Hi
We have 2 windows 2008 vmware servers that once a day stop authenticating users they are member servers in a windows 2003 domain. We get these errors in the event log
Event ID: 5719 This computer was not able to set up a secure session with a domain controller in domain xxxxx due to the following:
The RPC server is unavailable.
and
Event ID: 1030 The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer
The AD controllers have there dynamic RPC range restricted to 49000 - 49099 this is due to some other servers in a DMZ but I am not sure if this is correct setting on the DC's as i thought only the server in the DC needed its dynamic range restricting.
Is it the AD controller that request the dynamic rpc port number from the member server or does the member server request the dynamic port number form the AD controller?
As the RPC range for windows 2008 is 49152 - 65535 which is higher than our current range i presume that this is causing the problem and do not understand how the server managed to join the domain and sometime work due to this.
I need to understand if I can remove the Dynamic RPC restriction from the AD controllers and if it will have any impact on the member servers in the DMZ as they have also got the same dynamic rpc range set
Thanks
We have 2 windows 2008 vmware servers that once a day stop authenticating users they are member servers in a windows 2003 domain. We get these errors in the event log
Event ID: 5719 This computer was not able to set up a secure session with a domain controller in domain xxxxx due to the following:
The RPC server is unavailable.
and
Event ID: 1030 The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer
The AD controllers have there dynamic RPC range restricted to 49000 - 49099 this is due to some other servers in a DMZ but I am not sure if this is correct setting on the DC's as i thought only the server in the DC needed its dynamic range restricting.
Is it the AD controller that request the dynamic rpc port number from the member server or does the member server request the dynamic port number form the AD controller?
As the RPC range for windows 2008 is 49152 - 65535 which is higher than our current range i presume that this is causing the problem and do not understand how the server managed to join the domain and sometime work due to this.
I need to understand if I can remove the Dynamic RPC restriction from the AD controllers and if it will have any impact on the member servers in the DMZ as they have also got the same dynamic rpc range set
Thanks
