No announcement yet.

Client Active Directory Connection issue Server 2008

  • Filter
  • Time
  • Show
Clear All
new posts

  • Client Active Directory Connection issue Server 2008

    I have a 2008 Standard providing file, print and GC Active Directory. Periodically there is a situation where the following happens;

    - File sharing is not available
    - Printing through the shared printers is slow if not unavailable
    - DNS is unavailable making use of the web for client machines impossible

    I can remote into the server through RDP without issue but it is noticeable that I cannot access the web from the server and the Officescan client installed on the server is showing as disconnected. Also Backups through Backup Exec fail citing that the connection to the windows remote agent has failed.

    This server in the event logs is REG-SERVER1 and is part of a multi-location infrastructure connected to various sites in other cities through hardware VPN.

    When evaluating the event logs these are the present messages that I believe are relevant:

    System Logs

    Group Policy 1054

    The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.

    Group Policy 1030

    The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

    NETLOGON 5775

    The dynamic deletion of the DNS record ' 600 IN SRV 0 100 3268' failed on the following DNS server:

    DNS server IP address:
    Returned Response Code (RCODE): 5
    Returned Status Code: 10055

    To prevent remote computers from connecting unnecessarily to the domain controller, delete the record manually or troubleshoot the failure to dynamically delete the record. To learn more about debugging DNS, see Help and Support Center.

    Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.

    Directory Services Log

    ActiveDirectory_DomainService 1865

    The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

    CN=Lloydminster,CN=Sites,CN=Configuration,DC=domai n,DC=ca
    CN=Edmonton,CN=Sites,CN=Configuration,DC=domain,DC =ca
    CN=Calgary,CN=Sites,CN=Configuration,DC=domain,DC= ca
    CN=saskatoon,CN=Sites,CN=Configuration,DC=domain,D C=ca

    ActiveDirectory_DomainService 1311

    The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

    Directory partition:

    There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

    User Action
    Perform one of the following actions:
    - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
    - Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

    If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.

    ActiveDirectory_DomainService 1308

    The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.

    Directory service:
    CN=NTDS Settings,CN=CAL-HYPERV,CN=Servers,CN=Regina,CN=Sites,CN=Configurat ion,DC=domain,DC=ca
    Period of time (minutes):

    The Connection object for this directory service will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this directory service resumes, the temporary connection will be removed.

    Additional Data
    Error value:
    1256 The remote system is not available. For information about network troubleshooting, see Windows Help.

    File Replication Logs

    NTFRS 13562

    Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller for FRS replica set configuration information.

    Could not bind to a Domain Controller. Will try again at next polling cycle.

    NTFRS 13509

    The File Replication Service has enabled replication from EDMON-SERVER1 to REG-SERVER1 for c:\windows\sysvol\domain after repeated retries.

    NTFRS 13508

    The File Replication Service is having trouble enabling replication from EDMON-SERVER1 to REG-SERVER1 for c:\windows\sysvol\domain using the DNS name FRS will keep retrying.
    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name from this computer.
    [2] FRS is not running on
    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    Any advise is appreciated.


    Last edited by jgelford; 22nd March 2010, 16:24.