We have a Windows Server 2008 member server in a 2003 domain with 2 domain controllers. It holds our Exchange 2007 server and some other data. For the last two weeks, off and on, we have had a problem logging into Exchange from the outside. The problem will appear, and then go away. The last time this happened, I ran DCDIAG from the 2008 server, and it produced a number of errors. Interestingly enough, while the login capability came back, the errors remain, so the problem probably lies elsewhere, just waiting to be tracked down. In the meanwhile, I would like to know if there is something that should be done to extend the 2003 Active Directory to accommodate a 2008 server.
Below are the errors I see when running DCDIAG on the 2008 server. Running on the other two servers, which are domain controllers, shows no errors.
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name[server]
Starting test: Connectivity
......................... [server] passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name[server]
Starting test: Advertising
Fatal Error:DsGetDcName ([server]) call failed, error 1722
The Locator could not find the server.
......................... [server] failed test Advertising
Starting test: FrsEvent
[[server]] An net use or LsaPolicy operation failed with error 53,
The network path was not found..
......................... [server] failed test FrsEvent
Starting test: DFSREvent
......................... [server] failed test DFSREvent
Starting test: SysVolCheck
......................... [server] failed test SysVolCheck
Starting test: KccEvent
......................... [server] failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... [server] passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [[server]]:failed with 53:
The network path was not found.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... [server] passed test MachineAccount
Starting test: NCSecDesc
......................... [server] passed test NCSecDesc
Starting test: NetLogons
[[server]] An net use or LsaPolicy operation failed with error 53,
The network path was not found..
......................... [server] failed test NetLogons
Starting test: ObjectsReplicated
......................... [server] passed test ObjectsReplicated
Starting test: Replications
......................... [server] passed test Replications
Starting test: RidManager
......................... [server] passed test RidManager
Starting test: Services
Could not open Remote ipc to [[server].MyDomainName.com]: error 0x35
"The network path was not found."
......................... [server] failed test Services
Starting test: SystemLog
......................... [server] failed test SystemLog
Starting test: VerifyReferences
......................... [server] passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running enterprise tests on : MyDomainName.com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... MyDomainName.com failed test LocatorCheck
Starting test: Intersite
......................... MyDomainName.com passed test Intersite
I have searched for a resolution, but none I found seems to fit. It was suggested by a few posts that the fault may live in sites and services, but, it appears that ll is well there.[/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server][/server]
Software/Hardware used: Windows Serveer 2003 R2 64-bit, Windows Server 2003 32-bit, Windows Server 2008 64-bit
Good guess, but no cigar. While i cannot establish a VPN connection either, I can remote into the server by name and then log into it successfully. I can ping the server by IP and name with no problems and get sub 15ms returns.
I have placed our backup router in place, but the problem continues. One will not be able to log in form an external machine for hours or days ,then BAM!, it is fixed all on its own.
Featured Member: Darkstar911 - ITKE Community Blog
[...] Darkstar911 for helping us out around the forums for the past couple weeks. Whether it’s Windows Server 2008, Oracle, or Windows 7 in 2010, Darkstar911’s been laying down the knowledge. Thanks for [...]
Darkstar911,
DNS does not seem to be the problem. While the issue is affecting VPN and Outlook connections, it does not affect other remote connections and I am able to remote into any server I please using the FQDN. I do believe that pretty much rules out DNS issues and bandwidth issues at the router.
The DCDIAG results are kind of a red herring, but I would like ot get an answer to that issue, if it is an issue, since I do get the same results with or without the problem.
Right now AI am in sort of a hold pattern waiting for the problem to occur again, at which time I m going to up the logging since I do not see anything in the logs indicating a problem. I am also going to run NETDIAG as well to see what may come up.
darkstar911,
I did not notice the other post by you until I posted my first reply to you. No, there are no time based rules on the FW. We all have a tendency to work strange hours, and all I care is that the work gets done, not what time you are working on it. If you want to do e-mail at 2 AM or finish that proposal for a client then, it is fine, just show up for work when you should <g>. (The grin is for the reason that we are a bit lax on that as well, so long as you get you time in for the week and are making us money..)
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 5  Replies