I am having a large problem with a small office network of
about 15 Workstations (all XP Pro) and 2 Server (both
W2K). One of the servers runs ISA 2000 and performs NAT,
proxy and firewall. The other is a Domain Controller and
file server.

The problem is incredibly slow network traffic, apparently
caused by corrupt TCP/IP stacks on the workstations, but
the problem was fixed once and keeps reoccurring. I need
to find the root cause and fix it.

The problems all began when I used the Active Directory to
map everyone's My Documents folder to "%server name%\D$\%
user name%". The mappings worked fine, but this also
enabled Offline Files replication for each of the
workstations and the network became flooded with traffic.
I returned to the office and disabled Offline Files on
each of the workstations and all of the machines except
two were fine. These two still had intermittent
problems.

I took down some error messages on these two machines that
led me to believe that the TCP/IP stack was corrupt. I
found a fix called Winsock Fix and planned to return to
the office to check on these two machines.

Before I got a chance, I received a call from the office
stating that everyone was having problems with the network
running severely slow and causing machines to lock up. I
headed to the office and ran the Winsock Fix on all of the
machines that couldn't renew there IP through with
IPCONFIG /RENEW (symptom of the corrupt stack). After
running the fix I had to drop the workstation out of the
domain and rejoin it.

This appeared to work, but before I finished fixing each
machine, two of the machines had the problem again. By
the next day, all of the machines had the same problem.

The owner of the company is convinced that there is a worm
involved. The office runs Network Associates ePolicy
Orchestrator with Viruscan Enterprise 7.0 and all of the
machines' dat files are current and nightly scans produce
nothing.

I checked the AD server and found multiple errors in the
event log that make me wonder if the DNS is corrupt and/or
corrupting the TCP/IP stacks on the workstations.

Please help me find root cause and fix the workstations
and the server.

Errors on the AD server:

System Log:
Event ID 5781: Dynamic registration or deregistration of
one or more DNS records failed because no DNS servers are
available (every 2 hours)
Event ID 5774: Registration of the DNS record '<dns
record>'. 600 IN SRV 0 100 3268 <domain name>.' failed
with the following error: Invalid Data (every 2 hours)


DNS Server Log:
Event 414: DNS server machine currently has no DNS name.
(every 1-9 hours)

Directory Service Log:
Event 1126: Unable to establish connection with global
catalog (every hour)
Event 1655: The attempt to communicate with global
catalog \\<server name> failed with the following status:
A Service Principal Name could not be constructed b/c the
provided host name is not in the necessary format. (every
hour)
Event 1411: Directory Service failed to construct a
mutual authentication Service Principal Name for %
servername% b/c host name is not in necessary format.
(every hour)


Thanks!!!

In news:1bd8a01c451af$7c602960$(E-Mail Removed),
STC13 <(E-Mail Removed)> posted a question
Then Kevin replied below:
> I am having a large problem with a small office network of
> about 15 Workstations (all XP Pro) and 2 Server (both
> W2K). One of the servers runs ISA 2000 and performs NAT,
> proxy and firewall. The other is a Domain Controller and
> file server.
>
> The problem is incredibly slow network traffic, apparently
> caused by corrupt TCP/IP stacks on the workstations, but
> the problem was fixed once and keeps reoccurring. I need
> to find the root cause and fix it.

Make sure the DC and all clients are ONLY using the local DNS in TCP/IP
properties, do _not_ use your ISP's DNS in any position of and member of an
Active Directory domain.

That said, please post your AD DNS domain name from ADUC and an ipconfig
/all from the DC and a client, you could also have a disjointed namespace or
a single-label domain name, your ipconfig /all will verify this.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Unfortunately I'm remote and when I tried to get to the
server this morning, I couldn't. I'll answer these the
best I can.

"Make sure the DC and all clients are ONLY using the local
DNS in TCP/IP properties, do _not_ use your ISP's DNS in
any position of and member of an Active Directory domain."

I do have the DC using itself as DNS (primary) and the ISA
server's LAN side as the secondary. Thought I needed this
for resolving Web Addresses. I believe the clients only
use the DC, but I may be wrong about that. I'm heading
into the office in the AM, so I'll check.

"That said, please post your AD DNS domain name from ADUC
and an ipconfig /all from the DC and a client, you could
also have a disjointed namespace or a single-label domain
name, your ipconfig /all will verify this."

The domain name is xxx.local. Not sure what a disjointed
namespace is, but it sounds interesting.

I forgot to mention earlier that I cannot ping server to
workstation or workstation server using a FQDN.

Thanks again for past and future help!


>-----Original Message-----
>In news:1bd8a01c451af$7c602960$(E-Mail Removed),
>STC13 <(E-Mail Removed)> posted a
question
>Then Kevin replied below:
>> I am having a large problem with a small office network
of
>> about 15 Workstations (all XP Pro) and 2 Server (both
>> W2K). One of the servers runs ISA 2000 and performs
NAT,
>> proxy and firewall. The other is a Domain Controller
and
>> file server.
>>
>> The problem is incredibly slow network traffic,
apparently
>> caused by corrupt TCP/IP stacks on the workstations, but
>> the problem was fixed once and keeps reoccurring. I
need
>> to find the root cause and fix it.
>
>
>
>
>
>
>
>--
>Best regards,
>Kevin D4 Dad Goodknecht Sr. [MVP]
>Hope This Helps
>============================
>--
>When responding to posts, please "Reply to Group" via
your
>newsreader so that others may learn and benefit from your
issue.
>To respond directly to me remove the nospam. from my
email.
>==========================================
> http://www.lonestaramerica.com/
>==========================================
>Use Outlook Express?... Get OE_Quotefix:
>It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
>==========================================
>Keep a back up of your OE settings and folders with
>OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
>==========================================
>
>
>.
>

In news:1c16001c451c2$6fe8f5a0$(E-Mail Removed),
(E-Mail Removed) <(E-Mail Removed)>
posted a question
Then Kevin replied below:
> Unfortunately I'm remote and when I tried to get to the
> server this morning, I couldn't. I'll answer these the
> best I can.
>
> "Make sure the DC and all clients are ONLY using the local
> DNS in TCP/IP properties, do _not_ use your ISP's DNS in
> any position of and member of an Active Directory domain."
>
> I do have the DC using itself as DNS (primary) and the ISA
> server's LAN side as the secondary. Thought I needed this
> for resolving Web Addresses. I believe the clients only
> use the DC, but I may be wrong about that. I'm heading
> into the office in the AM, so I'll check.

Remove the ISA from all for DNS, for internet access you should make the ISA
a forwarder for your DNS on the Forwarders tab.

Check your DHCP scope that option 006 is configured only with the DC's IP
address.

>
> "That said, please post your AD DNS domain name from ADUC
> and an ipconfig /all from the DC and a client, you could
> also have a disjointed namespace or a single-label domain
> name, your ipconfig /all will verify this."
>
> The domain name is xxx.local. Not sure what a disjointed
> namespace is, but it sounds interesting.

A disjointed namespace is caused when the Primary DNS suffix on the DC does
not match the domain name in ADUC. It is a fixable problem.

>
> I forgot to mention earlier that I cannot ping server to
> workstation or workstation server using a FQDN.

I suspect a lot of this is caused from using your ISA for the local DNS, ISA
should only be used as your forwarder.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Thanks! I'll take a look tomorrow and post again.
>-----Original Message-----
>In news:1c16001c451c2$6fe8f5a0$(E-Mail Removed),
>(E-Mail Removed)
<(E-Mail Removed)>
>posted a question
>Then Kevin replied below:
>> Unfortunately I'm remote and when I tried to get to the
>> server this morning, I couldn't. I'll answer these the
>> best I can.
>>
>> "Make sure the DC and all clients are ONLY using the
local
>> DNS in TCP/IP properties, do _not_ use your ISP's DNS in
>> any position of and member of an Active Directory
domain."
>>
>> I do have the DC using itself as DNS (primary) and the
ISA
>> server's LAN side as the secondary. Thought I needed
this
>> for resolving Web Addresses. I believe the clients only
>> use the DC, but I may be wrong about that. I'm heading
>> into the office in the AM, so I'll check.
>
>Remove the ISA from all for DNS, for internet access you
should make the ISA
>a forwarder for your DNS on the Forwarders tab.
>
>Check your DHCP scope that option 006 is configured only
with the DC's IP
>address.
>
>>
>> "That said, please post your AD DNS domain name from
ADUC
>> and an ipconfig /all from the DC and a client, you could
>> also have a disjointed namespace or a single-label
domain
>> name, your ipconfig /all will verify this."
>>
>> The domain name is xxx.local. Not sure what a
disjointed
>> namespace is, but it sounds interesting.
>
>A disjointed namespace is caused when the Primary DNS
suffix on the DC does
>not match the domain name in ADUC. It is a fixable
problem.
>
>>
>> I forgot to mention earlier that I cannot ping server to
>> workstation or workstation server using a FQDN.
>
>I suspect a lot of this is caused from using your ISA for
the local DNS, ISA
>should only be used as your forwarder.
>
>
>
>
>--
>Best regards,
>Kevin D4 Dad Goodknecht Sr. [MVP]
>Hope This Helps
>============================
>--
>When responding to posts, please "Reply to Group" via
your
>newsreader so that others may learn and benefit from your
issue.
>To respond directly to me remove the nospam. from my
email.
>==========================================
> http://www.lonestaramerica.com/
>==========================================
>Use Outlook Express?... Get OE_Quotefix:
>It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
>==========================================
>Keep a back up of your OE settings and folders with
>OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
>==========================================
>
>
>.
>

Kevin, has given you the likely solution. Even my ISA server
is set ONLY to the INTERNAL DNS -- and it, itself, is also
a DNS server.

Any internal machine much have it's NIC properties set to
ONLY the internal DNS server (set) -- I have to go to a wee
bit of trouble to stop the external NIC from picking up a
DNS setting when it gets it's IP address from the ISP.

You do the latter by filling in a MANUAL setting even though
the rest of the information is set to "obtain address automatically."

My ISA is a DNS server because he is the "forwarder" which
takes care of filtering and resolving all of the Internet addresses.

--
Herb Martin


"STC13" <(E-Mail Removed)> wrote in message
news:1bada01c451c6$7d8d4040$(E-Mail Removed)...
> Thanks! I'll take a look tomorrow and post again.
> >-----Original Message-----
> >In news:1c16001c451c2$6fe8f5a0$(E-Mail Removed),
> >(E-Mail Removed)
> <(E-Mail Removed)>
> >posted a question
> >Then Kevin replied below:
> >> Unfortunately I'm remote and when I tried to get to the
> >> server this morning, I couldn't. I'll answer these the
> >> best I can.
> >>
> >> "Make sure the DC and all clients are ONLY using the
> local
> >> DNS in TCP/IP properties, do _not_ use your ISP's DNS in
> >> any position of and member of an Active Directory
> domain."
> >>
> >> I do have the DC using itself as DNS (primary) and the
> ISA
> >> server's LAN side as the secondary. Thought I needed
> this
> >> for resolving Web Addresses. I believe the clients only
> >> use the DC, but I may be wrong about that. I'm heading
> >> into the office in the AM, so I'll check.
> >
> >Remove the ISA from all for DNS, for internet access you
> should make the ISA
> >a forwarder for your DNS on the Forwarders tab.
> >
> >Check your DHCP scope that option 006 is configured only
> with the DC's IP
> >address.
> >
> >>
> >> "That said, please post your AD DNS domain name from
> ADUC
> >> and an ipconfig /all from the DC and a client, you could
> >> also have a disjointed namespace or a single-label
> domain
> >> name, your ipconfig /all will verify this."
> >>
> >> The domain name is xxx.local. Not sure what a
> disjointed
> >> namespace is, but it sounds interesting.
> >
> >A disjointed namespace is caused when the Primary DNS
> suffix on the DC does
> >not match the domain name in ADUC. It is a fixable
> problem.
> >
> >>
> >> I forgot to mention earlier that I cannot ping server to
> >> workstation or workstation server using a FQDN.
> >
> >I suspect a lot of this is caused from using your ISA for
> the local DNS, ISA
> >should only be used as your forwarder.
> >
> >
> >
> >
> >--
> >Best regards,
> >Kevin D4 Dad Goodknecht Sr. [MVP]
> >Hope This Helps
> >============================
> >--
> >When responding to posts, please "Reply to Group" via
> your
> >newsreader so that others may learn and benefit from your
> issue.
> >To respond directly to me remove the nospam. from my
> email.
> >==========================================
> > http://www.lonestaramerica.com/
> >==========================================
> >Use Outlook Express?... Get OE_Quotefix:
> >It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> >==========================================
> >Keep a back up of your OE settings and folders with
> >OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> >==========================================
> >
> >
> >.
> >