|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
oliver
Guest
|
 Posted: Fri May 12, 2006 8:08 pm Post subject: Intermittent authentication lockout in server 2003 |
 |
|
I believe that this problem relates to active directory in some way
(hence my post here). We are having a problem on our fully patched 2003
server where every once in a while (on the order of once every 2-5
weeks) all our users connections to our server seem to die.
We have roaming profiles setup and all of the icons on their desktops
disappear and their systems are pretty much frozen (although not
completely).
Now, its not that the network has gone down. In fact, the server can
still be pinged, it is of course our DNS server and it that also still
works when this happens, and even an RDP session to the server can be
started, but I can never get past the login, it just sits their after
you have entered login data and does nothing. It does the exact same
thing from the console of the server also.
The only thing we can do at this point is to cold reboot the server.
When we do this everything comes back up just fine. The really odd part
is that no events are logged about this failure at all. We are keeping
a log ourselves of when it happens to try and track it down, but so far
we haven't been able to come up with anything.
I'm hoping someone will have some advice for us...
Thanx,
OLIVER |
|
| Back to top |
|
 |
|
|
Ace Fekay [MVP]
Guest
|
| Posted: Mon May 15, 2006 8:49 am Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
In news:%23IyOR5ddGHA.564@TK2MSFTNGP02.phx.gbl,
oliver <flxkid@techemail.com> stated, which I commented on below:
| Quote: | I believe that this problem relates to active directory in some way
(hence my post here). We are having a problem on our fully patched
2003 server where every once in a while (on the order of once every
2-5 weeks) all our users connections to our server seem to die.
We have roaming profiles setup and all of the icons on their desktops
disappear and their systems are pretty much frozen (although not
completely).
Now, its not that the network has gone down. In fact, the server can
still be pinged, it is of course our DNS server and it that also still
works when this happens, and even an RDP session to the server can be
started, but I can never get past the login, it just sits their after
you have entered login data and does nothing. It does the exact same
thing from the console of the server also.
The only thing we can do at this point is to cold reboot the server.
When we do this everything comes back up just fine. The really odd
part is that no events are logged about this failure at all. We are
keeping a log ourselves of when it happens to try and track it down,
but so far we haven't been able to come up with anything.
I'm hoping someone will have some advice for us...
Thanx,
OLIVER
|
It's difficult to tell without more specifics. One thing I think of when a
machine "loses connectivity or authentication" is using the wrong DNS
servers in a machine's (DCs. member servers and clients') IP properties,
such as an external or ISP's DNS. This can cause a multitude of problems
with AD.
If you can post an unedited ipconfig /all from the server and any event log
errors (that have red X's) Event ID# and Source, this will give us a better
start to help.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me] |
|
| Back to top |
|
|
oliver
Guest
|
| Posted: Mon May 15, 2006 7:30 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
Ace Fekay [MVP] wrote:
| Quote: | In news:%23IyOR5ddGHA.564@TK2MSFTNGP02.phx.gbl,
oliver <flxkid@techemail.com> stated, which I commented on below:
I believe that this problem relates to active directory in some way
(hence my post here). We are having a problem on our fully patched
2003 server where every once in a while (on the order of once every
2-5 weeks) all our users connections to our server seem to die.
We have roaming profiles setup and all of the icons on their desktops
disappear and their systems are pretty much frozen (although not
completely).
Now, its not that the network has gone down. In fact, the server can
still be pinged, it is of course our DNS server and it that also still
works when this happens, and even an RDP session to the server can be
started, but I can never get past the login, it just sits their after
you have entered login data and does nothing. It does the exact same
thing from the console of the server also.
The only thing we can do at this point is to cold reboot the server.
When we do this everything comes back up just fine. The really odd
part is that no events are logged about this failure at all. We are
keeping a log ourselves of when it happens to try and track it down,
but so far we haven't been able to come up with anything.
I'm hoping someone will have some advice for us...
Thanx,
OLIVER
It's difficult to tell without more specifics. One thing I think of when a
machine "loses connectivity or authentication" is using the wrong DNS
servers in a machine's (DCs. member servers and clients') IP properties,
such as an external or ISP's DNS. This can cause a multitude of problems
with AD.
If you can post an unedited ipconfig /all from the server and any event log
errors (that have red X's) Event ID# and Source, this will give us a better
start to help.
|
Ace,
Thank you for your assistance. Unfortunately the event log shows
nothing at the exact time of the last problem (which was last on May 1,
8:45am PST), but a couple of minutes later we get a 1006 from Userenv, a
1030 from Userenv, a 1058 from Userenv, and then another 1030 from
Userenv, all of these for user SYSTEM. These are in fact the first
events logged for that entire day. Then an admin tried to login at the
console and that generated a 1521 by userenv (user administrator), then
a 1030 by userenv (user system) and then a 1511 by userenv (user
administrator). After that we get events related to the reboot of the
server that the admin forced (a cold reboot).
There are no warning or error events in security, system, directory
service, dns server or File Replication Service.
My ipconfig/all from the server follows:
Windows IP Configuration
Host Name . . . . . . . . . . . . : hal2003
Primary Dns Suffix . . . . . . . : hallmarkins.internal
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hallmarkins.internal
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8050 PCI-E ASF
Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-04-23-BA-33-13
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.5
DNS Servers . . . . . . . . . . . : 192.168.1.10
This is our only server, so it acts as DNS server and DHCP server along
with file & print services.
Thanx for any help you can provide.
OLIVER |
|
| Back to top |
|
|
Jorge Silva
Guest
|
| Posted: Mon May 15, 2006 8:40 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
Hi these errors only happen on the time that you have pour performance or
they are happening all days?
Did you aleready tryied to monitor the server (Memory, HDD, etc)?
When you expirience these problems, and try to ping the server, how much
time does the ping takes to reply (1ms, 10ms, etc), are the servers between
routers? Are the switches/Hubs with problems?
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"oliver" <flxkid@techemail.com> wrote in message
news:OEvX8RDeGHA.5016@TK2MSFTNGP04.phx.gbl...
| Quote: | Ace Fekay [MVP] wrote:
In news:%23IyOR5ddGHA.564@TK2MSFTNGP02.phx.gbl,
oliver <flxkid@techemail.com> stated, which I commented on below:
I believe that this problem relates to active directory in some way
(hence my post here). We are having a problem on our fully patched
2003 server where every once in a while (on the order of once every
2-5 weeks) all our users connections to our server seem to die.
We have roaming profiles setup and all of the icons on their desktops
disappear and their systems are pretty much frozen (although not
completely).
Now, its not that the network has gone down. In fact, the server can
still be pinged, it is of course our DNS server and it that also still
works when this happens, and even an RDP session to the server can be
started, but I can never get past the login, it just sits their after
you have entered login data and does nothing. It does the exact same
thing from the console of the server also.
The only thing we can do at this point is to cold reboot the server.
When we do this everything comes back up just fine. The really odd
part is that no events are logged about this failure at all. We are
keeping a log ourselves of when it happens to try and track it down,
but so far we haven't been able to come up with anything.
I'm hoping someone will have some advice for us...
Thanx,
OLIVER
It's difficult to tell without more specifics. One thing I think of when
a machine "loses connectivity or authentication" is using the wrong DNS
servers in a machine's (DCs. member servers and clients') IP properties,
such as an external or ISP's DNS. This can cause a multitude of problems
with AD.
If you can post an unedited ipconfig /all from the server and any event
log errors (that have red X's) Event ID# and Source, this will give us a
better start to help.
Ace,
Thank you for your assistance. Unfortunately the event log shows nothing
at the exact time of the last problem (which was last on May 1, 8:45am
PST), but a couple of minutes later we get a 1006 from Userenv, a 1030
from Userenv, a 1058 from Userenv, and then another 1030 from Userenv, all
of these for user SYSTEM. These are in fact the first events logged for
that entire day. Then an admin tried to login at the console and that
generated a 1521 by userenv (user administrator), then a 1030 by userenv
(user system) and then a 1511 by userenv (user administrator). After that
we get events related to the reboot of the server that the admin forced (a
cold reboot).
There are no warning or error events in security, system, directory
service, dns server or File Replication Service.
My ipconfig/all from the server follows:
Windows IP Configuration
Host Name . . . . . . . . . . . . : hal2003
Primary Dns Suffix . . . . . . . : hallmarkins.internal
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hallmarkins.internal
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8050 PCI-E ASF
Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-04-23-BA-33-13
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.5
DNS Servers . . . . . . . . . . . : 192.168.1.10
This is our only server, so it acts as DNS server and DHCP server along
with file & print services.
Thanx for any help you can provide.
OLIVER |
|
|
| Back to top |
|
|
oliver
Guest
|
| Posted: Mon May 15, 2006 9:24 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
Jorge Silva wrote:
| Quote: | Hi these errors only happen on the time that you have pour performance or
they are happening all days?
Did you aleready tryied to monitor the server (Memory, HDD, etc)?
When you expirience these problems, and try to ping the server, how much
time does the ping takes to reply (1ms, 10ms, etc), are the servers between
routers? Are the switches/Hubs with problems?
|
We only have this happen about every 3-5 weeks. It doesn't happen at
busy times (so far), and the memory utilization is never too high when
it happens.
Our ping time is 1ms when this happens. There is only one server and
everything is behind the same gigabit switch. All stations are running
gigabit also. We don't ever have to reset any other piece of hardware
when this happens, and sometimes we don't even have to reset the client
PC's (just logout and login).
OLIVER |
|
| Back to top |
|
|
Jorge Silva
Guest
|
| Posted: Mon May 15, 2006 9:45 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
I can remember two things:
- The server is processing a job (maybe a schecule job) check if you have
jobs scheduled and if they match with the times were you're having pour
performance.
- You may have a computer on network that is overloading the server (Monitor
using network monitor).
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"oliver" <flxkid@techemail.com> wrote in message
news:OExDgREeGHA.3556@TK2MSFTNGP02.phx.gbl...
| Quote: | Jorge Silva wrote:
Hi these errors only happen on the time that you have pour performance or
they are happening all days?
Did you aleready tryied to monitor the server (Memory, HDD, etc)?
When you expirience these problems, and try to ping the server, how much
time does the ping takes to reply (1ms, 10ms, etc), are the servers
between routers? Are the switches/Hubs with problems?
We only have this happen about every 3-5 weeks. It doesn't happen at busy
times (so far), and the memory utilization is never too high when it
happens.
Our ping time is 1ms when this happens. There is only one server and
everything is behind the same gigabit switch. All stations are running
gigabit also. We don't ever have to reset any other piece of hardware
when this happens, and sometimes we don't even have to reset the client
PC's (just logout and login).
OLIVER |
|
|
| Back to top |
|
|
oliver
Guest
|
| Posted: Mon May 15, 2006 10:18 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
And what would either of these things be doing to the server to cause
this condition? BTW, none of the times match with scheduled jobs.
OLIVER
Jorge Silva wrote:
| Quote: | I can remember two things:
- The server is processing a job (maybe a schecule job) check if you have
jobs scheduled and if they match with the times were you're having pour
performance.
- You may have a computer on network that is overloading the server (Monitor
using network monitor).
|
|
|
| Back to top |
|
|
|
|
Jorge Silva
Guest
|
| Posted: Mon May 15, 2006 10:40 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
Run Network monitor maybe the server is being overload by some machine in
the network.
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"oliver" <flxkid@techemail.com> wrote in message
news:e2Ua1vEeGHA.3948@TK2MSFTNGP03.phx.gbl...
| Quote: | And what would either of these things be doing to the server to cause this
condition? BTW, none of the times match with scheduled jobs.
OLIVER
Jorge Silva wrote:
I can remember two things:
- The server is processing a job (maybe a schecule job) check if you have
jobs scheduled and if they match with the times were you're having pour
performance.
- You may have a computer on network that is overloading the server
(Monitor using network monitor).
|
|
|
| Back to top |
|
|
oliver
Guest
|
| Posted: Tue May 16, 2006 6:39 pm Post subject: Re: Intermittent authentication lockout in server 2003 |
|
|
Ace,
Is there any other info you need to come up with an idea for me?
OLIVER
Ace Fekay [MVP] wrote:
| Quote: | In news:%23IyOR5ddGHA.564@TK2MSFTNGP02.phx.gbl,
oliver <flxkid@techemail.com> stated, which I commented on below:
I believe that this problem relates to active directory in some way
(hence my post here). We are having a problem on our fully patched
2003 server where every once in a while (on the order of once every
2-5 weeks) all our users connections to our server seem to die.
We have roaming profiles setup and all of the icons on their desktops
disappear and their systems are pretty much frozen (although not
completely).
Now, its not that the network has gone down. In fact, the server can
still be pinged, it is of course our DNS server and it that also still
works when this happens, and even an RDP session to the server can be
started, but I can never get past the login, it just sits their after
you have entered login data and does nothing. It does the exact same
thing from the console of the server also.
The only thing we can do at this point is to cold reboot the server.
When we do this everything comes back up just fine. The really odd
part is that no events are logged about this failure at all. We are
keeping a log ourselves of when it happens to try and track it down,
but so far we haven't been able to come up with anything.
I'm hoping someone will have some advice for us...
Thanx,
OLIVER
It's difficult to tell without more specifics. One thing I think of when a
machine "loses connectivity or authentication" is using the wrong DNS
servers in a machine's (DCs. member servers and clients') IP properties,
such as an external or ISP's DNS. This can cause a multitude of problems
with AD.
If you can post an unedited ipconfig /all from the server and any event log
errors (that have red X's) Event ID# and Source, this will give us a better
start to help.
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
|
| Back to top |
|
|
|
|
