Event ID: 7050

  • Thread starter Thread starter RLH1919
  • Start date Start date
R

RLH1919

I get this error message in event viewer for my DNS. [The
DNS server recv() function failed. The event data contains
the error.] I am running Win/2000 server with active
directory and only one forward lookup zone. Any help would
be greatly appreciated. Thanks
 
I got the same thing this afternoon. One 7050 error on
each of my 8 DNS servers in 3 domains (parent + 2 child
domains) this afternoon. The error came only once on each
server - but all within 5 minutes. DNS seems to be working
ok - ran netdiag and dcdiag. Any info would really help.
 
In
Mary said:
I got the same thing this afternoon. One 7050 error on
each of my 8 DNS servers in 3 domains (parent + 2 child
domains) this afternoon. The error came only once on each
server - but all within 5 minutes. DNS seems to be working
ok - ran netdiag and dcdiag. Any info would really help.
Click to expand...


Seems to be a rare issue that a DNS probe would cause:

http://www.eventid.net/display.asp?eventid=7050&eventno=4151&source=DNS&phase=1

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Hi Ace,

I think that was my post at EventID, matches what I submitted. We've gotten
a few more 7050 errors that was not my co-worker doing a port probe -- the
new 7050 events happened at about 2:30 am and 3:30 am est 6 days apart on
all four DNS servers (two are AD empty root, two are AD child) at HQ.
Interestingly, too, even though all 4 servers in same switch, our 2 AD Root
servers also reported 7050 on two other days at 11 am and 2 pm respectively,
whereas the child servers did not. The 11 am and 2pm I can possibly see as
port probes (most of HQ is software engineers), but 2:30 am and 3:30 am?

None of the DNS servers are public, all internal and AD structure hidden
from Internet. DNS looks fine, no one is having problems, no other errors
(System, Application, Directory Service, NTFS, Security logs).

I still think first occurance was port probe, too much coincidence that 7050
occurred on every DNS server exactly when port probe done. But I'm back to
investigating cause of newest 7050s, if same cause or not. Did a Google
search, saw this thread and thought I'd post the additional info. Still
investigating.

No need to reply.

Regards,
Joan



"Ace Fekay [MVP]"
 
In
Joan said:
Hi Ace,

I think that was my post at EventID, matches what I submitted. We've
gotten a few more 7050 errors that was not my co-worker doing a port
probe -- the new 7050 events happened at about 2:30 am and 3:30 am
est 6 days apart on all four DNS servers (two are AD empty root, two
are AD child) at HQ. Interestingly, too, even though all 4 servers in
same switch, our 2 AD Root servers also reported 7050 on two other
days at 11 am and 2 pm respectively, whereas the child servers did
not. The 11 am and 2pm I can possibly see as port probes (most of HQ
is software engineers), but 2:30 am and 3:30 am?

None of the DNS servers are public, all internal and AD structure
hidden from Internet. DNS looks fine, no one is having problems, no
other errors (System, Application, Directory Service, NTFS, Security
logs).

I still think first occurance was port probe, too much coincidence
that 7050 occurred on every DNS server exactly when port probe done.
But I'm back to investigating cause of newest 7050s, if same cause or
not. Did a Google search, saw this thread and thought I'd post the
additional info. Still investigating.

No need to reply.

Regards,
Joan
Click to expand...


Hmm, at a lost, because this is a new one and there's little on it.
According to this article:
http://www.oriweb.com/updateip.htm
It has something to do with dynamic updates. Maybe those are the times that
the netlogon service from a particular DC is trying to update into DNS.

And another link I found, someone mentions it maybe a Winsock driver based
error.
http://www.mail-archive.com/[email protected]/msg89439.html

Now, if you isolate the machine that is trying the updates (netmon? retina?)
and take a look at the NIC conifig, drivers, etc, maybe that can be a start?
Determine if any DCs or DNS servers have mulitple NICs, or teamed NICs, etc,
for a start as well. Another link mentions the 'birthday' attack against
BIND servers. But doesn't seem likely in your case, since its MS DNS.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In
Joan said:
Hi Ace,

I think that was my post at EventID, matches what I
submitted. We've gotten a few more 7050 errors that was
not my co-worker doing a port probe -- the new 7050
events happened at about 2:30 am and 3:30 am est 6 days
apart on all four DNS servers (two are AD empty root, two
are AD child) at HQ. Interestingly, too, even though all
4 servers in same switch, our 2 AD Root servers also
reported 7050 on two other days at 11 am and 2 pm
respectively, whereas the child servers did not. The 11
am and 2pm I can possibly see as port probes (most of HQ
is software engineers), but 2:30 am and 3:30 am?

None of the DNS servers are public, all internal and AD
structure hidden from Internet. DNS looks fine, no one is
having problems, no other errors (System, Application,
Directory Service, NTFS, Security logs).

I still think first occurance was port probe, too much
coincidence that 7050 occurred on every DNS server
exactly when port probe done. But I'm back to
investigating cause of newest 7050s, if same cause or
not. Did a Google search, saw this thread and thought I'd
post the additional info. Still investigating.
Click to expand...

Are you using the Advanced logging features? (Advanced tab)

Under higher load DNS will log 7050 events with Advanced logging enabled.
Advanced logging adds considerable load to DNS to write the log. When the
load gets to a certain point DNS just cannot write the log and answer
queries. DNS can handle thousands of queries a minute as long as it doesn't
have to write a log. If it has to write a log, it slows DNS down way too
much. There was a poster with this event just yesterday, he had advanced
logging turned on, he turned off the logging and it resolved the issue.
 
In
Kevin D. Goodknecht Sr. said:
Are you using the Advanced logging features? (Advanced tab)

Under higher load DNS will log 7050 events with Advanced logging
enabled. Advanced logging adds considerable load to DNS to write the
log. When the load gets to a certain point DNS just cannot write the
log and answer queries. DNS can handle thousands of queries a minute
as long as it doesn't have to write a log. If it has to write a log,
it slows DNS down way too much. There was a poster with this event
just yesterday, he had advanced logging turned on, he turned off the
logging and it resolved the issue.
Click to expand...

Curious Kevin, where is that other post? I tried to search on 7050, but no
luck.

Thanks!

Ace
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
wrote their comments
Then Kevin replied below:
Curious Kevin, where is that other post? I tried to
search on 7050, but no luck.
Click to expand...

It is in the windows.server.dns group under this subject line:
Windows 2003 DNS forwarder suddenly doesn't work anymore
 
In
Kevin D. Goodknecht Sr. said:
It is in the windows.server.dns group under this subject line:
Windows 2003 DNS forwarder suddenly doesn't work anymore
Click to expand...

Thanks. I couldn't find it searching the message because I haven't read the
thread yet, so the messages were never downloaded.

Interesting how advanced logging would do that and mimic a probe.

Ace
 
Hi Ace, Kevin,

Just found your replies, thanks for info! Will investigate accordingly.

Regards,
Joan




"Ace Fekay [MVP]"
 
In
Joan said:
Hi Ace, Kevin,

Just found your replies, thanks for info! Will investigate
accordingly.

Regards,
Joan
Click to expand...

Please let us know if it helped.

Ace
 
I am also having the same problem.... Any answers yet? I am trying t
use Terminal Services....Everyone can log in.... But the remot
control will Not work -- including the SHADOW Command.

Thanks
Angel


-
shotz1111
 
I am also having the same problem.... Any answers yet? I am trying t
use Terminal Services....Everyone can log in.... But the remot
control will Not work -- including the SHADOW Command.

Thanks
Angel


-
shotz1111
 
In
shotz11111 said:
I am also having the same problem.... Any answers yet? I am trying to
use Terminal Services....Everyone can log in.... But the remote
control will Not work -- including the SHADOW Command.

Thanks
Angela
Click to expand...

Shdow command has nothing to do with DNS. Both users need to be in a session
in order to use remote control (shadow a session). You cannot do it from the
console session.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top