Active Directory keeps stopping
in [Active Directory]
|
From: inthedark on 3 Jan 2007 12:04 There is only one Server which is the Primary AD server. (There is no secondary AD server.) The also is the DNS Server . The TCP/IP network config only lists itself as a DNS server. Only the DNS Server points DNS forwarders located at the ISP. All clients only have 1 DNS Server which is the AD Server Erik Cheizoo wrote: > I do agree with Harj that it looks like you have set the DNS server(s) in > your server's TCP/IP configuration to your ISP DNS servers. > As these servers do not host your domain zones (and most importantly, the > _msdcs zones), you have broken Active Directory. > > The good news is that this is easilly fixed, as Harj pointed out. > 1) Make sure your DC is running DNS > 2) Make sure your AD DNS zone (eg. mycompany.local) is stored in Active > Directory and only secure updates are allowed (for security reasons) > (Secure only will allow DNS registration for Windows 2000 and above clients. > Win9X/NT/etc is not supported) > 3) Make sure your DNS server isn't a root DNS server. Translated: Make sure > your DNS server is not hosting the . (dot) zone. > This will break DNS lookups for Internet addresses, as the DNS server thinks > he's on top of the DNS hierarchy. > If the . zone is hosted, delete it. > 4) Do not configure your DNS server to forward to your ISP DNS servers, as > ISP DNS polution occurs more frequently nowadays > Instead, rely on the root hints, which are configured correctly within > Windows 2003 DNS. If a record outside your own AD zone is requested, your > DNS server will perform a lookup using the Internet root servers and caches > the results for future requests. > 5) After the above configuration steps, run the following commands; > - net stop dns > - net start dns > - ipconfig /registerdns > - net stop netlogon > - net start netlogon > 6) Check DNS for a host (A) record in your AD DNS zone. Also, check the > records under _msdcs. > > Good luck! > > Erik Cheizoo > eXcellence & Difference > We keep your business running > > > > "Harj" <cisqokid(a)gmail.com> wrote in message > news:1167753968.019463.168040(a)n51g2000cwc.googlegroups.com... > > Hi, > > > >> After a few hours, sometimes days the AD stops running > > > > Active Directory does not stop "running" > > > >> 3) Create a public lookup zone so that the server could become a > >> primary dns for a domain. > >> (This was need for just a few days until the new ISP could handle the > >> DNS.) > > > > Well where was this Domain controller pointed to for primary DNS > > before? and where is it pointing now? Please do not tell me you have > > it pointed to your ISP :( > > > > You have one domain controller, one DNS server. Make sure this DC is > > pointed to itself for primary DNS and ONLY itself. > >>From the command prompt run the following > > ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net > > start netlogon. > > > > Make sure your clients are pointed to this DC for primary DNS. > > Run DCdiag /v, Netdiag /v to check for errors. > > > > Good luck > > > > Harj Singh > > Power Your Active Directory Investment > > www.specopssoft.com > > > > > > inthedark wrote: > >> A simple site running 1 AD server Windows 2000 and a few clients. Has > >> been running for years fine fore years but the company were picking up > >> lots of spam on their server. On the same day I did the following: > >> > >> 1) Run Windows Update > >> 2) Installed FTGate mail server > >> 3) Create a public lookup zone so that the server could become a > >> primary dns for a domain. > >> (This was need for just a few days until the new ISP could handle the > >> DNS.) > >> > >> After a few hours, sometimes days the AD stops running. After reboot it > >> all works fine again. I have tried everything to resolve this error but > >> now need help. > >> > >> What I did was (SPANNING SEVERAL WEEKS): > >> > >> 1) Remove public domain lookup zone from the dns. > >> 2) Ran DCDIAG & NETDIAG to see if any problems: > >> > >> Conclusion: > >> > >> After reboot the netdiag report is clean but when AD enters error > >> condition I get the following (only part of report with errors is > >> included): > >> > >> -----------netdiag > >> > >> DC list test . . . . . . . . . . . : Failed > >> [WARNING] Cannot call DsBind to myserv1.MYDOM.local (192.168.1.3). > >> [ERROR_OUTOFMEMORY] > >> > >> Trust relationship test. . . . . . : Skipped > >> > >> Kerberos test. . . . . . . . . . . : Passed > >> > >> LDAP test. . . . . . . . . . . . . : Passed > >> [FATAL] Cannot open an LDAP session to 'myserv1.MYDOM.local' at > >> '192.168.1.3'. > >> [WARNING] Failed to query SPN registration on DC > >> myserv1.MYDOM.local'. > >> > >> ---------------------------------------- > >> > >> I have noted that many other people have had similar problems google > >> this: > >> > >> Cannot call DsBind [ERROR_OUTOFMEMORY] > >> > >> --------------------------------------- > >> > >> Other information: > >> > >> When the system enters the error state there are no errors in the > >> System or Active Directory logs. > >> > >> But after fails because AD is down the allocation logs starts to kick > >> off with USERENV errors messages. > >> > >> Can anybody help resolve this issue? > >
From: Erik Cheizoo on 3 Jan 2007 14:10 Are there any errors in the eventlog for System and/or Directory Services? Are there any services stopped which are set to automatic? Another possibillity is that you have set the scavaging period on your DNS server very low, deleting the DNS records before they are refreshed by the DC. Kind regards, Erik Cheizoo eXcellence & difference We keep your business running "inthedark" <nyoung(a)vipintersoft.com> wrote in message news:1167843179.586652.226420(a)s34g2000cwa.googlegroups.com... > You saird: Active Directory does not stop "running" > > If only that were true :~( It does stop running. Or at least it > becomes inaccessable. > > I think that the LDAP goes down in some way. >
From: inthedark on 4 Jan 2007 05:04 DCDIAG and NETDIAG are both very happy until the error condition arrives. There are no messages in the System, Directory Service or DNS logs. After the error condition messages start to arrive in the APplication Log, mostly becuase AD is unavailable. After the error condition the NETDIAG reports the following problems: DC list test . . . . . . . . . . . : Failed [WARNING] Cannot call DsBind to rmyc1.RMYC.local (192.168.1.3). [ERROR_OUTOFMEMORY] List of DCs in Domain 'RMYC': rmyc1.RMYC.local And also: LDAP test. . . . . . . . . . . . . : Passed Do un-authenticated LDAP call to 'rmyc1.RMYC.local'. [FATAL] Cannot open an LDAP session to 'rmyc1.RMYC.local' at '192.168.1.3'. [WARNING] Failed to query SPN registration on DC 'rmyc1.RMYC.local'.
From: inthedark on 4 Jan 2007 06:15 No Events in System or Directory Service. DNS Scavenging is set to 7 Days.
From: inthedark on 4 Jan 2007 06:45 Further. I disabled DNS Zone transfers (as there is only onse server). Becuase of the [ERROR_OUTOFMEMORY] message I looked at Task Manager and found that: After reboot Available memory was 300K out of 512K In error condition available memory was 180K (so who ate the 120K)
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: domainprep failure Next: Blocking programs from running using group policies. |