About 5 weeks ago i built 5 Windwos server 2008 machines using SCCM. They are all added to my 2008 mixed mode domain.
one machien is ahving an issue where it drops connection to the domain. it has happened on two occasions and both times a reboot instantly fixes the issue. As this is now a productions server i would like to know root casue for the issue an how to stop it form happenenign again.
all serversa re patched to the latest level.
When the server drops comm to the domain the follwoing happens;
unable to browse to any networks hares
domain accounts in the local admins groups show as SIDS
GPO processing fails
unable to authenticate to any services the server is running
all WMI queries fail
following events are logged;
Log Name: System
Source: NETLOGON
Date: 01/05/2013 06:59:20
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
This computer was not able to set up a secure session with a domain controller in domain XXXXX due to the following:
The RPC server is unavailable.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified
domain.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 01/05/2013 11:13:03
Event ID: 1053
Task Category: None
Level: Error
Keywords:
User: XX
Computer: XX
Description:
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
I have done the following troubleshooting while in the dropped comm state;
checked date and time: all ok
check dns look ups. i can ping all domain controllers by name, i can ping external websites
there are no errors in the application log
only errors in system log are the above netlogon one (RPC server service , which is started in services.msc, but unable to bounce as it its greyed out) and GPO related errors
After i bounecd the servers and serviecs resumed, no errors in event log.
at this point i ran some secure channel tests
nltest /scquery:domainname - PASSES
nltest /query - PASSES
netdom verifiy computrname - PASSES
nest time the server drops comm to the domain i will run these tests againa dn post results.
are there any other tests i can run, or any suggestions as to why this happens.
Thanks