I haven't quite solved my first DNS problem and seem to have another. I have a server running windows server 2000. All the clients seem to take a little longer than normal to startup and shutdown (first problem) the problem I found today is that I have one client a notebook running XP Pro that is super slow to start and shutddown. Three minutes or better to start and about two and one half to shut down. By now you know the routine, I have looked at everything imagineable except, today I checked the event log and here is what Event ID: 1053 says. Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted) Group policy aborted. I came to this job from a Novell network, so I am kind of new to the inner workings of Winddows Server 2000. Any help would be appreciated. I know it has to be a DNS problem I guess I just don't know where to start.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DNS problem
- Thread starter dmz740
- Start date
First, you are correct that the wording of the test in the event id 1053 would indicate an issue contacting a domain controller (The specified domain either does not exist or could not be contacted). This is in contrast to wording in the effect of "a security mapping could not be done" which would indicate an issue with buffer size. To confrom this, you would need to know the hexidecimal value of the error code returned.
Second, you would need to rule out network connectivity. Can you pass ping packets? Of course you checked for blackhole routers. If not, send a series of pings with the -f paramenter to set the don't fragment bit and the -1 parameter with varying packet sizes up to the maxbuffersize plus overhead.
Next, If there's dump data in the event ID, click on dwords. If you find the dword 8007000e or 800a0007, you need to look at the MaxTokenSize and a problem with the buffer length. If you don't find it you can safely assume name resolution.
If a basic ping works, and a ping with a packet size of 1500 works, and it's not a buffer size issue, what's happened in your environment lately? Have you applied Windows 2003 SP1 or MS security hotfix MS05 019 lately? Have there been any changes to the network infrastucture latey? Router reconfiguration? New circuits or paths? Any security settings applied to switches or routers recently? A new VPN client? Any change to the don't fragment bit or the MTU size could cause problems with larger UDP packets. SMB RPC calls are all UDP traffic. Kerberos is UDP as well as DNS (in a windows environment for packets over 512 bytes by default). You would want to do a network trace to see what packets on what ports using what protocols and of what sizes are suceeding.
Second, you would need to rule out network connectivity. Can you pass ping packets? Of course you checked for blackhole routers. If not, send a series of pings with the -f paramenter to set the don't fragment bit and the -1 parameter with varying packet sizes up to the maxbuffersize plus overhead.
Next, If there's dump data in the event ID, click on dwords. If you find the dword 8007000e or 800a0007, you need to look at the MaxTokenSize and a problem with the buffer length. If you don't find it you can safely assume name resolution.
If a basic ping works, and a ping with a packet size of 1500 works, and it's not a buffer size issue, what's happened in your environment lately? Have you applied Windows 2003 SP1 or MS security hotfix MS05 019 lately? Have there been any changes to the network infrastucture latey? Router reconfiguration? New circuits or paths? Any security settings applied to switches or routers recently? A new VPN client? Any change to the don't fragment bit or the MTU size could cause problems with larger UDP packets. SMB RPC calls are all UDP traffic. Kerberos is UDP as well as DNS (in a windows environment for packets over 512 bytes by default). You would want to do a network trace to see what packets on what ports using what protocols and of what sizes are suceeding.
- Status
Similar threads
- Locked
- Question