Windows Server - Windows 2008 AD
Asked By Bright Hu
25-Jan-10 12:34 PM
Hello, my domain controller is windows 2008 server, it used to work fine,
after a power outage at this weekend, I restarted it and checked it, it
seemed work fine, but about one hour later, all the other computers in this
domain could not contact with it although the computers can ping it
correct...finally I restarted it again, it worked about one hour later and
the same issue again, does anyone have an idea about it? thanks a lot!
Windows Server 2008
(1)
IIS
(1)
EventID
(1)
LinkID
(1)
ActiveDirectory
(1)
ServiceSource
(1)
DomainService
(1)
Controllers
(1)
Florian Frommherz [MVP] replied to Bright Hu
Howdie!
Bright Hu schrieb:
Any errors seen in the event viewer? Like services shutting down? Have
you watched the time on the box - is it correct (and stays correct)? Is
it just this DC? What exactly does "could not contact" mean? No rep
traffic between DCs? No DNS requests (nslookup)?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Bright Hu replied to Florian Frommherz [MVP]
Hello Florian,
Thanks for your reply, I checked errors in event viewer, there is no error
about the AD, but some errors about the IIS, finally I stopped the WWW
service. The computers in this domain takes a long time to startup because
of logging into this domain, when I ping the DC server, the TTL < 1ms, it
looked good, but when I tried to access the shared folder on DC server, the
access was denied, this happened after the DC server running one hour
later...
Thanks,
Bright
Florian Frommherz [MVP] replied to Bright Hu
Bright,
Bright Hu schrieb:
At the time you get "Access denied" on a share, is there anything logged
in the Security Event log? Is the time correct on the DC? Does it differ
(noticeably) from other DCs or clients?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Bright Hu replied to Florian Frommherz [MVP]
there is no security error, but I found the below warning occurred 3 times:
The security of this directory server can be significantly enhanced by
configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest) LDAP binds that do not request signing (integrity verification) and
LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. Even if no clients are using such binds, configuring the server
to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple
binds over a non-SSL/TLS connection, and will stop working if this
configuration change is made. To assist in identifying these clients, if
such binds occur this directory server will log a summary event once every
24 hours indicating how many such binds occurred. You are encouraged to
configure those clients to not use such binds. Once no such events are
observed for an extended period, it is recommended that you configure the
server to reject such binds.
For more details and information on how to make this configuration change to
the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
You can enable additional logging to log an event each time a client makes
such a bind, including information on which client made the bind. To do so,
please raise the setting for the "LDAP Interface Events" event logging
category to level 2 or higher.
Ace Fekay [MVP-DS, MCT] replied to Bright Hu
Hi Bright Hu,
Can you post the actual EventID# and Source names of the errors you have
posted their descriptions, please? That will help us look them up for you a
lot easier.
Also, please post an unedited ipconfig /all of your DCs and a sample
workstation. This will help us eliminate possible basic configuration
issues.
Thank you,
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Bright Hu replied to Ace Fekay [MVP-DS, MCT]
below is the event# and source name:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 2010/1/26 7:57:05
Event ID: 2886
Task Category: LDAP Interface
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: DCSERVER.eplating.com
Description:
Thanks,
Bright
Ace Fekay [MVP-DS, MCT] replied to Bright Hu
Hello Bright,
This is an interesting error, rather warning. Were any changes ever made in
the domain controller's GPO or the Domain Controllers Local Policy regarding
Ldap Signing settings, or possibly a Security Template applied to the DC(s)
to increase security?
Take a look at the following links. The first one has a suggestion for
settings to change, but first it would be helpful to know what changes, if
any, were made. The second one is Microsoft's KB explaining how to enable
Ldap Signing, and the third link explains it in much more detail.
EventID 2886:
http://eventid.net/display.asp?eventid=2886&eventno=9831&source=ActiveDirectory_DomainService&phase=1
How to enable LDAP signing in Windows Server 2008
http://support.microsoft.com/kb/935834
Client, service, and program incompatibilities that may occur when you
modify security settings and user rights assignments:
http://support.microsoft.com/kb/823659
Ace
Bright Hu replied to Ace Fekay [MVP-DS, MCT]
factly, this server is AD, DNS, DHCP, and it is set to automatically install
windows update, I did not change anything on this server but I checked that
there is windows updates installed automatically, so I wondered if there is
any update caused the problem, I am checking the post and going to take a
try. thanks.
Bright
Ace Fekay [MVP-DS, MCT] replied to Bright Hu
I do not believe an update would have changed these settings. It could also
be coincidental. See what updates were installed prior to the power outage
or this occuring. Post the update # please.
Ace
Bright Hu replied to Ace Fekay [MVP-DS, MCT]
Ace,
after a couple of hours struggle, I finally restarted the server and DNS,
DHCP service, and removed web server role, I found there is an DHCP error
indicated that the network interface has no static IPV4 address, originally
I assigned a static IP address but now it is changed to dynamic address...the
error description is The DHCP service is not servicing any DHCPv4 clients
because none of the active network interfaces have statically configured
IPv4 addresses, or there are no active interfaces with Event# 1041, I
assigned an static IP address again and changed some setting of DHCP to make
it work, now the issue was gone. it seemed the error was caused by DHCP but
I do not know why the static IP was changed to dynamic IP, and at this time
of restarting the server, there is still indication showed some updates were
installed and initialized at the startup.
thanks for all of your help and instruction.
Bright
Problem Sharing Files Between PCs Windows Server I have two PCs connected to each other through a Wireless-N Gigabit Router (model number WRT310N). One PC is running Windws XP while the other is running Windows 7. At this point I do not have, or want, Internet connectivity. I would, however like to call web pages on the Windows 7 PC from the Windows XP PC. The Windows 7 PC has php files that run C++ files to analyze files supplied by the Windows XP PC and I would like to send the results of the analysis back to setting up a home based web site that allows users to run programs on my Windows 7 PC but I want to keep hackers from accessing files on my Windows 7
How to Prevent Virus from Changing Read-Only and Hidden Attributes on Files Folders? Windows Server We have our Windows 2003 servers fairly locked down by NTFS, and when a user browses the Internet they utility that would restore any critical system files and folders to their original attributes? - - W Windows Server Discussions David H. Lipman DLipman (1) Windows Server (1) David H. Lipman (1) Describe (1) Lock (1) Computer (1) Tool (1) Dave Multi It sounds like you might need a tool called unhide.exe. Crossposted from microsoft.public.windows.server.general | Crossposted from microsoft.public.windows.server.general | A virus did not hide files
AD & DNS Hell - HELP!!!! Windows Server Ok - here is what's going on: 1) Single Forest & Domain (KCG.local), running on Internet via Broadband Cablemodem. 3) No other DC or DNS Services. WINS provided by other Server. I am missing something here, or I am utterly clueless as to AD & DNS Integration domain 'ForestDnsZones.KCG.LOCAL.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition). Possible causes of failure include: - TCP / IP preferred and alternate DNS servers - Specified preferred and alternate DNS servers are not running - DNS server(s) primary for the records to be registered is not running - Preferred or alternate DNS command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD. For more information, see Help and Support Center at http: / / go.microsoft
Jeden Morgen das gleiche. . Vertrauensstellungsproblem Windows Server Guten Morgen, ich wei = DF nicht mehr weiter. Eine lange Zeit funktioniere unser Micrsoft-S jedoch alles zu = sammenzubrechen: Unser Setup: WAN | Modem | Liss-Firwall-Appliance | IBM-XServer (VMWare-ESXi) - Server 1: 2008R2 DC, DHCP, DNS, GDATA-Console - Server 2: 2008R2 Fileserver, Printserver - Server 3: 2008R2 Exchange Server - Server 4: 2008R2 Terminalserver - Server 5: Ubuntu SSH-Server / Webserver (nicht in Dom = E4ne) - Server 6: WinXP Testclient (in der
Small Business Server Standart 2011 Fehler Konsole Windows Server Matthias Wolf schreibt: - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Hallo, ich habe hier einen Windows Small Business Server 2011 Standard Der Server wurde komplett neu installiert. . Wenn ich nun in der Konsole auf "Freigegebene Ordner und Websiten klicke, so st = FCrzt die Konsole ab mit folgender Fehlermeldung: Windows SBS 2011 Standard Console funktioniert nicht mehr Problemereignisname: CLR20r3 Problemsignatur01: console.exe - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Im Ereignisprotokoll finden fehlerhaften Prozesses: 0x2e1c Startzeit der fehlerhaften Anwendung: 0x01cd2a137f2ec165 Pfad der fehlerhaften Anwendung: C: \ Program Files \ Windows Small Business Server \ Bin \ Console.exe Pfad des fehlerhaften Moduls: C: \ Windows \ system32 \ KERNELBASE.dll