Announcement

Collapse
No announcement yet.

Domain Controller's Network Adaptor Not Detecting It's Own Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Controller's Network Adaptor Not Detecting It's Own Domain

    When rebooting our domain controller (Windows Server Standard SP1 64-bit) we keep having a weird problem. When it comes back up, it would stay on "Applying Computer Settings" for a long time. Once completed, the network adaptor didn't recognize the domain (domain.local) it was connected to. It would say it was connected to an "unknown network". Had to disable, re-enable network adaptor. Exchange 2007 is being ran on this machine as well. Like in previous reboots, several Exchange services had to be manually started including the Exchange store. Before, no errors were really reported. This is because we usually stop the Exchange Store before rebooting. This time, we didn't do so. The problem still came up. But this time, we didn't stop the Exchange Store. Several errors were reported:

    --------------------------------------------------

    Application Logs (After Reboot):

    Event ID: 205
    Source: MSExchange Common
    Type: Error
    Description: No DNS servers could be retrieved from network adapter 00000000-0000-0000-0000-000000000000. Check if the computer is connected to a network and Get-NetworkConnectionInfo returns any results.

    Event ID: 16025:
    Source: MSExchangeTransport
    Type: Error
    Description: No DNS servers could be retrieved from network adapter 00000000-0000-0000-0000-000000000000. Verify that the computer is connected to a network and that the Get-NetworkConnectionInfo cmdlet returns results.

    (both alerts repeated twice)

    System Logs (After Reboot):

    Event ID: 40960
    Source: LsaSrv
    Event: Warning
    Description: The Security System detected an authentication error for the server LDAP/SERVER. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
    (0xc000005e)".

    (above event generated 3 times, 2 of them back-to-back)

    Then there are network connectivity alerts that start generating such as the Sophos Management Service terminating with an unspecified error. The time service being unable to start. Then the following DHCP errors:

    Event: 1059
    Source: DHCP-Server
    Type: Error
    Description: The DHCP service failed to see a directory server for authorization.

    Event: 1044
    Source: DHCP-Server
    Type: Informational
    Description: The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain 3dcorp.local, has determined that it is authorized to start. It is servicing clients now.

    After these alerts, alerts regarding Exchange services being unable to start. More alerts that appear related to not having connectivity to Active Directory and DNS. Then the following alerts:

    Event ID: 7024
    Source: Service Control Manager
    Type: Error
    Description: The Microsoft Exchange Information Store service terminated with service-specific error 2147500037 (0x80004005).

    (This alert repeated sporatically 8 times)

    --------------------------------------------------

    Disabling and re-enabling the network adaptor seems to correct this problem. One problem that also happens is that the DHCP server (being hosted on this server as well) fails at servicing DHCP request until the service is restarted.

    I've seen a similar problem on a test network I use. Essentially, if the network adaptor doesn't detect the domain, it considers the network adaptor connected to an "unknown network". As such, the correct firewall policies do not get applied to allow access to the network. In the test network, this has happened to a Hyper-V host server with the DC as a virtual machine. It seems that the host server's network adaptor comes up and tries to communicate with the domain before the DC is fully initialized. As such the network adaptor applies policies to the network adaptor restricting the type of traffic it allows. I've also had this come up on the test workstation that was using a static IP that I would turn on before turning on the DC. The network adaptor would initialize before the domain was up and operation. As such, it would appy a firewall policy that limited my ability to access the machine remotely.

    I searched the Internet and, these forums and the only thing I found that "might" be similar is this:

    http://forums.petri.com/showthread.php?t=35128

    The forum post leads me to this Microsoft KB article:

    http://support.microsoft.com/default...b;EN-US;945765


    Has anyone come across this before? Any help would be greatly appreciated.

  • #2
    Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

    A couple of things to look at:

    1. Does the server point to itself for DNS? It should.
    2. Does the server point to any external DNS server? It shouldn't.
    3. Is the DNS service configured to listen only on the IPv4 ip address?
    4. Is the DHCP service configured to listen only on the IPv4 ip address?

    Comment


    • #3
      Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

      Originally posted by joeqwerty View Post
      A couple of things to look at:

      1. Does the server point to itself for DNS? It should.
      2. Does the server point to any external DNS server? It shouldn't.
      3. Is the DNS service configured to listen only on the IPv4 ip address?
      4. Is the DHCP service configured to listen only on the IPv4 ip address?
      1. Yes
      2. No
      3. I would have to say no. The server is configured to use IPv6 and has itself configured as the primary DNS in the IPv6 configuration and nothing in the secondary. Also, the DNS configuration is configured to use both the IPv4 and IPv6 IP addresses in the Interfaces tab of the DNS server properties.
      4. Again, I would have to say no. IPv6 DHCP is configured as well as IPv4. However, there is not scope configured for the IPv6 DHCP server even though the server is active.

      Comment


      • #4
        Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

        Remove exchange from the DC since it isn't a supported configuration...
        Anyhow AD isn't "up" yet and exchange is trying to connect to it...

        Have you tried to stop exchange but the services to disabled and reboot again?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

          Originally posted by Dumber View Post
          Remove exchange from the DC since it isn't a supported configuration...
          Anyhow AD isn't "up" yet and exchange is trying to connect to it...

          Have you tried to stop exchange but the services to disabled and reboot again?
          True, but I don't believe that is the issue. It "could" be but we have not had any problems for over a year since this server has been deployed. The main issue is with the network adaptor not detecting the domain and therefore, applying the "unknown network" policy settings to the adaptor. The Exchange alerts appear to be happening because of this and not doesn't appear to be the cause of this.

          Well, I've stopped the Exchange Store service before a reboot but not set the service to disabled and reboot. It is an option we can try during our next reboot cycle.

          Comment


          • #6
            Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

            A physical network adapter has nothing to do with any domain related stuff. Its just a device which passes ethernet packets to your switch. It works, it don't work or it work partially like going up or down...

            It's your OS which has issues...
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

              Originally posted by Dumber View Post
              A physical network adapter has nothing to do with any domain related stuff. Its just a device which passes ethernet packets to your switch. It works, it don't work or it work partially like going up or down...

              It's your OS which has issues...
              This I know. Let me try explaining it this way. What I mean by the physical adapter I mean the physical adapter as it relates to the OS. As I mentioned previously, this type of behavior can occur when the network connection performs its check to see if the domain is available. It seems Active Directory isn't up fully before the network related services. If not, it will apply the "unknown" network policy to the adapter which causes communication problems on the domain.

              You can test this out by setting a workstation to a static IP address. Shut down the DC then restart the workstation. The workstation will come online but it won't be able to recognize the domain its own because there is no DC and, therefore, no Active Directory, present for the network connection to communicate with. As such, the PC will consider the network it's on as "unknown" and apply policies to it for that type of network, usually a public policy, I believe. With this type of policy in place, domain network communication will not work.

              Now imagine this happening on the actual DC itself.

              Comment


              • #8
                Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                What third-party software do you have on this DC? I've seen some software, particularly NOD32 AntiVirus cause issues with Network Location Awareness.

                This looks more like a DNS issue though, cos lets face it, DNS causes just about every problem. Is the DNS server listening on the correct interface? I've also seen on servers with multiple network adapters some odd DNS issues, especially if DNS was installed before the extra NICs were disabled.
                BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                sigpic
                Cruachan's Blog

                Comment


                • #9
                  Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                  Which firewall are you using???

                  Try disabling it and see what happens.

                  Comment


                  • #10
                    Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                    Originally posted by cruachan View Post
                    What third-party software do you have on this DC? I've seen some software, particularly NOD32 AntiVirus cause issues with Network Location Awareness.

                    This looks more like a DNS issue though, cos lets face it, DNS causes just about every problem. Is the DNS server listening on the correct interface? I've also seen on servers with multiple network adapters some odd DNS issues, especially if DNS was installed before the extra NICs were disabled.
                    I would have to assume that the network adapter was disabled before the server was promoted. Only the currently active interface, IPv4 and IPv6 is DNS listening on.

                    Only Adaptec Storage Manager for RAID management, PowerChute Network Shutdown for UPS units, BackupAssist v5 backup software, Sophos Antivirus and PureMessage Antispam software.

                    Originally posted by wullieb1 View Post
                    Which firewall are you using???

                    Try disabling it and see what happens.
                    Windows Firewall, but it is disabled as part of the Domain Profile.

                    Comment


                    • #11
                      Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                      I may be missing something, but is it really necessary to have anti-spam software on a DC?
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                        There's an MS kb on the Services not starting automatically issue, it's a known issue with Exchange 2007/2010 on a DC.

                        Also check the network adapter binding order under Network Connections->Advanced. If the disabled one is top of the list it could cause issues. I've seen a similar issue to this before when I installed a virtual ISA Server and one of the NICs was isolated to the virtual machine only but was at the top of the binding order. Make sure that File and Printer Sharing and Client for Microsoft Networks are bound to the NIC as well.
                        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                        sigpic
                        Cruachan's Blog

                        Comment


                        • #13
                          Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                          Originally posted by cruachan View Post
                          There's an MS kb on the Services not starting automatically issue, it's a known issue with Exchange 2007/2010 on a DC.

                          Also check the network adapter binding order under Network Connections->Advanced. If the disabled one is top of the list it could cause issues. I've seen a similar issue to this before when I installed a virtual ISA Server and one of the NICs was isolated to the virtual machine only but was at the top of the binding order. Make sure that File and Printer Sharing and Client for Microsoft Networks are bound to the NIC as well.
                          1) I checked the link and reviewed our registry settings. Turned out ours is already setup that way. We had this issue previously and used that KB to resolve this problem. Issue only started coming up when the network adapter issue started happening, I believe. I will hold off on this one until that portion is resolved. This brings us to...

                          2) Thanks for the info. Reviewed the bindings using the following article as a reference:

                          http://thebackroomtech.com/2009/01/1...s-server-2008/

                          Seems you have to hit Alt + N to display the advanced menu in the "Manage network connections" menu screen to bring it all up. Found that our disabled network adapter was above the currently active adapter in priority. Reversed this.

                          Our next reboot isn't scheduled until the middle of next month. Once the reboot is performed, I will see if this has corrected the issue and update this post. Hopefully, if this resolves the issue, this can help someone else who encounters this problem.

                          Comment


                          • #14
                            Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                            Originally posted by Euphrates View Post
                            1) I checked the link and reviewed our registry settings. Turned out ours is already setup that way. We had this issue previously and used that KB to resolve this problem. Issue only started coming up when the network adapter issue started happening, I believe. I will hold off on this one until that portion is resolved. This brings us to...

                            2) Thanks for the info. Reviewed the bindings using the following article as a reference:

                            http://thebackroomtech.com/2009/01/1...s-server-2008/

                            Seems you have to hit Alt + N to display the advanced menu in the "Manage network connections" menu screen to bring it all up. Found that our disabled network adapter was above the currently active adapter in priority. Reversed this.

                            Our next reboot isn't scheduled until the middle of next month. Once the reboot is performed, I will see if this has corrected the issue and update this post. Hopefully, if this resolves the issue, this can help someone else who encounters this problem.
                            Just a follow-up. I performed our next scheduled reboot and all was well. It looks like changing the network adapter bindings fixed the problem.

                            Comment


                            • #15
                              Re: Domain Controller's Network Adaptor Not Detecting It's Own Domain

                              Thanks for letting us know.
                              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                              sigpic
                              Cruachan's Blog

                              Comment

                              Working...
                              X