Dear experts,
we've been having serious issues with our domain controllers running Server 2008R2 SP1 (with current updates, depending on when they were last rebooted).
I'll delve right in:
Our domain controllers stop responding to requests after about 60-80 days of uptime.
They then start to log all kinds of errors, but most of them relate only to subsequent failures (such as unable to communicate with DNS or another DC, that replication failed, etc).
The only (possibly) relevant issue I could find was an event log entry saying "The name limit on the local adapter has been exceeded"
For example, I can still RDP in, but am unable to map a network drive or anything like that.
A reboot fixes the problem immediately.
I have done extensive research on the issue and came up empty except for this article:
http://support.microsoft.com/kb/961775
I suspect this as a related or even root cause since it describes to 95% what we are experiencing:
YES - User authentication fails.
YES - Sysvol replication fails.
SOMETIMES - Events 404 and 408 appear in the DNS server log.
YES - One of the following Netlogon events occurs:
SOMETIMES - Netlogon event 5775
SOMETIMES - Netlogon event 5792
SOMETIMES - Netlogon event 5792
SOMETIMES - Netlogon event 5719
YES - This problem most commonly occurs on domain controllers that are running the Microsoft System Center Operations Manager agent.
The agent makes repeated local queries to LSASS on port 389. The queries cause the number of orphaned connections to increase rapidly. Because of this, the domain controller fails after a few days.
YES - TDI interface used (Sophos Antivirus)
The only difference is that the article says this applies to multiprocessor machines. Some of our DCs are multicore, some are single core. All are experiencing the issue.
All DC's run as VM's on top of Hyper-V 2008 R2 SP1
All DC's run 2008 R2 SP1 themselves
All DC's have the SCOM Agent installed
All DC's have Sophos AV installed
Is there any expert out there who can confirm/deny that this might be issue and whether there is a fix for 2008 R2 for this?
Could it be something else else?
We are desperate since if AD goes, so does a lot of our network!
we've been having serious issues with our domain controllers running Server 2008R2 SP1 (with current updates, depending on when they were last rebooted).
I'll delve right in:
Our domain controllers stop responding to requests after about 60-80 days of uptime.
They then start to log all kinds of errors, but most of them relate only to subsequent failures (such as unable to communicate with DNS or another DC, that replication failed, etc).
The only (possibly) relevant issue I could find was an event log entry saying "The name limit on the local adapter has been exceeded"
For example, I can still RDP in, but am unable to map a network drive or anything like that.
A reboot fixes the problem immediately.
I have done extensive research on the issue and came up empty except for this article:
http://support.microsoft.com/kb/961775
I suspect this as a related or even root cause since it describes to 95% what we are experiencing:
YES - User authentication fails.
YES - Sysvol replication fails.
SOMETIMES - Events 404 and 408 appear in the DNS server log.
YES - One of the following Netlogon events occurs:
SOMETIMES - Netlogon event 5775
SOMETIMES - Netlogon event 5792
SOMETIMES - Netlogon event 5792
SOMETIMES - Netlogon event 5719
YES - This problem most commonly occurs on domain controllers that are running the Microsoft System Center Operations Manager agent.
The agent makes repeated local queries to LSASS on port 389. The queries cause the number of orphaned connections to increase rapidly. Because of this, the domain controller fails after a few days.
YES - TDI interface used (Sophos Antivirus)
The only difference is that the article says this applies to multiprocessor machines. Some of our DCs are multicore, some are single core. All are experiencing the issue.
All DC's run as VM's on top of Hyper-V 2008 R2 SP1
All DC's run 2008 R2 SP1 themselves
All DC's have the SCOM Agent installed
All DC's have Sophos AV installed
Is there any expert out there who can confirm/deny that this might be issue and whether there is a fix for 2008 R2 for this?
Could it be something else else?
We are desperate since if AD goes, so does a lot of our network!