Hello, we've problems with several Windows Server 2003 machines in different domains and sites. After about 10 days of uptime all network-services stops working. I think it's caused by the security updates KB2507938 or KB2555917. The following issues are present, when the server stops working: When connecting with RDP there is an Error "RPC-Server is unavailable" and the connection is lost. Userenv Error 1053 is listed (Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. ) A .NET Service throws the error: System.InsufficientMemoryException: : Insufficient winsock resources available to complete socket connection initiation. Netlogon Event ID 5719 is logged, cause of: not enough storage is available to process this command. Sometimes, error Userenv 1030 occurs (Windows cannot query for the list of Group Policy objects. ) Sometimes, error Userenv 1058 occurs (can't open gpt.ini from gpo ... access denied) After a reboot everything works fine for about ten days. The machines are partial virtual and physical, someone are domain-controlles, someone are not. I don't think that this is any hardware-problem. Does anyone have a solution for this problem? Thanks in advance!

Start with analysis from DC that has FSMO roles and DNS and continue to other servers. Clean the DNS cache and test ipconfig /flushdns netdiag /fix /debug and show the netdiag.log See articles http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx http://support.microsoft.com/kb/310339/en-us http://www.eventid.net/display.asp?eventid=5719&eventno=104&source=NETLOGON&phase=1 I have error 1030 and 1058 in the case of two domain controllers with wrongly set DNS ip addresses. Each DC should have the first DNS IP address its own address and second DNS IP address is that of second DNS. Next, the "Wait for network..." GPO has helped.

Should I run the test when the connection is lost?

Hello, When connecting with RDP there is an Error "RPC-Server is unavailable" and the connection is lost. Userenv Error 1053 is listed (Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. ) That seems to be a problem with ports / DNS. For DNS, make sure that: Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones Each DC without DNS points to internal DNS servers as DNS servers Once done, run ipconfig /registerdns and restart netlogon on each DC you have. For client computers / servers, make sure that they are pointing to correct internal DNS servers as primary and secondary ones. Once done, run ipconfig /flushdns on client computers and try again. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

Now I've problems with our first DC (dcserver1.mydomain.local). There are 2 DCs in the domain: x.x.157.2 and x.x.157.3, the dcserver1 is x.x.157.2 I ran netdiag and there are some errors listed in the log file: DC list test . . . . . . . . . . . : Failed [WARNING] Cannot call DsBind to dcserver1.mydomain.local (x.x.157.2). [ERROR_OUTOFMEMORY] List of DCs in Domain 'MYDOMAIN': dcserver1.mydomain.local Do un-authenticated LDAP call to 'dcserver1.mydomain.local '. [FATAL] Cannot open an LDAP session to 'dcserver1.mydomain.local' at 'x.x.157.2'. [WARNING] Failed to query SPN registration on DC 'dcserver1.mydomain.local'. DNS test . . . . . . . . . . . . . : Passed Interface {000C46E4-90BE-44C7-A6DC-9C0FF67C6886} DNS Domain: DNS Servers: x.x.157.2 x.x.157.3 IP Address: Expected registration with PDN (primary DNS domain name): Hostname: dcserver1.mydomain.local. Authoritative zone: mydomain.local. Primary DNS server: dcserver1.mydomain.local x.x.157.2 Authoritative NS: x.x.157.2 x.x.157.3 Check the DNS registration for DCs entries on DNS server 'x.x.157.2' If you need any further information please ask! Thanks!

Hello, proceed like I already mentioned. If this does not help, please use Microsoft Skydrive to upload the output of these commands on all your DCs: ipconfig /all >c:\ipconfig.txt (From each DC) dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt dnslint /ad /s "The DC's IP Address" (http://support.microsoft.com/kb/321045) Once done, post a link here. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

Hello Mr X, both DNS-Servers in this domain are configured correctly and the DNS-Entries of the network card points to the ip adress of dcserver1 and dcserver2 and vice versa. This configuration works since about 5 years. After rebooting an affected server everything works fine again for about 10 days. (with no GPO-Errors).

Hello Mr X, both DNS-Servers in this domain are configured correctly and the DNS-Entries of the network card points to the ip adress of dcserver1 and dcserver2 and vice versa. This configuration works since about 5 years. After rebooting an affected server everything works fine again for about 10 days. (with no GPO-Errors). So please upload the output of the commands that I already suggested. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

1. Have you correct suffix in the domain controllers? 2. Are you using public IP addresses? 3. Do you have public DNS IP in the list of DNS in NIC settings? 4. You can repeat commands that I have recommended. Has the result change? 5. Use additional test with dcdiag 6. Test this nltest /sc_query:domainname.com 7. Have you change any configuration at the time when the system started to behave wrongly?

1. Have you correct suffix in the domain controllers? 2. Are you using public IP addresses? 3. Do you have public DNS IP in the list of DNS in NIC settings? 4. You can repeat commands that I have recommended. Has the result change? 5. Use additional test with dcdiag 6. Test this nltest /sc_query:domainname.com 7. Have you change any configuration at the time when the system started to behave wrongly? 1. suffix is correct. 2. yes 3. dcserver1: Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : dcserver1 Primäres DNS-Suffix . . . . . . . : mydomain.local Knotentyp . . . . . . . . . . . . : Unbekannt IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : mydomain.local Ethernet-Adapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: Beschreibung . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection Physikalische Adresse . . . . . . : 00-0E-A6-xx-xx-xx DHCP aktiviert . . . . . . . . . : Nein IP-Adresse. . . . . . . . . . . . : x.x.157.2 Subnetzmaske . . . . . . . . . . : 255.255.255.192 Standardgateway . . . . . . . . . : x.x.157.1 DNS-Server . . . . . . . . . . . : x.x.157.2 x.x.157.3 dcserver2: Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : dcserver2 Primäres DNS-Suffix . . . . . . . : mydomain.local Knotentyp . . . . . . . . . . . . : Unbekannt IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : mydomain.local Ethernet-Adapter LAN-Verbindung 3: Verbindungsspezifisches DNS-Suffix: Beschreibung . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2 Physikalische Adresse . . . . . . : 00-15-5D-xx-xx-xx DHCP aktiviert . . . . . . . . . : Nein IP-Adresse. . . . . . . . . . . . : x.x.157.3 Subnetzmaske . . . . . . . . . . : 255.255.255.192 Standardgateway . . . . . . . . . : x.x.157.1 DNS-Server . . . . . . . . . . . : x.x.157.3 x.x.157.2 4. yes, after a reboot there are no more errors or lines with failed. 5. Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 08/31/2011 09:53:36 (Event String could not be retrieved) I've found multiple DNS error 408, 404, 4000, 4004, 4015 when the problem started: could not open Socket for address 0.0.0.0 could not bind tcp-socket to 0.0.0.0 dns server detected a critical error in active directory dns server couldn't enumerate directory services in zone "." 6. I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN 7. No, nothing was changed. I've only installed the latest windows updates listed in my first post. I think the problems are not caused by Active Directory or DNS. Probably the AD & DNS errors are only a side affect by something other....

a.It is uncommon to use public adresses (unless you use split brain DNS). b. What is configuration of DNS (primary integrated and secure only, what is in forward and backward zone)? You have DNS on both DCs? c. Basic connectivity - ping on IP and name. I think that you have not DNS working properly. d. How many network adapters have DCs? e. Have you tried to uninstall updates? f. There is a link to MS support, give it a try: https://support.microsoft.com/oas/default.aspx?Gprid=3198&st=1&wfxredirect=1&sd=gn

a.It is uncommon to use public adresses (unless you use split brain DNS). b. What is configuration of DNS (primary integrated and secure only, what is in forward and backward zone)? You have DNS on both DCs? c. Basic connectivity - ping on IP and name. I think that you have not DNS working properly. d. How many network adapters have DCs? e. Have you tried to uninstall updates? f. There is a link to MS support, give it a try: https://support.microsoft.com/oas/default.aspx?Gprid=3198&st=1&wfxredirect=1&sd=gn a. I know, but it should not be the problem. In another domain we're using private IPs and there the problem also occurs. b. DNS is on both DCs, in the forward zone there is mydomain.local and _msdcs.mydomain.local, in the reverse-zone is only our subnet. c. After a reboot everything works fine. Ping with IP, DNS and other services. d. Only 1 Adapter per server - you can see it in the ipconfig /all output e. I've tried to uninstall 1 update on this, and the other one on another server ... with no effect. Yesterday I tried to uninstall both updates. This test is currently in progress. (it needs about 10 days) f. MS support should be the last attempt... I don't know if we have an free support-case available.

Due to security policies I can't post the whole log. Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mydomain.local dcserver1 PASS PASS PASS PASS PASS PASS n/a dcserver2 PASS PASS PASS PASS PASS PASS n/a Total Time taken to test all the DCs:0 min. 27 sec. ......................... mydomain.local passed test DNS ipconfig /all is already posted dnslint /ad /s "x.x.157.2" crashes while doing the www.internic.net lookup

Hello again, try the following: Let each DC points to the other one as primary DNS server Let each DC points to its private IP address as secondary DNS server Let each DC points to 127.0.0.1 as third DNS server Once done, run ipconfig /registerdns and restart netlogon on each DC. Also, please check that needed ports for AD replication are not blocked: http://technet.microsoft.com/en-us/library/bb727063.aspx Please upload files I suggested. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

I'm sure that the problems are not caused by AD/DNS problems. I mentioned in my first post, that the problem occurs also on non-domain-controllers. When I restart the affected server the problem is solved. While restarting only the non-domain-controller there is nothing changed at the DC.

1. First record on ANY DC should point to itself. The reason is that when DC is restarted and the other DCs are down, it will "find" DC (itself). Otherwise you will get errors 1058 and 1030. One error is primary and second warns that the first error occured. 2. Installed updates are core ones. They go deeply into system. Have no feedback if you managed to uninstall them. 3.Malfunction of DNS and DC is a cause of your problem regardless if it is nemed primary or secondary. I have no feedback on the DNS configuration. 4. Public addressing is strange and possible cause of problem. 5. Test nslookup for AD RR. 6. EventID: 0x00000457 points to the inconsistency os AD database 7. I would start troubleshooting with DC that holds FSMO and on which is DNS. Test is with one client and network monitor. Under the line: 1.I understand that there are security measures in your company, but without appropriate knowledge the solution will converge to working system very slowly. 2. AD is multimaster which means that you can have more primary DNS servers. I do not know, what are possible consequences in public environment.

1. The DNS-configuration of both DCs are correct. DNS1: Server itself, DNS2: to the other DC. This configuration works since years! 2. Uninstall of update 1 worked, uninstall of update 2 worked. Removing one of these updates does not solve this problem. I've also removed both of these updates on another server and I'm still waiting if the problem occurs also on this guinea pig. (I'll let you know about the results.) 3. What do you want to know about DNS? Yes it's an AD-integrated DNS-Server. 4. Why should public addresses be the problem? These are only ip-Adresses. All affected servers are in the same subnet and connected with a layer-2-switch. This can't be a problem ... 5. nslookup Standardserver: dcserver1.mydomain.local Address: x.x.157.2 > set type=SRV > _ldap._tcp.dc._msdcs.mydomain.local Server: dcserver1.mydomain.local Address: x.x.157.2 _ldap._tcp.dc._msdcs.mydomain.local SRV service location: priority = 0 weight = 100 port = 389 svr hostname = dcserver1.mydomain.local _ldap._tcp.dc._msdcs.mydomain.local SRV service location: priority = 0 weight = 100 port = 389 svr hostname = dcserver2.mydomain.local dcserver1.mydomain.local internet address = x.x.157.2 dcserver2.mydomain.local internet address = x.x.157.3 6. Im sorry, but 0x457 is hexadecimal. The real EventID is 1111, and is related to Terminal Services Devices, it's caused by an unknown printer driver. I've checked this with the eventlog. Let me write some more information: The problem occurs on a lot of different servers: The only similary between the servers are: Win Server 2003 KB2507938 and KB2555917 are installed I know that there are also a lot of other updates installed but it occurs only with these two updates installed. The problem occurs in 3 different domains which are completely independent. Network 1: (1 site, SBS 2003 (installed KB2507938, KB2555917 at 31.07.2011, no problems) WS2008 WS2003 (installed KB2507938, KB2555917 at 22.08.2011 problem occured at 30.08.2011) Network 2: (3 sites, 5 DCs) (installed KB2507938, KB2555917 at 23.07.2011 on every server) WS2003 Std at site 1 (no problems) WS2003 Std DC at site 1 (problem occured at 12.08.2011, Server was rebootet at 15.08, problem occurred at 24.8 again, server was rebootet at 24.8) WS2008 DC at site 1 (no problems) WS2008 DC at site 1 (no problems) WS2008R2 Ent. as Hyper-V-Host (no problems) WS2008 TS at site 1 (no problems) WS 2003 Std DC at site 2 (problem occured at 10.08.2011, was rebootet at 11.08.2011, problem occured at 24.08.2011, was reboootet at 24.08) WS 2003 Std DC at site 3 (no problems) Network 3: Our company network: several WS 2008 R2 several WS 2008 #1 WS2003 Std DB-Server (updates @ 29.07, power-outtage at 08.08, problems at: 18.08, 29.08) #2 WS2003 Std DB-Dev-Server (updates @ 29.07, problems at: 08.08, 18.08, 27.08) #3 WS2003 Ent x64 DB-Server (updates @ 29.07, problems since 08.08, was not restarted) This server was our old Exchange 2007. Now this server is empty. No Exchange, no other services. Simply a domain member! #4 WS2003 Std (updates @ 29.07, no problems) #5 WS2003 Ent x64 2ndDC (updates @ 29.07, problems @ 9.8, 18.8, rebootet @ 19.08, 29.08) #6 WS2003 Ent 1stDC (updates @ 29.07, problems @ 8.8, rebootet @ 9.8, problems @ 19.8, rebootet @ 20.8, problems @ 30.8, rebootet @ 31.08) #7 WS2003 Std TS (updates @ 18.07, , problems @ 8.8, rebootet @ 9.8, problems @ 18.8, problems @ 28.8) #8 WS2003 Std (updates @ 29.07, problems since 8.8, no reboot) #8 was not rebooted since 29.07. So it’s related to the server itself, not to the DC or DNS. #8 in our company is not important. I can run some tests: nslookup _ldap._tcp.dc._msdcs.mydomain.local does work. DC1 and DC2 are shown correctly. ping dc1 does work, Ping dc2 does work. Nltest /sc_query:mydomain.local Flags: 30 HAS_IP HAS_TIMESERV Trusted DC Name \\dcserver1.mydomain.local Trusted DC Connection Status Status = 0 0x0 NERR_Success The command completed successfully. Net view \\mydomain.local System error 1231 occurred (!!!!!!!) Dcdiag /s:dcserver1.mydomain.local Domain Controller Diagnosis Performing initial setup: [dcserver1.mydomain.local] LDAP search failed with error 58, Win32 Error 58. ***Error: The machine, dcserver1.mydomain.local could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller. Same error with dcserver2 Nothing is logged in the eventlogs of the DCs. Dnslint /s x.x.157.2 /ad x.x.157.2 /v DNSLint will attempt to verify the DNS entries used in AD replication Using x.x.157.2 for LDAP starting with x.x.157.2 for DNS this process may take several minutes to complete. Finding the name of the root of the AD forest.. .not found LDAP query to speficied LDAP server on TCP port 389 failed Server heruntergefahren LDAP query to speficied LDAP server on TCP port 389 failed LDAP server specified appears to be down Specify a different LDAP server and run the command again telnet www.google.at 80 Connect failed Any further tests on this machine are welcome. This is only a domain-member, not a DC.

Update: Now I've the problem also on a WinXP Prof SP3 box. Uptime > 30 days, Patched @ 29.7, problem since 8.8 Both updates are applied there. I can't do any outgoing TCP connections. Eventlog is showing a lot of Userenv Errors: 1097: not enough memory 1030 1053 and AutoEnrollment ID 15: 0x8007003a

1. You experience with all server systems confirms with high probability that there is impact of update installation. You have narrowed the set, but we are not certain which update is critical. 2. The time interval between restart of server and the problem occurence points to the possibility of memory leak (or something silimilar). Have you observed any change of memory use or CPU load in Task Manager, or better in Process Explorer/Monitor (Sysinternals)? The latter is better for more detailed insight into the processes and thread dependences. 3. Are you sure that other drivers are intact? I mean network driver especialy. (Just an idea http://support.microsoft.com/default.aspx?scid=kb;en-us;326152) 4. Are services changing during the time interval (2), namely is "TCP/IP NetBIOS Helper" running? 5. It is not clear, if all the bad results are only when the phenomenon appeares after some time or from the start of server. 6. As to the telnet, try both, the telnet on IP and FQDN. The only telnet on FQDN is not a proof. My recommendation is to work on one simplest configuration with DC and client.

1. I agree. 2. cpu use seems to be normal. 3. The problem occurs on different platforms (physical and virtual) so I don't think that it's caused by an driver. I didn't updated any network drivers in the last months. 4. WinHTTP-Web Proxy Auto-Discovery-Service is changing his state very often from running to stopped and vice versa. Don't know if this is normal. Time-Service is reporting that he can't get the actual time, but this seems to be a side effect. 5. When I reboot the server every test is ok. Then there are also no more problems reported in the eventlog. 6. Now I've tried both: 2 errors. Should I try to restart a service or unplug the network cable on the affected server?

1. Time service is key component. DC with FSMO has some external time standard set and members of domain take time from DC (FSMO). If you restart Windows Time on the DC ( FSMO) you will see the response in system log that points to the time standard (it can be external time reference or router). Setting time reference: net time /setsntp:"125.32.52.6 147.68.98.3" All members of domain should have their time in the 300 second window. You should allow firewall for port UDP 53, if you take time from external source. 2. Problem with Windows XP is induced by the unavailability of Active Directory (http://support.microsoft.com/kb/310461/en-us ) 3. You will really need to "dig" into processes with Process Explorer and see, what happens on the DC (FSMO). 4. I have found reply of Mark Minasi, that describe the AD/DNS recovery: Well, the easiest thing to do is a bit of DNS surgery. But first double-check and replace "localhost" with whatever the IP address of your DNS server is in the /s option. In situations like this (small number of DCs), I prefer to change the DNS from AD-I to dynamic primary/secondary so that you can see what you're doing and, if necessary, hand-repair the zones. Make sure that all DCs get the word before proceeding. Once I'd done that, I'd delete all of the DNS sub-domains that AD created, then I'd go to the FSMO role holder and stop and start netlogon. That should restore the subdomains. Then delete the subdomains and stop/start netlogon on the other DCs. That should make DNS (and therefore AD) happy. Oh, one more thing... if you had two domains with the same name, you might think about going into your WINS servers and tombstoning any duplicate records. 5. Try to test the communication between DC (FSMO) and client (XP or W7) with network monitor installed. My guess is that the DC (FSMO) will refuse the connection.

Time is synchronized, I've checked it. When I'm trying to do a telnet to www.google.de 80 or to googles ip @ port 80 I can't see anything about this request in netmon. I'm seeing ICMP requests when trying to ping an host, but no communcation at port 80. Same thing when trying to do net view \\dcserver1 or net view \\dcserver1.mydomain.local or net view \\x.x.157.2 When trying to do this from my pc to the affected server I'm seeing the SMB-requests and responses. So the only problem are the outgoing TCP connections. They do not work!

>Time is synchronized, I've checked it.< Does DC connects time server when you restart Windows Time. If yes, then it can communicate - at least on UDP 123. (If the time is the same on all computers is not relevant now.) >When I'm trying to do a telnet to www.google.de 80 or to googles ip @ port 80 I can't see anything about this request in netmon< Windows 2003 does not have firewall controlling outgoing communication. Do you have any third party software that can block communication? If not, the there is something wrong with the networs stack. >Same thing when trying to do net view \\dcserver1 or net view \\dcserver1.mydomain.local or net view \\x.x.157.2< This depends on the ports 137-139. Are there ports open? What shows netstat -ano >When trying to do this from my pc to the affected server I'm seeing the SMB-requests and responses.< If clients are Windows XP, then all computers should communicate. It the client is Windows 7, then force the W 7 to use SMB 1 instead of SMB 2.1 Back to some previous questions: When you had tried to uninstall suspicious hotfixed, have you check the versions of files to be sure that the uninstall has been correct one? I have touched the case of memory leak and ask in there is change in memory usage. Please dig into Process Explorer, if there is any thread that take too much resources.

UDP-Traffic does work. After a flushdns every dns-record resolves correctly. I can see the packets in netmon. No. There is no 3rd-party firewall or security-suite installed. I do also think that it's network stack-related. Is there any possiblity to inform a microsoft employee about this issue through the forum that he could check it, or review the source-changes made with those 2 patches. I'm sorry but at the moment I've rebooted every server so I can't test it. I'll post the results when a server is affected again. @update removal: I'll check it... @procmon: I tried to find something, but I didn't. Sorry....

>Time is synchronized, I've checked it.< Does DC connect time server when you restart Windows Time? If yes, then it can communicate - at least on UDP 123. (If the time is the same on all computers is not relevant now.) >When I'm trying to do a telnet to www.google.de 80 or to googles ip @ port 80 I can't see anything about this request in netmon< Windows 2003 does not have firewall controlling outgoing communication. Do you have any third party software that can block communication? If not, the there is something wrong with the network stack. >Same thing when trying to do net view \\dcserver1 or net view \\dcserver1.mydomain.local or net view \\x.x.157.2< This depends on the ports 137-139. Are there ports open? What shows netstat -ano ? (Enable visibility of PID for processes.) >When trying to do this from my pc to the affected server I'm seeing the SMB-requests and responses.< If clients are Windows XP, then all computers should communicate. It the client is Windows 7, then force the W 7 to use SMB 1 instead of SMB 2.1 Back to some previous questions: When you had tried to uninstall suspicious hotfixed, have you check the versions of files to be sure that the uninstall has been correct one? I have touched the case of memory leak and ask in there is change in memory usage. Please dig into Process Explorer, if there is any thread that take too much resources.

Issue was resolved. It's a bug in the .net Framework where sockets from a webservice-call are not released. After ten days all sockets were used by this .net-service. Restarting those service solved all problems. Thanks for all help, I'm happy that it was not caused by dc-problems.