Hi there,I have a very odd problem withx1 domain controller in a network consisting of x2 domain controllers x1 Exchange server. All servers are newbuildWindows Server 2008 64bit Standard and have been up and running for around 6 months now.SYMPTOMS:On domain controller 2:I cannot access DNS, Active Directory Users and ComputersI cannot access www.google.com from internet explorer but can if I use its ip addressI can ping www.google.com (possibly due to cached lookup)I can tracert www.google.com (as above)I cannot connect to Client machines file sharesClient machines can still access the file share associated with this serverOn domain controller 1 (contains FSMO roles)I can access all AD, DNS functionality but cannot access Domain Controller 2 for this functionalityI can access domain controller 2 file shareATTEMPTED RESOLUTIONS:Restarted NETLOGON Service, Active Directory Domain Services, DNS Client & DNS Server Services... but nothing resolves.This has happened once before and a restart DID cure the issue. It has now resurfaced after another few months but no updates have been installed recently.ERROR LOGS:Error 5719Not a huge amount to go on and mostly just Group Policy errors apart from this one: This computer was not able to set up a secure session with a domain controller in domain DOMAINROOT due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.Question:Does anyone have any idea what the cause could be?Please help!

Hi, According to your description, it seems that the secure channel between the domain controllers are corrupt. Please help to check the following: 1. Please ensure the time synch between the two domain controllers. 2. Please configure the DNS server to the working DC. 3. Please refer to the following Microsoft Knowledge Base article to reset the secure channel of the problematic domain controller: 325850 How to use Netdom.exe to reset machine account passwords of a Windows Server 2003 domain controller http://support.microsoft.com/default.aspx?scid=kb;EN-US;325850 If the issue retain, we will need to generate and analyze the log files . Please gather the following logs: 1.Collect ip log on Domain Controller 1: Try to run "ipconfig /all >c:\dc1.txt" 2.Collect ip log on Domain Controller 2: Try to run "ipconfig /all >c:\dc2.txt" 3.Make a test on Domain Controller 1: Try to run "dcdiag /v >c:\dcdiag1.txt" 4.Make a test on Domain Controller 2: Try to run dcdiag /v >c:\dcdiag2.txt After you have finished these logs, please sent them to tfwst@microsoft.com for research. At last, I list the following questions about this issue. Would you please give us more details? 1. what do you mean about On domain controller 2:I cannot access DNS, Active Directory Users and Computers? 2. what do you meat about On domain controller 1 (contains FSMO roles) ,I can access all AD, DNS functionality but cannot access Domain Controller 2 for this functionality? I am looking for your reply! Regards,Nick Gu - MSFT

Hi there,Thanks for the response. Unfortunatly with Christmas upon us I had to bite the bullet and restart but I would imagine that the problem will reoccur at some point as this is the 2nd occurance.I will run the DCDIAG but as the server has restarted the issue is not apparent.To clarify: 1. what do you mean about On domain controller 2:I cannot access DNS, Active Directory Users and Computers? 1) When the problem occurs you cannot access DNS, Active Directory Users & Computers, Group Policy etc via Domain Controller2 own console/RDP. Also you cannot access other DNS name locations on the network. HOWEVER, XP clients and other servers can still access the files located on this server - so it is still on the network.2. what do you meat about On domain controller 1 (contains FSMO roles) ,I can access all AD, DNS functionality but cannot access Domain Controller 2 for this functionality?2) On domain controller 1 you can access the Active Directory, DNS, Group Policy BUT you cannot connect to Domain Controller 2 via an MMC in order to access the resources that reside on that server.I will run the DCDIAG to see if it offers an explanation. It has only happened twice in a few months but it has left our MCSE support guys baffled.Just to claify - restartind domain controller 2 (the problematic server) fiixes the issue!

Hi, Thank you for your reply. As this issue only happens intermittently, this type of problems are usually difficult to troubleshoot. I understand that you have restarted the server which resolved the issue. Please keep monitoring this issue for a while. When it happens again, please first check whether DNS name resolution works properly on the problematic domain controller. Meanwhile, please collect the logs and send them to tfwst@microsoft.com for further research. Regards,Nick Gu - MSFT

I have emailed these across as requested.What I will say is that I saw this post today:http://www.424help.com/news/2008/12/17/windows2008-server-network-connectivity-problem/I also note that this Technet post also seems similar to our issue: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/84810ea6-fa4d-4acc-bda8-7c55af841a73 Are there any known Broadcom issues out there?

Hi, Thank you for your information. Ive read this article. You may download the latest drivers from Intels website to fix this problem. AndI will keep on this issue. If we have any update, we will let you know the solution as soon as possible. Regards, Nick Gu - MSFT

We dont use intel - the server has Broadcom NICs.Another potential cause could be McAfee 8.7.0i which is installed on both the domain controllers - is there a potential that this is the cause?So frustrating. It happened again to the first DC yesterday after 42 days of uptime. Its always the same - after 30+ days it seems to randomly occur.

Hi, Thank you for your update. As you said, you may disable the McAfee to see if it works. Since this issue occurred regularly, we need more information to resolve this issue. Could you please send us the logs? Please gather the following logs: 1.Collect ip log on Domain Controller 1: Try to run "ipconfig /all >c:\dc1.txt" 2.Collect ip log on Domain Controller 2: Try to run "ipconfig /all >c:\dc2.txt" 3.Make a test on Domain Controller 1: Try to run "dcdiag /v >c:\dcdiag1.txt" 4.Make a test on Domain Controller 2: Try to run dcdiag /v >c:\dcdiag2.txt 5.Do you have receive error logs this time? Please send them to us. After you have finished these logs, please sent them to tfwst@microsoft.com for research. Regards,Nick Gu - MSFT

A Dell engineer is looking into the issue and he has found the following KB which could potentially apply:http://support.microsoft.com/?kbid=959816Given the nature of the symptoms mentioned above for our scenarioand the KB linked can you see potential for this to be an issue?

Hello Tim, Please try updating the Broadcom drivers and Try it, I am recommending you because I have seen lot of people blaming Broadcom Drivers for Unsual behaviour of Windows Server 2008 and its pretty simple task so why dont you just try it once and see whether it solves you problem.Thanks Syed Khairuddin

I am afraid that updating the Broadcom drivers did not solve the issue.It only appears after 30 odd days and seems to centre around DNS.I know a restart should sort it as it always does but I want to know why this is happening.Any other advice or suggestions?Much appreciated,Tim