Hi All, I've recently been handed control of a customers network having issues... The are getting random DNS Failures...there setup is: 1x Forefont TMG 2010 box providing Firewalling and Proxy 1x Server 2008 DC 1x Server 2003 R2 DC What is happening, every 3-5 days (more often towards the end of the week) no clients will be able to resolve the DNS name of the Proxy Server and therefore cannot get out. There are also some servers (XenApp, CRM etc) that are affected as well. Until now, they've been flushing and then registering the DNS cache on each PC/Server having issues to get it back...this is not ideal :) Running DCDIAG /DnsAll /Q qives me the following errors: Has anyone else come across this error before or have any tips on troubleshooting this issue? David Robertson MCP, VCP4, AST

Hi, Please refer following Troubleshooting AD Replication error 1722: The RPC server is unavailable http://support.microsoft.com/kb/2102154 Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD http://support.microsoft.com/kb/839880 You might need re-validate network firewall and TMG settings and ports which are opened/blocked. Make sure firewall is configured to allow ports which are necessary to run AD and AD DS Services Active Directory and Active Directory Domain Services Port Requirements http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx Event viewer on DCs might as well reveal some more information.I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Hi, Please refer following Troubleshooting AD Replication error 1722: The RPC server is unavailable http://support.microsoft.com/kb/2102154 Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD http://support.microsoft.com/kb/839880 You might need re-validate network firewall and TMG settings and ports which are opened/blocked. Make sure firewall is configured to allow ports which are necessary to run AD and AD DS Services Active Directory and Active Directory Domain Services Port Requirements http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx Event viewer on DCs might as well reveal some more information.I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Ahh thank you very much...it appears the 2008 DC is missing 'ncacn_np' and 'ncacn_ip_udp' and the 2003 DC is missing 'ncacn_ip_udp' as well (From Step 2). It mentions importing from a good Server to add the entries...can I safely import 'ncacn_np' from 2003 -> 2008 DC? And how do I rectify 'ncacn_ip_udp' that is missing from both Servers?...I have in fact looked at the functioning DC's in other sites on their WAN and found none have 'ncan_ip_udp' they all have another file, 'ncadg_ip_udp' instead.... David Robertson MCP, VCP4, AST

It mentions importing from a good Server to add the entries...can I safely import 'ncacn_np' from 2003 -> 2008 DC? And how do I rectify 'ncacn_ip_udp' that is missing from both Servers?. Instead of importing the reg keys, try creating missing keys manually. Take system state backup before doing any changes on DCs. I have in fact looked at the functioning DC's in other sites on their WAN and found none have 'ncan_ip_udp' they all have another file, 'ncadg_ip_udp' instead.... Sorry, not really sure what to suggest on this. If they are functioning without any issues, you might want them to leave as it is :-) I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Hi, Error message DsBindWithSpnEx() failed with error 1722 indicated RPC server is unavailable error. It shows that the computer which you run dcdiag /dnsall /q has RPC connection issue with your DC and DNS server. You mentioned you have Forefront TMG 2010 as Firewall and proxy server, I think you mean internet firewall, but whats your intranet firewall? Do you use Forefront client or Windows built-in firewall program? Please refer to these articles to check Domain services needed port over firewall. Configuring an Intranet Firewall http://technet.microsoft.com/en-us/library/bb125069.aspx Active Directory Replication Over Firewalls http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx For more information please refer to following MS articles: DCDiag and DsBindWithSpnEx() Error http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d2804f30-626b-419d-a85a-eeda0a9b7d1d Active directory replication issue http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/330dddf3-7492-42cb-885d-e8049cc5fcd8/ Hope this helps! TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Lawrence TechNet Community Support

Hi, Error message DsBindWithSpnEx() failed with error 1722 indicated RPC server is unavailable error. It shows that the computer which you run dcdiag /dnsall /q has RPC connection issue with your DC and DNS server. You mentioned you have Forefront TMG 2010 as Firewall and proxy server, I think you mean internet firewall, but whats your intranet firewall? Do you use Forefront client or Windows built-in firewall program? Please refer to these articles to check Domain services needed port over firewall. Configuring an Intranet Firewall http://technet.microsoft.com/en-us/library/bb125069.aspx Active Directory Replication Over Firewalls http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx For more information please refer to following MS articles: DCDiag and DsBindWithSpnEx() Error http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d2804f30-626b-419d-a85a-eeda0a9b7d1d Active directory replication issue http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/330dddf3-7492-42cb-885d-e8049cc5fcd8/ Hope this helps! TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Lawrence TechNet Community Support

Hi, TMG is the Internet Firewall and Proxy...no Intranet Firewall. I am working through some of the links provided by Santosh, but not getting very far.David Robertson MCP, VCP4, AST

Hi, Since you get error with ID 1722 when connect to DNS server, that indicate RPC server is unavailable. So seems you cant event connect to DNS server, not to mention DNS resolution. I think we should focus on troubleshoot RPC is unavailable issue. The process of an RPC client connection to an RPC server can be broken down into four phases. Phase 1: Name Resolution: Name resolution is the act of resolving a name to an IP address. This normally takes two forms: NetBIOS Name Resolution or the more common DNS Name Resolution. Phase 2: TCP session establishment: TCP session establishment is the act of establishing a TCP connection between the RPC client and the RPC server. TCP sessions will be initiated by the RPC client via a TCP 3-way handshake with the RPC server. Phase 3: RPC Discovery: When a client wants to connect to the RPC server supplied by the application it will contact the computer that hosts the RPC Server and discover how to connect to the RPC Server. Phase 4: RPC Communication: RPC Communication is the act of making RPC requests to the application endpoint and receiving RPC responses from this application. Data needed to troubleshoot the issue: Identify the client and server computers reporting the RPC error. Identify the DNS and WINS servers used by these computers. To do this: On each machine, open a command prompt and run ipconfig /all. Determine the IP address of both machines. If the server is part of a cluster get the cluster resource IP address as well. Identify the DNS servers and WINS servers that the RPC client is configured to use. Note: You can also obtain this information by opening Control Panel\Network and Sharing Center, clicking Local Area Connection and selecting Properties. Identify the application(s) reporting RPC Server Unavailable Simultaneous network traces (using Wireshark, Netmon, or a comparable network sniffer) from the machines hosting the RPC client and RPC Server while reproducing the task that results in a RPC Server Unavailable error. The network captures on both hosts should be started first. From a command prompt on the client run ipconfig /flushdns and nbtstat R to clear the name resolution caches. Reproduce the error. Stop the traces and save them. For more information please refer to following MS articles: Troubleshooting "The RPC server is unavailable" http://social.technet.microsoft.com/wiki/contents/articles/4494.troubleshooting-the-rpc-server-is-unavailable.aspx Replication error 1722 The RPC server is unavailable http://technet.microsoft.com/en-us/library/replication-error-1722-the-rpc-server-is-unavailable(v=ws.10).aspx How IT Works: Troubleshooting RPC Errors http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx Hope this helps! TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Lawrence TechNet Community Support

Hi, Since you get error with ID 1722 when connect to DNS server, that indicate RPC server is unavailable. So seems you cant event connect to DNS server, not to mention DNS resolution. I think we should focus on troubleshoot RPC is unavailable issue. The process of an RPC client connection to an RPC server can be broken down into four phases. Phase 1: Name Resolution: Name resolution is the act of resolving a name to an IP address. This normally takes two forms: NetBIOS Name Resolution or the more common DNS Name Resolution. Phase 2: TCP session establishment: TCP session establishment is the act of establishing a TCP connection between the RPC client and the RPC server. TCP sessions will be initiated by the RPC client via a TCP 3-way handshake with the RPC server. Phase 3: RPC Discovery: When a client wants to connect to the RPC server supplied by the application it will contact the computer that hosts the RPC Server and discover how to connect to the RPC Server. Phase 4: RPC Communication: RPC Communication is the act of making RPC requests to the application endpoint and receiving RPC responses from this application. Data needed to troubleshoot the issue: Identify the client and server computers reporting the RPC error. Identify the DNS and WINS servers used by these computers. To do this: On each machine, open a command prompt and run ipconfig /all. Determine the IP address of both machines. If the server is part of a cluster get the cluster resource IP address as well. Identify the DNS servers and WINS servers that the RPC client is configured to use. Note: You can also obtain this information by opening Control Panel\Network and Sharing Center, clicking Local Area Connection and selecting Properties. Identify the application(s) reporting RPC Server Unavailable Simultaneous network traces (using Wireshark, Netmon, or a comparable network sniffer) from the machines hosting the RPC client and RPC Server while reproducing the task that results in a RPC Server Unavailable error. The network captures on both hosts should be started first. From a command prompt on the client run ipconfig /flushdns and nbtstat R to clear the name resolution caches. Reproduce the error. Stop the traces and save them. For more information please refer to following MS articles: Troubleshooting "The RPC server is unavailable" http://social.technet.microsoft.com/wiki/contents/articles/4494.troubleshooting-the-rpc-server-is-unavailable.aspx Replication error 1722 The RPC server is unavailable http://technet.microsoft.com/en-us/library/replication-error-1722-the-rpc-server-is-unavailable(v=ws.10).aspx How IT Works: Troubleshooting RPC Errors http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx Hope this helps! TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Lawrence TechNet Community Support

Hi, I would like to confirm what is the current situation? Have you resolved the problem? If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.Lawrence TechNet Community Support

Hi Lawrence, I've gotten snowed under the last day or so...will hopefully get back onto this on Monday...interestingly enough, they haven't had any dropouts since I started this thread...David Robertson MCP, VCP4, AST

Okey, please try above solutions and give feedback if you have any progress. Any questions or confusions please feel free to let know.Lawrence TechNet Community Support

Hi, I would like to confirm what is the current situation? Have you resolved the problem? If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.Lawrence TechNet Community Support

Quick thought, would it be easier to Demote the 2003 DC as they need to move to full 2008 AD eventually anyway...this would fix the issues?David Robertson MCP, VCP4, AST

Quick thought, would it be easier to Demote the 2003 DC as they need to move to full 2008 AD eventually anyway...this would fix the issues? David Robertson MCP, VCP4, AST Hello again, Migrating DCs to 2008/R2 would be a good idea however, please do ensure that necessary ports are allowed to communicate between DCs and TMG is not blocking the ports.I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....