Did you apply the 3/10 DNS 'fix' for the vulnerability. I am seeing odd DNS stuff since then. Most annoying to do a netstat -a and have to weed through 2500 open dns connections.
Maybe a clue....... From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Thursday, March 26, 2009 8:29 AM To: NT System Admin Issues Subject: Re: Replication Issue - Cross Posting On the domain controller that we are having the issue with, I do see errors of DNS time outs in the event log during that time-frame. On Wed, Mar 25, 2009 at 3:28 PM, John Cook <john.c...@pfsf.org<mailto:john.c...@pfsf.org>> wrote: Anything going on with DNS replication when this happens? John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I,CompTIA A+, N+ From: Sherry Abercrombie [mailto:saber...@gmail.com<mailto:saber...@gmail.com>] Sent: Wednesday, March 25, 2009 4:19 PM To: NT System Admin Issues Subject: Replication Issue - Cross Posting I have an interesting issue that has been happening for almost 6 weeks now. Every Wed. at approximately 1:40-1:45 PM, one of our domain controllers basically becomes totally unresponsive, causing the other two DC's to become effectively useless, AND causes the Exchange server to become unresponsive to clients. (Outlook 2003) . The only clue that I have from the event logs is from the Directory Service log, Event ID: 1232 Source: NTDS Replication Category: DS RPC Client Type: Warning Description: Active Directory attempted to perform a remote procedure call (RPC) to the following server. The call timed out and was cancelled. Server: f9f58f44-e7e7-4ea5-92fe-aa38ff4cb646._msdcs.domain.com<http://msdcs.domain.com> The server guid referenced here is one of the other domain controllers, that at this point in time, is scheduled to be rebuilt. (FSMO roles have been moved, etc etc) The Exchange server event log just shows that it cannot contact any global catalog server and lists the 3 dc's that we have which are all global catalog servers. During the duration of this "outage" this specific dc cannot be accessed either remote desktop, or direct on the console, but the other dc's are accessible as well as the Exchange server, albeit very slow response. I have Googled,looked at EventID.net and Microsoft on this, and have come up with very little. Did find a MS KB article that recommended making a registry change on the DC's to make the RPC call timeout at least 45 minutes, this was done last week, and the DC's were rebooted over the weekend to apply this registry change, but, today it happened again, so that didn't work. Found some other MS KB articles that were not applicable but did reference that event. Windows 2003 server, SP2. My question is, what the heck is replicating once a week that could be causing RPC to time out like this and basically bring the domain to a halt for 10 - 15 minutes? As I stated, this DC is going to be rebuilt, it just annoys me that I cannot find the reason for it, and a solution other than the rebuild. TIA, -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ________________________________ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke Sent from: Haslet TX United States. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~