Netlogon errors over whole domain

[Duane Hall]

Preinfo: windows 2000/2003 AD domain. All domian
controllers are windows 2000. Some member servers are
2003.


Every windows 2000 and xp prof and 2003 server machine in
our domain is getting the following error message or a
variant:

The session setup to the Windows NT or Windows 2000 Domain
Controller \\exchg2000.Sanitized.com for the domain
Sanitized is not responsive. The current RPC call from
Netlogon on \\DUANE to \\exchg2000.Sanitized.com has been
cancelled.

Any information would be appreciated or a pointer to the
correct newsgroup/KB article.

Duane

If possible please also respond via e-mail.

 

[Steven L Umbach]

I don't know what the problem is offhand but I would check the event viewer on that
domain controller for any pertinent events and first run netdiag on it and then
dcdiag on it looking for any failed tests that may point you in the right direction.
It may also help to run netdiag on one of the domain members also.Those tools are on
the install cdrom in support/tools - run the seup program to install the support
tools. --- Steve

 

[Roger Abell]

Is the DC up-to-date on all recent security patching ?
There are a number of RPC denial of service and other
exploits in the wild. What you see could be explained
by your DC being subject to having its RPC capability
hosed by one of these.

Also, although I understand your openning statement,
note that a Windows 2003 domain only exists when
the forest has been upgraded and the there is a DC
in the domain that is Windows 2003. I only point this
out because in the documentation you will find mention
of the domain funtional level, where some things are
only possible if this is 2003. From what you have
said you have a Windows 2000 domain. Just something
you may want to keep in mind to avoid confusion as you
read the new generation of documentation.

 

[Duane Hall]

An Rpc denial of service is the only idea I can come up
with. This weekend I am going to touch every machine and
check for the obvious worms. Its over 120 machines at 9
locations so its going to be a job. Unless you have any
ideas for checking this remotely.

I know I can ignore most of our 98 machines.

Thanks

Duane

 

[Duane]

I ran the utilites you suggested and they came back
clean. No errors. I am going to explore the other
posters suggestions now.... I am almost out of options.


Duane

-----Original Message-----
I don't know what the problem is offhand but I would check the event viewer on that
domain controller for any pertinent events and first run netdiag on it and then
dcdiag on it looking for any failed tests that may point you in the right direction.
It may also help to run netdiag on one of the domain

members also.Those tools are on

 

[Steven L Umbach]

Hi Duane. Try posting in the win2000.active_directory newsgroup, there are a lot of
knowledgeable and helpful people over there that may be able to help. ---Steve

 

[Roger Abell]

You should be able to get some idea by use of the
networking performance counters on a DC and by
peeking at network (netmon) captures of its interfaces.