From Microsoft: Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process or thread activity. SOLUTION] Server 2. R2 DC constant network problems. Over the past months we have had multiple network issues on the server CT- EDM- DC- 0. We have completely ruled out the entire network and have found that the server is the main culprit. The problems include but are not limited to. During peak times random users would have Windows XP freeze up because their network drives would be unable to communicate with the server. These problems were prevalent before adding CT- EDM- DC- 0. DC, but we noticed that when the network slowed down and froze it would be for a longer period of time after the second DC was added. As the weeks went on it would get longer and longer until the point nothing would be accessible (netowkr drives, domain logon etc.) until the prmary DC was rebooted. Yet we were able to remote into the primary DC. We have recently removed Trend Client/Server security agent to rule out any issues that may be caused on that end. There exists a possibility that the Trend Firewall agent may be causing problems with Storage. Craft backups and seizing up the server. We really need to get this resolved and are rather stuc. We are running Server 2. R2 and Windows XP SP3 workstations.. I know there's a lot of great talent on here so I look forward to some insightful answers from this vibrant community. We have seen the following event logs errors that are of concern to us: Log Name: System. Source: srv. Date: 5/7/2. PMEvent ID: 2. 01. Task Category: None. Level: Warning. Keywords: Classic. User: N/AComputer: CT- EDM- DC- 0. Description: While transmitting or receiving data, the server encountered a network error. Occassional errors are expected, but large amounts of these indicate a possible error in your network configuration. The error status code is contained within the returned data (formatted as Words) and may point you towards the problem. Event Xml: < Event xmlns="http: //schemas. System> < Provider Name="srv" /> < Event. ID Qualifiers="3. Event. ID> < Level> 3< /Level> < Task> 0< /Task> < Keywords> 0x. Keywords> < Time. Created System. Time="2. T0. 3: 3. 6: 0. 1. Z" /> < Event. Record. ID> 3. Event. Record. ID> < Channel> System< /Channel> < Computer> CT- EDM- DC- 0. Computer> < Security /> < /System> < Event. Data> < Data> \Device\Lanman. Server< /Data> < Binary> 0. C0. 00. 00. 00. 00. DC0. 70. 08. 00. 00. C0. 00. 00. 00. 00. F0. 50. 00. 0< /Binary> < /Event. Data> < /Event> Log Name: DNS Server. Source: Microsoft- Windows- DNS- Server- Service. Date: 5/7/2. 01. PMEvent ID: 4. 01. Task Category: None. Level: Warning. Keywords: Classic. User: N/AComputer: CT- EDM- DC- 0. Description: The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed. Event Xml: < Event xmlns="http: //schemas. System> < Provider Name="Microsoft- Windows- DNS- Server- Service" Guid="{7. A5. 51. F5- C8. 93- 4. B- B5. EC8. 50. 26. E}" Event. Source. Name="DNS" /> < Event. ID Qualifiers="3. Event. ID> < Version> 0< /Version> < Level> 3< /Level> < Task> 0< /Task> < Opcode> 0< /Opcode> < Keywords> 0x. Keywords> < Time. Created System. Time="2. T1. 9: 5. 5: 4. 9. Z" /> < Event. Record. ID> 5. Event. Record. ID> < Correlation /> < Execution Process. ID="0" Thread. ID="0" /> < Channel> DNS Server< /Channel> < Computer> CT- EDM- DC- 0. Computer> < Security /> < /System> < Event. Data Name="DNS_EVENT_DS_OPEN_WAIT"> < /Event. Data> < /Event> Log Name: File Replication Service. Source: Nt. Frs. Date: 4/1. 8/2. PMEvent ID: 1. 35. Task Category: None. Level: Warning. Keywords: Classic. User: N/AComputer: CT- EDM- DC- 0. Description: The File Replication Service has enabled replication from CT- EDM- DC- 0. CT- EDM- DC- 0. 1 for c: \windows\sysvol\domain after repeated retries. Event Xml: < Event xmlns="http: //schemas. System> < Provider Name="Nt. Frs" /> < Event. ID Qualifiers="3. Event. ID> < Level> 3< /Level> < Task> 0< /Task> < Keywords> 0x. Keywords> < Time. Created System. Time="2. T2. 1: 2. 8: 3. 5. Z" /> < Event. Record. ID> 1. Event. Record. ID> < Channel> File Replication Service< /Channel> < Computer> CT- EDM- DC- 0. Computer> < Security /> < /System> < Event. Data> < Data> CT- EDM- DC- 0. Data> < Data> CT- EDM- DC- 0. Data> < Data> c: \windows\sysvol\domain< /Data> < /Event. Data> < /Event> Log Name: File Replication Service. Source: Nt. Frs. Date: 3/6/2. 01. PMEvent ID: 1. 35. Task Category: None. Level: Error. Keywords: Classic. User: N/AComputer: CT- EDM- DC- 0. Description: The File Replication Service has detected that the replica root path has changed from "c: \windows\sysvol\domain" to "c: \windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path. This was detected for the following replica set: "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file. At the first poll which will occur in 6. At the poll following the deletion this computer will be re- added to the replica set with the new root path. This re- addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not. Event Xml: < Event xmlns="http: //schemas. System> < Provider Name="Nt. Frs" /> < Event. ID Qualifiers="4. Event. ID> < Level> 2< /Level> < Task> 0< /Task> < Keywords> 0x. Keywords> < Time. Created System. Time="2. T0. 6: 3. 3: 1. 2. Z" /> < Event. Record. ID> 1. Event. Record. ID> < Channel> File Replication Service< /Channel> < Computer> CT- EDM- DC- 0. Computer> < Security /> < /System> < Event. Data> < Data> DOMAIN SYSTEM VOLUME (SYSVOL SHARE)< /Data> < Data> c: \windows\sysvol\domain< /Data> < Data> c: \windows\sysvol\domain< /Data> < Data> 6. Data> < /Event. Data> < /Event> Log Name: System. Source: Microsoft- Windows- Security- Kerberos. Date: 5/7/2. 01. PMEvent ID: 4. Task Category: None. Level: Error. Keywords: Classic. User: N/AComputer: CT- EDM- DC- 0. Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server CT- EDM- DT- 2. The target name used was cifs/CT- EDM- DT- 2. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (contoso. LOCAL) is different from the client domain (contoso. LOCAL), check if there are identically named server accounts in these two domains, or use the fully- qualified name to identify the server. Event Xml: < Event xmlns="http: //schemas.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |