited by plawlor; 19th August 2011, 14:46.

          Comment


          • #6
            Re: netlogon.log [CRITICAL]

            hmmmm, I do notice something...

            when i so nslookup, set type=all, _ldap._tcp.dc._msdcs.Domain_Name
            I do receive

            DC1.domain.com internet address = xxx.xxx.x.20
            DC2.domain.com internet address = xxx.xxx.x.18
            DC2.domain.com AAAA IPv6 address = 2002:.....:ffa
            DC2.domain.com AAAA IPv6 address = fec0:......:ffa
            DC2.domain.com AAAA IPv6 address = 2002:.....:912

            But why isn't there any IPv6 for DC1? and why is there IPv6 for DC2?

            also, if i think DC2 is a bit odd, how can I make a client to only use DC1? i.e disble DC2 but not actually uninstall the Active Directory...

            basically, how to stop clients from using DC2 at all...

            many thanks
            Last edited by plawlor; 19th August 2011, 14:46.

            Comment


            • #7
              Re: netlogon.log [CRITICAL]

              okay question...

              even if i dont have DNS installed on the Active Directory, does Active Directory cache DNS entries for all the client machines?

              because, if i do nslookup on a client that is not in the domain, it responds correctly,
              i.e dns2 doesnt appear, the IP is correct to the correct name

              but when joined the domain, dns2 appears to the wrong IP.

              so does the active directory record any name resolution, and if so, how do i clear it all? =/

              thanks

              Comment


              • #8
                Re: netlogon.log [CRITICAL]

                the server will cache dns entries in the same way a workstation does.

                you can check with ipconfig /displaydns
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: netlogon.log [CRITICAL]

                  I think I have resolved the issue, okay the Linux DNS was screwy and old entries have been removed...

                  but the problem was caused by Windows 7 not populating the DNS Suffix Search List,
                  In Windows XP this works fine,
                  as it shows,
                  domain.url.url.url
                  url.url.url
                  url.url

                  in Windows 7,
                  it only had
                  domain.url.url.urk

                  so it couldnt search for machines within url.url.url that are not part of domain.urll.url.url.

                  Shesh, complicated for me.. and took ages to find that out.
                  but windows 7 now login within 30 seconds, every time.

                  Comment

                  Working...
                  X