Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Currently we have all windows 2003 servers (standard edition 32bit) running our domain. We have 2 DC's, both GC's. We have member servers that are also 2003.
Our internal users get disconnected off and on throughout the day. They can ping anything on the web, they can ping internal, they can get to their mapped drives. They cannot get to the internet or anything web based internal. They cannot remote desktop to the servers. Pretty much they are stuck and the only way to fix it is to reboot. There are no errors in the event viewer of either the servers or the xp pro workstations. All updates are done on the servers and workstations. This is a random disconnect.. not everyone at the same time, not at the same time of day, not using any givin program. a release and renew does not fix it - a repair on the connection does not fix it. we have to reboot the workstation. Outlook also loses connection. Both the DC's have DNS on them, 1 DC has DHCP. I have ordered and put a new Switch in, this did not stop the issue. I have also change NIC cards on the servers, still the same issue. Please help. I have 220 users and I get 700 phone calls a day.
Thanks,
Could it be a time sync problem? The next time it happens, check the time on both the workstation and the server.
0 
I pretty sure it has something to do with the time sync. But I'm not sure how to fix it. Server-A has all the roles and Server-B is our BDC - when I do a net time it comes up with our exchange server (Server-C) I am quite confused on this. I would like Server-A to pull time from the military and be our main time server and push out to all servers and workstations, but apparently that isn't working correctly. I started looking at this closer after I posted the w32time warning. Let me know if there is a way that I can fix this - it seems one of our other administrators may have been messing with time settings in the registry. Thanks.
0
Start with the basic settings in each server. If you double click on the clock in the tray, are all servers set to the same time zone and are they set to ping the .gov site under internet time zone?
Secondly, have all the clients been patched for daylight savings?
0
Ok here's what I've done so far, I hope this works.
In the registry of our PDC (HKLM\SYSTEM\CurrentControlSet\Services|W32Time\Parameters) I added NtpServer to point to time.nist.gov,0x1 and changed the Type to NTP. On all the other DC's registry (same), I changed the Type to Nt5DS. According to Microsoft, with the changes to the PDC it will act as an authoritive time server and pull the time from time.nist.gov and act as the NTP server. The setting Nt5DS on the other servers is set so they act as non-authoritiv servers and will look for the nearest time server. So in theory, they should look for the PDC which should have the correct time and sync from it. Once this is done, I went to each server including the pdc and ran "net stop w32time & net start w32time" then followed up with "w32tm /resync /rediscover". I checked the event viewer and the w32time is now in sync with the PDC. After the changes were made, I had a few calls saying that clients had lost connection again, I had them reboot and usually I don't hear anything for a few hours. Just to make sure they were going to sync with the PDC, I added the above commands into the logon scripts - I haven't heard anything as of yet, but then again, I just got into work. I will keep you updated. Also - port 123 has to be open to the PDC in order for it to pull time from the outside source. I'm still not convinced that this is our issue, but I will wait and see. Thanks.
0 0
Well if this doesn't fix it, I am getting a BIG hammer and destroying the servers. :) That's a joke.. I will let you know what happens. I just sent an email to all users to log off and log back in so the logon scripts take effect.
Thanks.
0
Bad news - between 11 & 11:45 A.M. EST, I've had 6 calls saying that they have lost connection. I get nothing in the event viewer on the servers or the workstations. This is very irritating.
0
Here are 2 events in the event viewer, however, I do not think they are relevant.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 11/19/2008
Time: 12:47:46 PM
User: N/A
Computer: ADCAREWEB
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.exe
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.
AND...
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 11/19/2008
Time: 12:09:44 PM
User: N/A
Computer: ADCAREWEB
Description:
The master browser has received a server announcement from the computer AHC-REC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EC6F0F45-AA12-4CD4-A. The master browser is stopping or an election is being forced.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 35 00 00 00 00 00 00 00 5.......
0020: 00 00 00 00 00 00 00 00 ........
0
Update-
I've updated all firmware on our switches - i've updated drivers on all nic cards on the servers. Still nothing working.
I am now scrambling for help - it's becoming worse, so I ran this "net config server /autodisconnect:-1" on our servers - I'm pretty sure this isn't going to work either. Help? Anyone?
0
I just thought of something. Is the 'client logging service' running in services, on the server.
I think that's what it's called. Disable it if it is.
How many licenses is your server set for? Does the amount of workstations exceed that number?
0
I don't see anything in the services called Client Logging - what else could it be called? Also, this may be a goofy question, how do I check to see how many licenses we have used? We are licensed for 275 and have roughly 250 clients, but we've added a few here and there. Thanks for your help.
0
-Update-
I've noticed with one of the people who work in my office that when she leaves her computer idle for 15 minutes or longer, she loses connection. I've checked the power settings on her nic and it is unchecked - so that is good there. -Still searching for answers... what a long week of crap..
0
I researched the license thing a little more and only SBS and TS are electronically enforced. However, when the server is first set up, it asks for the number of users, which can be set to anything you want. I don't know how to find that number in the machine. If you don't see client logging in services, I would look for another cause.
Let's look at the user who left her machine idle as was disconnected it. Is a screen saver enabled to activate after 15 minutes and could that be the cause of the disconnect?
0
I've tested it both ways - with the screensaver on and off.
Here's some information. I have one domain. I have 6 servers at our coporate office (3 are DC's - 1 of the 3 holds all the roles). I have 7 remote sites that connect via a VPN connection (fiber). Each location has it's own server that replicates AD etc with the corporate office. Only 2 locations and the corporate office are experiencing these issues. The servers are identical at each location. Each location connects using a Sonicwall firewall back to the corporate locations Sonicwall firewall. (i've called our sonicwall guy, no changes). We use Trend Micro OfficeScan, it updates itself. Each location has it's own DNS server and DHCP server. Let me know if you need any other info. The bad thing is we are a Health Care facility, this is affecting our business in a huge way. But the weird thing is that it is only affecting Corporate, and 2 remote locations. The other 5 locations are ok....
0
-UPDATE-
I just added this to the registry under HKLM\System\CCS\Services\TCpip\Parameters - EnablePMTUDiscover (Dword Hex 1).
Let's see what happens.... please work!!
0
Same issues...nothing is working.
FYI - My PDC has IIS running on it - could this be the problem? It also had DNS running on it. And Sharepoint. I don't know how this could be the problem, it's been running like this for 5 months... but i'm still desperate for answers..
0
Let's go with the thing I like to blame the most when an answer can't be found. Are those sites running Norton AV or any Symantec products, that may have been updated when the problem started?
0
The sites are running Trend Micro Office Scan - I tried that one already, I turned our trend server off and stopped the services on some of the workstations. Still does the same thing.
0
I've never seen Trend bother anything. Take that machine that disconnects after being idle for 15 minutes and boot it to safe mode. Don't open anything and wait 15 minutes.
And/Or
Run msconfig and disable all under startup, reboot and wait the 15 minutes.
0
Trend Micro OfficeScan version 8 SP1 installed a patch that deployed to all workstations and servers. This patch installed a firewall on our servers that was blocking requests to the internet and intranet. I called Trend, they sent me a uninstaller and I had to run it, then I had to reboot all servers (haven't been to workstations yet) and run the installer from our web interface - once this was done, it did not install the firewall. Looks like it is working right now, but its only been 16 hours. So far so good. *knock on wood*
0
I have the same problem, but on my machine in the event log it's telling me that my own machine stole my ip adress.
0
Our issue was a third party application. It was not Trend Micro - after I investigated deeper into the situation it came across as one of our applications that gathers system inventory from our workstations across our VPN. The company sent out a patch but for some reason decided to skip us. Needless to say, I was very unhappy with them. I installed the patch and all has been good since.
I hope you figure out your issue, it most likely has nothing to do with what we experienced.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
