Discussion:
Domain controller Stop functioning
(too old to reply)
Mr.B
2005-08-23 09:53:15 UTC
Permalink
I have two domain controllers based on windows 2000 server. When i restart
domain controller it works ok, for about one hour, than it sort of hangs.
While it works, all tests past, but after while, all test fails.
Errors that are logged on that server are:

Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Replication warning: Couldn't allocate memory. Replication may be affected
until more memory is available. Increase the amount of virtual memory
available. Stop and restart this Windows Domain Controller and try again.


Event Type: Error
Event Source: NTDS KCC
Event Category: Internal Processing
Event ID: 1168
Error 1(1) has occurred (Internal ID f060065). Please contact Microsoft
Product Support Services for assistance.

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
The DNS server was unable to open Active Directory. This DNS server is
configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is
functioning properly and reload the zone. The event data is the error code.


Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller DC101.help.local for
FRS replica set configuration information.

Could not bind to a Domain Controller. Will try again at next polling cycle.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720


Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 23.08.2005
Time: 11:19:21

Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 23.08.2005
Time: 11:14:52
User: N/A
Description:
The redirector was unable to initialize security context or query context
attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..€
0010: 00 00 00 00 64 00 00 c0 ....d..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 64 00 00 c0 }...d..À






But if i left it stand there it will start work ok again? CPU and memory are
well below maximum numbers, that are considered bottleneck. On DC that sort
of hangs is Exchange server.
Al Mulnick
2005-08-23 11:24:07 UTC
Permalink
It didn't sort of hang, it's hung.
Why is out of memory? What have you done to troubleshoot the memory
problems?
Post by Mr.B
I have two domain controllers based on windows 2000 server. When i restart
domain controller it works ok, for about one hour, than it sort of hangs.
While it works, all tests past, but after while, all test fails.
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Replication warning: Couldn't allocate memory. Replication may be affected
until more memory is available. Increase the amount of virtual memory
available. Stop and restart this Windows Domain Controller and try again.
Event Type: Error
Event Source: NTDS KCC
Event Category: Internal Processing
Event ID: 1168
Error 1(1) has occurred (Internal ID f060065). Please contact Microsoft
Product Support Services for assistance.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
The DNS server was unable to open Active Directory. This DNS server is
configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is
functioning properly and reload the zone. The event data is the error code.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller DC101.help.local for
FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 23.08.2005
Time: 11:19:21
Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 23.08.2005
Time: 11:14:52
User: N/A
The redirector was unable to initialize security context or query context
attributes.
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..€
0010: 00 00 00 00 64 00 00 c0 ....d..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 64 00 00 c0 }...d..À
But if i left it stand there it will start work ok again? CPU and memory are
well below maximum numbers, that are considered bottleneck. On DC that sort
of hangs is Exchange server.
Mr.B
2005-08-23 11:38:01 UTC
Permalink
When i look at task manager, there is about 300MB free Physical memory. Cpu
is max 30% with performance monitor, taking snapshots every 15 second, the
same is with memory...
Post by Al Mulnick
It didn't sort of hang, it's hung.
Why is out of memory? What have you done to troubleshoot the memory
problems?
Post by Mr.B
I have two domain controllers based on windows 2000 server. When i restart
domain controller it works ok, for about one hour, than it sort of hangs.
While it works, all tests past, but after while, all test fails.
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Replication warning: Couldn't allocate memory. Replication may be affected
until more memory is available. Increase the amount of virtual memory
available. Stop and restart this Windows Domain Controller and try again.
Event Type: Error
Event Source: NTDS KCC
Event Category: Internal Processing
Event ID: 1168
Error 1(1) has occurred (Internal ID f060065). Please contact Microsoft
Product Support Services for assistance.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
The DNS server was unable to open Active Directory. This DNS server is
configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is
functioning properly and reload the zone. The event data is the error code.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller DC101.help.local for
FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 23.08.2005
Time: 11:19:21
Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 23.08.2005
Time: 11:14:52
User: N/A
The redirector was unable to initialize security context or query context
attributes.
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..€
0010: 00 00 00 00 64 00 00 c0 ....d..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 64 00 00 c0 }...d..À
But if i left it stand there it will start work ok again? CPU and memory are
well below maximum numbers, that are considered bottleneck. On DC that sort
of hangs is Exchange server.
Al Mulnick
2005-08-23 12:08:29 UTC
Permalink
What else is running on the machine?
What else is logged in the system event log?

Al
Post by Mr.B
When i look at task manager, there is about 300MB free Physical memory. Cpu
is max 30% with performance monitor, taking snapshots every 15 second, the
same is with memory...
Post by Al Mulnick
It didn't sort of hang, it's hung.
Why is out of memory? What have you done to troubleshoot the memory
problems?
Post by Mr.B
I have two domain controllers based on windows 2000 server. When i restart
domain controller it works ok, for about one hour, than it sort of hangs.
While it works, all tests past, but after while, all test fails.
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1079
Replication warning: Couldn't allocate memory. Replication may be affected
until more memory is available. Increase the amount of virtual memory
available. Stop and restart this Windows Domain Controller and try again.
Event Type: Error
Event Source: NTDS KCC
Event Category: Internal Processing
Event ID: 1168
Error 1(1) has occurred (Internal ID f060065). Please contact Microsoft
Product Support Services for assistance.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
The DNS server was unable to open Active Directory. This DNS server is
configured to obtain and use information from the directory for this
zone
and
is unable to load the zone without it. Check that the Active Directory is
functioning properly and reload the zone. The event data is the error code.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
DC101.help.local
for
FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 23.08.2005
Time: 11:19:21
Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 23.08.2005
Time: 11:14:52
User: N/A
The redirector was unable to initialize security context or query context
attributes.
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..?
0010: 00 00 00 00 64 00 00 c0 ....d..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 64 00 00 c0 }...d..À
But if i left it stand there it will start work ok again? CPU and
memory
are
well below maximum numbers, that are considered bottleneck. On DC that sort
of hangs is Exchange server.
Mr.B
2005-08-23 12:46:43 UTC
Permalink
Machine is HP Box. I remove most of the patches and agents.
Machine has FSMO role of Infrastructure master, PDC emulator, and rid master.
On machine runs DNS with AD integrated zone. WINS server and Enterprise CA.
There is GFI NSM on it and nothing else.
There is Exchange 2000 ES, on machine and nothing else.

There is no prolong CPU spikes, and memory is well about 300MB of free
Physical memory…
I did on thing with this machine. I transferred all roles to other DC. I
demote computer and promote it back. When I promote it back, I first
transferred GC to these machine and it works , than I transferred PDC and RID
master and it did not hangs, but DC2 start acting like DC1, that hang now.
When I switch GC and Infrastructure master, DC1 start hanging, and DC2 ,
start to work ok.

There is no distinguishing errors, only related to Non functioning AD on DC.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720
Date: 23.08.2005
Time: 14:17:29
User: N/A
Computer: DC1
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller
\\adc1.albatros.root.local for the domain ALBATROS failed because the
computer DC1 does not have a local security database account.
Data:
0000: 8a 01 00 c0 Š..À


Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 23.08.2005
Time: 14:15:44
User: N/A
Computer: DC1
Description:
The server was unable to logon the Windows NT account 'IUSR_DC1' due to the
following error: Logon failure: unknown user name or bad password. The data
is the error code.
For additional information specific to this message please visit the
Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: 2e 05 00 00 ....



Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 23.08.2005
Time: 13:12:11
User: N/A
Computer: DC1
Description:
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller DC1.root.local for
FRS replica set configuration information.

Error searching DS with filter (objectCategory=*) under cn=dc2,ou=domain
controllers,dc=root,dc=local. Error returned : Server Down

Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13526
Date: 23.08.2005
Time: 13:12:09
User: N/A
Computer: DC1
Description:
The File Replication Service cannot replicate d:\winnt\sysvol\domain with
the computer DC2 because the computer's SID cannot be determined from the
distinguished name "cn=dc2,ou=domain controllers,dc=root,dc=local".

The File Replication Service will retry later.

Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
Date: 23.08.2005
Time: 12:07:59
User: Everyone
Computer: DC1
Description:
The attempt to communicate with global catalog \\DC2.root.local failed with
the following status:

There are no more endpoints available from the endpoint mapper.

The operation in progress might be unable to continue. The directory
service will use the locator to try find an available global catalog server
for the next operation that requires one.

The record data is the status code.
Data:
0000: d9 06 00 00 Ù...




On that doe not add up :
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5783
Date: 23.08.2005
Time: 14:30:10
User: N/A
Computer: DC1
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller
\\adc1.albatros.root.local for the domain ALBATROS is not responsive. The
current RPC call from Netlogon on \\DC2 to \\ adc1.albatros.root.local has
been cancelled.


From errors, the only one that stand up is
Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
There are no more endpoints available from the endpoint mapper

I`m little confused, is DC2 down or DC1 down ? GC is on DC2.
Al Mulnick
2005-08-23 13:20:39 UTC
Permalink
I haven't used GFI NSM, but can I suggest that you remove it and see if you
get the same results?
http://forums.gfi.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=11;t=000133
indicates some configurations could cause some issues.


And which version of 2000 is this? SP4 + hotfixes etc?

Al
Post by Mr.B
Machine is HP Box. I remove most of the patches and agents.
Machine has FSMO role of Infrastructure master, PDC emulator, and rid master.
On machine runs DNS with AD integrated zone. WINS server and Enterprise CA.
There is GFI NSM on it and nothing else.
There is Exchange 2000 ES, on machine and nothing else.
There is no prolong CPU spikes, and memory is well about 300MB of free
Physical memory.
I did on thing with this machine. I transferred all roles to other DC. I
demote computer and promote it back. When I promote it back, I first
transferred GC to these machine and it works , than I transferred PDC and RID
master and it did not hangs, but DC2 start acting like DC1, that hang now.
When I switch GC and Infrastructure master, DC1 start hanging, and DC2 ,
start to work ok.
There is no distinguishing errors, only related to Non functioning AD on DC.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5720
Date: 23.08.2005
Time: 14:17:29
User: N/A
Computer: DC1
The session setup to the Windows NT or Windows 2000 Domain Controller
\\adc1.albatros.root.local for the domain ALBATROS failed because the
computer DC1 does not have a local security database account.
0000: 8a 01 00 c0 Š..À
Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 23.08.2005
Time: 14:15:44
User: N/A
Computer: DC1
The server was unable to logon the Windows NT account 'IUSR_DC1' due to the
following error: Logon failure: unknown user name or bad password. The data
is the error code.
For additional information specific to this message please visit the
http://www.microsoft.com/contentredirect.asp.
0000: 2e 05 00 00 ....
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 23.08.2005
Time: 13:12:11
User: N/A
Computer: DC1
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller DC1.root.local for
FRS replica set configuration information.
Error searching DS with filter (objectCategory=*) under cn=dc2,ou=domain
controllers,dc=root,dc=local. Error returned : Server Down
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13526
Date: 23.08.2005
Time: 13:12:09
User: N/A
Computer: DC1
The File Replication Service cannot replicate d:\winnt\sysvol\domain with
the computer DC2 because the computer's SID cannot be determined from the
distinguished name "cn=dc2,ou=domain controllers,dc=root,dc=local".
The File Replication Service will retry later.
Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
Date: 23.08.2005
Time: 12:07:59
User: Everyone
Computer: DC1
The attempt to communicate with global catalog \\DC2.root.local failed with
There are no more endpoints available from the endpoint mapper.
The operation in progress might be unable to continue. The directory
service will use the locator to try find an available global catalog server
for the next operation that requires one.
The record data is the status code.
0000: d9 06 00 00 Ù...
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5783
Date: 23.08.2005
Time: 14:30:10
User: N/A
Computer: DC1
The session setup to the Windows NT or Windows 2000 Domain Controller
\\adc1.albatros.root.local for the domain ALBATROS is not responsive. The
current RPC call from Netlogon on \\DC2 to \\ adc1.albatros.root.local has
been cancelled.
From errors, the only one that stand up is
Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
There are no more endpoints available from the endpoint mapper
I`m little confused, is DC2 down or DC1 down ? GC is on DC2.
Mr.B
2005-08-23 13:36:06 UTC
Permalink
DC stops not NSM V6
Windows 2000 SP4 with all latest updates.

Start getting DCOM Errors 10009.
Userenv 1000 Windows cannot query for the list of Group Policy objects . A
message that describes the reason for this was previously logged by this
policy engine.

Userenv 1000 Windows cannot establish a connection to root.local with (10053)
Al Mulnick
2005-08-23 13:57:11 UTC
Permalink
As the DC starts to fail, those errors will occur. Accepted. However, the
cause is to be determined and as part of the troubleshooting process it
would be a good idea to simplify the environment by removing the third-party
applications. You can always reinstall later.
Unless you have a better theory why an otherwise working DC was working and
now isn't even though you didn't change anything.

Al
Post by Mr.B
DC stops not NSM V6
Windows 2000 SP4 with all latest updates.
Start getting DCOM Errors 10009.
Userenv 1000 Windows cannot query for the list of Group Policy objects . A
message that describes the reason for this was previously logged by this
policy engine.
Userenv 1000 Windows cannot establish a connection to root.local with (10053)
Mr.B
2005-08-23 14:28:13 UTC
Permalink
A stop services that i don`t need. Than i will start uninstalling them.
Post by Al Mulnick
As the DC starts to fail, those errors will occur. Accepted. However, the
cause is to be determined and as part of the troubleshooting process it
would be a good idea to simplify the environment by removing the third-party
applications. You can always reinstall later.
Unless you have a better theory why an otherwise working DC was working and
now isn't even though you didn't change anything.
Al
Post by Mr.B
DC stops not NSM V6
Windows 2000 SP4 with all latest updates.
Start getting DCOM Errors 10009.
Userenv 1000 Windows cannot query for the list of Group Policy objects . A
message that describes the reason for this was previously logged by this
policy engine.
Userenv 1000 Windows cannot establish a connection to root.local with (10053)
Al Mulnick
2005-08-23 14:56:33 UTC
Permalink
Let us know if it helps.
Post by Mr.B
A stop services that i don`t need. Than i will start uninstalling them.
Post by Al Mulnick
As the DC starts to fail, those errors will occur. Accepted. However, the
cause is to be determined and as part of the troubleshooting process it
would be a good idea to simplify the environment by removing the third-party
applications. You can always reinstall later.
Unless you have a better theory why an otherwise working DC was working and
now isn't even though you didn't change anything.
Al
Post by Mr.B
DC stops not NSM V6
Windows 2000 SP4 with all latest updates.
Start getting DCOM Errors 10009.
Userenv 1000 Windows cannot query for the list of Group Policy objects . A
message that describes the reason for this was previously logged by this
policy engine.
Userenv 1000 Windows cannot establish a connection to root.local with (10053)
Mr.B
2005-08-24 08:15:03 UTC
Permalink
Well no help, but I find out one thing.

When every one stop working in the afternoon, i restart the server and it
work ok through the night, but in the morning, when every one start working,
it hang with symptoms...
Mr.B
2005-08-25 09:02:01 UTC
Permalink
No luck.
I tried Nltest when DC is in so called hang state.

From hang DC1 :

C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

C:\>nltest /server:DC2 /sc_query: DOMAIN
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\DC1. DOMAIN.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully


From DC2:
C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

C:\>nltest /server:DC2 /sc_query: DOMAIN
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\DC1. DOMAIN.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
Al Mulnick
2005-08-25 11:52:48 UTC
Permalink
Still running NSM or have it installed?
Post by Mr.B
No luck.
I tried Nltest when DC is in so called hang state.
C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
C:\>nltest /server:DC2 /sc_query: DOMAIN
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\DC1. DOMAIN.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
C:\>nltest /server:DC2 /sc_query: DOMAIN
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\DC1. DOMAIN.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
Mr.B
2005-08-25 12:05:04 UTC
Permalink
I uninstall it, did not restart DC. I will do it later do it later.

I Forget to list the following programs :, Trendmicro Server protect, and
TrendMicro Scanmail on server, and ultraback agent, but that should not be
problem.

These is normal :
C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Al Mulnick
2005-08-25 12:10:01 UTC
Permalink
No, it should not be a problem. But since you have a problem you shouldn't
have, it would make sense to simplify the installation and remove those
third-party applications (all of them) and restart to see if you still have
the problem. Any of those could cause the issues you describe. Just turning
them off is not always enough to figure out if it's the cause or not, so
uninstallation is recommended. Clean uninstallation.

Al
Post by Mr.B
I uninstall it, did not restart DC. I will do it later do it later.
I Forget to list the following programs :, Trendmicro Server protect, and
TrendMicro Scanmail on server, and ultraback agent, but that should not be
problem.
C:\>nltest /server:DC1 /sc_query:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Mr.B
2005-08-25 12:20:05 UTC
Permalink
I forget to mentioned, that these problems arrived, when we change location
of server. Practically all stayed the same, only, network speed has bean
upgraded from 1Mbps optic to 10Mbps LAN, through Cisco router.
DC1 and DC2 are root servers for domain.
Al Mulnick
2005-08-25 12:58:05 UTC
Permalink
Wow. And you updated the name resolution information etc?
On the nic and in DNS? Still seems awfully complex to troubleshoot this
way. You have too many variables that can be the root cause to really
narrow it down.
Post by Mr.B
I forget to mentioned, that these problems arrived, when we change location
of server. Practically all stayed the same, only, network speed has bean
upgraded from 1Mbps optic to 10Mbps LAN, through Cisco router.
DC1 and DC2 are root servers for domain.
Loading...