S
STC13
I am having a large problem with a small office network of
about 15 Workstations (all XP Pro) and 2 Server (both
W2K). One of the servers runs ISA 2000 and performs NAT,
proxy and firewall. The other is a Domain Controller and
file server.
The problem is incredibly slow network traffic, apparently
caused by corrupt TCP/IP stacks on the workstations, but
the problem was fixed once and keeps reoccurring. I need
to find the root cause and fix it.
The problems all began when I used the Active Directory to
map everyone's My Documents folder to "%server name%\D$\%
user name%". The mappings worked fine, but this also
enabled Offline Files replication for each of the
workstations and the network became flooded with traffic.
I returned to the office and disabled Offline Files on
each of the workstations and all of the machines except
two were fine. These two still had intermittent
problems.
I took down some error messages on these two machines that
led me to believe that the TCP/IP stack was corrupt. I
found a fix called Winsock Fix and planned to return to
the office to check on these two machines.
Before I got a chance, I received a call from the office
stating that everyone was having problems with the network
running severely slow and causing machines to lock up. I
headed to the office and ran the Winsock Fix on all of the
machines that couldn't renew there IP through with
IPCONFIG /RENEW (symptom of the corrupt stack). After
running the fix I had to drop the workstation out of the
domain and rejoin it.
This appeared to work, but before I finished fixing each
machine, two of the machines had the problem again. By
the next day, all of the machines had the same problem.
The owner of the company is convinced that there is a worm
involved. The office runs Network Associates ePolicy
Orchestrator with Viruscan Enterprise 7.0 and all of the
machines' dat files are current and nightly scans produce
nothing.
I checked the AD server and found multiple errors in the
event log that make me wonder if the DNS is corrupt and/or
corrupting the TCP/IP stacks on the workstations.
Please help me find root cause and fix the workstations
and the server.
Errors on the AD server:
System Log:
Event ID 5781: Dynamic registration or deregistration of
one or more DNS records failed because no DNS servers are
available (every 2 hours)
Event ID 5774: Registration of the DNS record '<dns
record>'. 600 IN SRV 0 100 3268 <domain name>.' failed
with the following error: Invalid Data (every 2 hours)
DNS Server Log:
Event 414: DNS server machine currently has no DNS name.
(every 1-9 hours)
Directory Service Log:
Event 1126: Unable to establish connection with global
catalog (every hour)
Event 1655: The attempt to communicate with global
catalog \\<server name> failed with the following status:
A Service Principal Name could not be constructed b/c the
provided host name is not in the necessary format. (every
hour)
Event 1411: Directory Service failed to construct a
mutual authentication Service Principal Name for %
servername% b/c host name is not in necessary format.
(every hour)
Thanks!!!
about 15 Workstations (all XP Pro) and 2 Server (both
W2K). One of the servers runs ISA 2000 and performs NAT,
proxy and firewall. The other is a Domain Controller and
file server.
The problem is incredibly slow network traffic, apparently
caused by corrupt TCP/IP stacks on the workstations, but
the problem was fixed once and keeps reoccurring. I need
to find the root cause and fix it.
The problems all began when I used the Active Directory to
map everyone's My Documents folder to "%server name%\D$\%
user name%". The mappings worked fine, but this also
enabled Offline Files replication for each of the
workstations and the network became flooded with traffic.
I returned to the office and disabled Offline Files on
each of the workstations and all of the machines except
two were fine. These two still had intermittent
problems.
I took down some error messages on these two machines that
led me to believe that the TCP/IP stack was corrupt. I
found a fix called Winsock Fix and planned to return to
the office to check on these two machines.
Before I got a chance, I received a call from the office
stating that everyone was having problems with the network
running severely slow and causing machines to lock up. I
headed to the office and ran the Winsock Fix on all of the
machines that couldn't renew there IP through with
IPCONFIG /RENEW (symptom of the corrupt stack). After
running the fix I had to drop the workstation out of the
domain and rejoin it.
This appeared to work, but before I finished fixing each
machine, two of the machines had the problem again. By
the next day, all of the machines had the same problem.
The owner of the company is convinced that there is a worm
involved. The office runs Network Associates ePolicy
Orchestrator with Viruscan Enterprise 7.0 and all of the
machines' dat files are current and nightly scans produce
nothing.
I checked the AD server and found multiple errors in the
event log that make me wonder if the DNS is corrupt and/or
corrupting the TCP/IP stacks on the workstations.
Please help me find root cause and fix the workstations
and the server.
Errors on the AD server:
System Log:
Event ID 5781: Dynamic registration or deregistration of
one or more DNS records failed because no DNS servers are
available (every 2 hours)
Event ID 5774: Registration of the DNS record '<dns
record>'. 600 IN SRV 0 100 3268 <domain name>.' failed
with the following error: Invalid Data (every 2 hours)
DNS Server Log:
Event 414: DNS server machine currently has no DNS name.
(every 1-9 hours)
Directory Service Log:
Event 1126: Unable to establish connection with global
catalog (every hour)
Event 1655: The attempt to communicate with global
catalog \\<server name> failed with the following status:
A Service Principal Name could not be constructed b/c the
provided host name is not in the necessary format. (every
hour)
Event 1411: Directory Service failed to construct a
mutual authentication Service Principal Name for %
servername% b/c host name is not in necessary format.
(every hour)
Thanks!!!