Active Directory down, Server unavailable

gt74 · 31 Oct 2010 at 17:30

Guys

I have taken over an sbs 2008 box that was migrated from an sbs2003 about 2 weeks ago. The box is reasonable beefy for sbs 16gb ram etc so there's no issues there.

I installed exchange service pack 2 this afternoon and that seemed to go in no problem. Finished ok, all green lights on the wrapper.

Did a reboot and about 3 minutes after logging in, AD completely died. If I reboot same thing, AD is up and fine for about 3 mins and then dies.

If I try to access exchange I get 0x8007203A. The server is not operational.

DHCP and DNS are not accessible either.

All other data is ok but obviously, nobody will be able to log in.

I have disabled the AV software to no effect.

All help gratefully received.

ethos · 31 Oct 2010 at 17:50

First thing to do would be dig into the event logs... see what they return and get back to us.

gt74 · 31 Oct 2010 at 17:59

Very strange one. The wrapper reset my static ip address to .3 from .30

DNS of course is all pointing at .30

Just rebooting now, will see what happens

gt74 · 31 Oct 2010 at 20:04

This get more of a pain in the ars* but i have narrowed it down.

The ip address change that I thought was done by the sp2 wrapper was in fact done by the 'fix my network wizard' - I hate these wizards, you can't see what's going on.

The issue is dns - something is killing the pointer to the gc record a couple of minutes after the server is booted and everything falls apart after that.

Active Directory Domain Services was unable to establish a connection with the global catalogue.

Additional Data
Error Value
8430 The directory service encountered an internal failure
InternalID 3200ce6

gt74 · 31 Oct 2010 at 20:20

Definitive issue:

Start the server and everything comes up ok. I can ping the nic locally and from a remote machine.

AD and all of the services are in use and respond normally.

After about two minutes the server nic stops responding to a ping (it will still respond to 127.0.0.1).

Guess:

Because everything in dns is bound to 192.168.10.30, when the nic loses that binding everything else fails as well.

Firewall and AV are turned off, nic is set to register in dns - I'm at a bit of a loss.

Toughnoodle · 1 Nov 2010 at 12:00

You haven't unticked IPv6, have you?

SiriusB · 1 Nov 2010 at 14:05

Toughnoodle said:
You haven't unticked IPv6, have you?

2008 throws a wobbly if you disable IPv6, best to leave it on if you did indeed switch it off.

edscdk · 1 Nov 2010 at 14:19

are you 100% sure the hub/cable /nic are OK? if for some reason any one of those is not working correctly things will go wrong.... and do very much as you are describing

I had a issue at the weekend where the server could not ping the DG or anythign else. several rebooted and fix's did not help, in the end I went back to basics and powered the server off and back on.. that fixed it lol...

I would

1) power the hub / server off
2) power on the hub
3) power on the server
4) carefully read the event logs incase it tells you the issue and you jsut missed it (there will be loads of errors but the one you want will be right near the start as the event service starts)
5) attach a machine to the same network cable as the server and confirm the machine can ping the default gateway

DO NOT SKIP STEP 4, often people see lots of errors and jsut panic, when one of the 1st errors actually tells you the issue

edscdk · 1 Nov 2010 at 14:24

gt74 said:
If I try to access exchange I get 0x8007203A. The server is not operational.

DHCP and DNS are not accessible either.

All other data is ok but obviously, nobody will be able to log in.

I have disabled the AV software to no effect.

All help gratefully received.

ignore the exchange error its broken because something else it broken...

Post the few errors (or warnings) you get in the even log after a reboot (system and application)

dont ignore warnings especially if its to do with irpstacksize

edscdk · 1 Nov 2010 at 14:26

have you tried disabling exchange as a quick fix as well? - or even better of you need to get the machine back up and running remove it

ThorpedoUK · 2 Nov 2010 at 23:49

Things I would try:

1. First port of call can you ping the NIC from the switch its connected to?

2. Is the port running at the wrong speed // auto-negotiate // duplex (crossover cable the NIC into the back of a laptop and see if it pings ok)

3. Are you running teaming or is it a physical NIC port?

4. Were assuming your trying to ping the network address and not host name? if not does it respond to network address only

5. Is it a virtual server?

Will Gill · 3 Nov 2010 at 17:05

dont suppose you added any new static routes did you, we had this and the metric was screwed up (both #1) so it kept bouncing between the two, precisely the same symptons as you have

I tried persistantly binding the additional routes but was being too specific (i.e the actual address), all I needed to bind was the scope (.254 in my case)

no clue if that helps at all but it sounds like the same issue we saw

s0ck · 4 Nov 2010 at 10:27

i'd be interested to hear the outcome of this. i had a an issue similar once because there were two nics on the server, with different addresses in the same subnet however, one nic was unplugged and it was that nic that the srv records had bound to.

i can't see how this would apply to your scenario but thought i'd chuck it in anyway

gt74 · 30 Nov 2010 at 20:05

Sorry guys, I should have followed this up at the time - for what it's worth...

The problem was the routing and remote access service and an IPv6 static filter.

The service was on a delayed start hence the delay to the problem. I didn't realise to what extent SBS2008 relied on IPv6 and in particular the server being able to resolve to itself. The resolution was to uncheck the static filter setting in the RRAS mmc.

Thanks to all who offered some help.