Kind of weird 2003 server problem

Hello, I've got sort of a weird problem I was hoping someone could help
me with...

I have a Windows 2003 Server machine which shares a DSL connection with
3 other machines via a router. What will happen is that suddenly I
will lose the ability to reach any websites on the 2003 machine (only).
Any URL typed into IE yields the usual "not found" page (same page you
get if there is no Internet access at all.) When this happens, from
the 2003 server I can still ping the other LAN nodes, my ISP's DNS
servers, and can even ping sites by name (e.g. www.abc.com), but
entering the same site name into IE gives the "not found" message. All
of the other LAN nodes can still reach the Internet. A reboot of the
2003 server "fixes" this problem for a while, but eventually it starts
happening again.


All the LAN nodes are configured with static IP's on the LAN (so I can
do port forwarding in the router.)

Any ideas? (thanks)

Is the server multihomed or configured for remote access?

If not, is Netbios over TCP/IP enabled on the NIC? (Advanced TCP/IP
settings).

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hello, I've got sort of a weird problem I was hoping someone could help
> me with...
>
> I have a Windows 2003 Server machine which shares a DSL connection with
> 3 other machines via a router. What will happen is that suddenly I
> will lose the ability to reach any websites on the 2003 machine (only).
> Any URL typed into IE yields the usual "not found" page (same page you
> get if there is no Internet access at all.) When this happens, from
> the 2003 server I can still ping the other LAN nodes, my ISP's DNS
> servers, and can even ping sites by name (e.g. www.abc.com), but
> entering the same site name into IE gives the "not found" message. All
> of the other LAN nodes can still reach the Internet. A reboot of the
> 2003 server "fixes" this problem for a while, but eventually it starts
> happening again.
>
>
> All the LAN nodes are configured with static IP's on the LAN (so I can
> do port forwarding in the router.)
>
> Any ideas? (thanks)
>

> Is the server multihomed...

Not sure what this means, how do I check?

> ..configured for remote access?

Not sure precisely what you are referring to here, either. I do have
UltraVNC server configured as a service.

Thanks.

Multihomed means more than one networking interface (such as two NICs).
This can cause this sort of problem because the machine name is associated
with more than one interface. Remote access (RAS or VPN) on a server can
cause the same problem, because there is an internal interface for the
remotes to connect to (which has an IP address different from the NIC).

The problem appears if a machine tries to access a server using the
"wrong" interface.

If Netbios over TCP/IP is not enabled, you get the opposite problem. The
machine can't be contacted using its Netbios name because no interface is
bound to the name.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>> Is the server multihomed...
>
> Not sure what this means, how do I check?
>
>> ..configured for remote access?
>
> Not sure precisely what you are referring to here, either. I do have
> UltraVNC server configured as a service.
>
> Thanks.
>

Thanks for the explanations.

No, the machine is not multihomed. I do have NETBIOS over TCP/IP
enabled.

I cleared the event log, and rebooted. Once the problem appears, I see
an entry like the following, exactly once an hour, in the System event
log:

Source: LSASRV Category: SPNEGO (Negotiator)
Type: Warning Event ID: 40961

Description:
The Security System could not establish a secured connection with the
server DNS/nsdc.ba-dsg.net. No authentication protocol was available.

Also, in the System event log, there are events like:

Source: NETLOGON Category: None
Type: Warning Event ID: 5781

Description:
Dynamic registration or deletion of one or more DNS records associated
with DNS domain 'DomainDnsZones.8Heidi.net.' failed. These records are
used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP
server (if the specified domain is an application partition).

Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain
wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running

- Preferred or alternate DNS servers are configured with wrong root
hints
- Parent DNS zone contains incorrect delegation to the child zone
authoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate
registration or deletion of the DNS records by running 'nltest.exe
/dsregdns' from the command prompt or by restarting Net Logon service.
Nltest.exe is available in the Microsoft Windows Server Resource Kit
CD.


....not sure if it's related, but also in Application log appear many
instances of:

Source: Userenv Category: None
Type: Error Event ID: 1053

Description:
Windows cannot determine the user or computer name. (Not enough storage
is available to complete this operation. ). Group Policy processing
aborted.



Does any of this help?

Basically it means your DNS is shot. Configure your server and clients to
use the local DNS only. This is essential for AD to work properly. The
server at your ISP doesn't know about your local AD setup.

To allow DNS to work for external addresses, configure the local DNS
server to forward to a public DNS (such as your ISP's).

Exactly how is your network configured? Do all LAN machines use the
router as their default gateway? This should be OK if you fix the DNS
problem.

When you think it is OK, run netdiag and dcdiag to check for problems.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks for the explanations.
>
> No, the machine is not multihomed. I do have NETBIOS over TCP/IP
> enabled.
>
> I cleared the event log, and rebooted. Once the problem appears, I see
> an entry like the following, exactly once an hour, in the System event
> log:
>
> Source: LSASRV Category: SPNEGO (Negotiator)
> Type: Warning Event ID: 40961
>
> Description:
> The Security System could not establish a secured connection with the
> server DNS/nsdc.ba-dsg.net. No authentication protocol was available.
>
> Also, in the System event log, there are events like:
>
> Source: NETLOGON Category: None
> Type: Warning Event ID: 5781
>
> Description:
> Dynamic registration or deletion of one or more DNS records associated
> with DNS domain 'DomainDnsZones.8Heidi.net.' failed. These records are
> used by other computers to locate this server as a domain controller
> (if the specified domain is an Active Directory domain) or as an LDAP
> server (if the specified domain is an application partition).
>
> Possible causes of failure include:
> - TCP/IP properties of the network connections of this computer contain
> wrong IP address(es) of the preferred and alternate DNS servers
> - Specified preferred and alternate DNS servers are not running
> - DNS server(s) primary for the records to be registered is not running
>
> - Preferred or alternate DNS servers are configured with wrong root
> hints
> - Parent DNS zone contains incorrect delegation to the child zone
> authoritative for the DNS records that failed registration
>
> USER ACTION
> Fix possible misconfiguration(s) specified above and initiate
> registration or deletion of the DNS records by running 'nltest.exe
> /dsregdns' from the command prompt or by restarting Net Logon service.
> Nltest.exe is available in the Microsoft Windows Server Resource Kit
> CD.
>
>
> ...not sure if it's related, but also in Application log appear many
> instances of:
>
> Source: Userenv Category: None
> Type: Error Event ID: 1053
>
> Description:
> Windows cannot determine the user or computer name. (Not enough storage
> is available to complete this operation. ). Group Policy processing
> aborted.
>
>
>
> Does any of this help?
>

Thanks a lot Bill.

You were right, it was a DNS issue. Actually, I discovered that I
somehow had gotten this machine acting as a DNS server itself
(something which I never intended.) Disabling its DNS server seems to
have solved all these issues.

Thanks again, cheers...


Bill Grant wrote:
> Basically it means your DNS is shot. Configure your server and
clients to
> use the local DNS only. This is essential for AD to work properly.
The
> server at your ISP doesn't know about your local AD setup.
>
> To allow DNS to work for external addresses, configure the local
DNS
> server to forward to a public DNS (such as your ISP's).
>
> Exactly how is your network configured? Do all LAN machines use
the
> router as their default gateway? This should be OK if you fix the
DNS
> problem.
>
> When you think it is OK, run netdiag and dcdiag to check for
problems.
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> > Thanks for the explanations.
> >
> > No, the machine is not multihomed. I do have NETBIOS over TCP/IP
> > enabled.
> >
> > I cleared the event log, and rebooted. Once the problem appears, I
see
> > an entry like the following, exactly once an hour, in the System
event
> > log:
> >
> > Source: LSASRV Category: SPNEGO (Negotiator)
> > Type: Warning Event ID: 40961
> >
> > Description:
> > The Security System could not establish a secured connection with
the
> > server DNS/nsdc.ba-dsg.net. No authentication protocol was
available.
> >
> > Also, in the System event log, there are events like:
> >
> > Source: NETLOGON Category: None
> > Type: Warning Event ID: 5781
> >
> > Description:
> > Dynamic registration or deletion of one or more DNS records
associated
> > with DNS domain 'DomainDnsZones.8Heidi.net.' failed. These records
are
> > used by other computers to locate this server as a domain
controller
> > (if the specified domain is an Active Directory domain) or as an
LDAP
> > server (if the specified domain is an application partition).
> >
> > Possible causes of failure include:
> > - TCP/IP properties of the network connections of this computer
contain
> > wrong IP address(es) of the preferred and alternate DNS servers
> > - Specified preferred and alternate DNS servers are not running
> > - DNS server(s) primary for the records to be registered is not
running
> >
> > - Preferred or alternate DNS servers are configured with wrong root
> > hints
> > - Parent DNS zone contains incorrect delegation to the child zone
> > authoritative for the DNS records that failed registration
> >
> > USER ACTION
> > Fix possible misconfiguration(s) specified above and initiate
> > registration or deletion of the DNS records by running 'nltest.exe
> > /dsregdns' from the command prompt or by restarting Net Logon
service.
> > Nltest.exe is available in the Microsoft Windows Server Resource
Kit
> > CD.
> >
> >
> > ...not sure if it's related, but also in Application log appear
many
> > instances of:
> >
> > Source: Userenv Category: None
> > Type: Error Event ID: 1053
> >
> > Description:
> > Windows cannot determine the user or computer name. (Not enough
storage
> > is available to complete this operation. ). Group Policy processing
> > aborted.
> >
> >
> >
> > Does any of this help?
> >