SBS 2008 Sp2 Global catalog problems

[Flinx]

We just did a migration from Windows server 2003 sp2 to Small business server 2008. The migration did not, and is not going well. There are global catalog issues, specifically the following errors repeat every hour on the 2008 server:

Active Directory Domain Services has located a global catalog in the following site.

Global catalog:
\\SERVER.domain.local
Site:
Default-First-Site-Name
-----------------------------------------
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.

Global catalog:
\\SERVER.domain.local

The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.

Additional Data
Error value:
1722 The RPC server is unavailable.
-----------------------------------------------------
Active Directory Domain Services was unable to establish a connection with the global catalog.

Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200ce6

User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
--------------------------------------------------

There do not appear to be any error messages relating to the GC on the 2003 server. I have follow the diagnostics per this document

http://technet.microsoft.com/en-us/library/cc756476(WS.10).aspx

Both servers can communicate on port 389 but not 3268. There are no firewalls between them. All other replication is working fine.

On the 2008 server if you ping it by name you get a response like this:
Pinging SERVER.domain.local [fe80::7ce7:57fd:8dea:2e8a%10] from fe80::7ce7:57
fd:8dea:2e8a%10 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for fe80::7ce7:57fd:8dea:2e8a%10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

The server does not respond to itself with an ipv4 address.

Pinging from the other server gets this response:
Pinging server.domain.local [10.0.0.25] with 32 bytes of data:

Reply from 10.0.0.25: bytes=32 time<1ms TTL=128
Reply from 10.0.0.25: bytes=32 time<1ms TTL=128
Reply from 10.0.0.25: bytes=32 time<1ms TTL=128
Reply from 10.0.0.25: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.0.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Starting over is not an option at this time as one of our techs removed exchange from the old server before testing what would happen if the server was disconnected from the network. We had to manually recreate the GC on the new server (53 users).

SO as you can see this is a real CF.

Any serious suggestions?

 

[ShackDaddy]

This may be salvageable.

First, I can't tell from the above what the name of the old DC is and what the name of the new SBS 2008 DC is? Which one is "server"? Sounds like it may be the 2008 box.

Does the SBS 2008 server only have a single NIC, and any other NIC is actually disabled, not just disconnected?

Can the 2008 server ping itself by IPv4 address? What happens why you do this: "ping server.domain.local -4" ?

Do an "NBTSTAT -R" to purge and reload the local cache and then do an "NBTSTAT -n" and paste the results.

Manually creating the GC should only have involved adding that role, correct? And not having to manually create the accounts? I assume that you set up the SBS 2008 box in migration mode and had it join the existing domain, right? And if you got far enough to remove Exchange from the old server, you would have definitely been far enough to migrate mailboxes, and that would have required a synchronized AD. So maybe this isn't the route you took: how did you get here?

Dave Shackelford
ThirdTier.net

 

[Flinx]

old 2003 servers name is server1, new 2008 servers name is server.

2008 server has 2 nics, second is disabled, disconnected and has no ip address.

VPN is setup and active on 10.0.0.84.

pinging 2008 server with -4 returns the correct ip address 10.0.0.25.

Local Area Connection:
Node IpAddress: [10.0.0.25] Scope Id: []

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
SERVER <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
DOMAIN <1C> GROUP Registered
SERVER <20> UNIQUE Registered
DOMAIN <1B> UNIQUE Registered

Manually creating the GC may not be exactly what we did. Here is the instructions I was given
-------------------------------------------
Preparations --
Directions for mailbox reconnect:

Open up Exchange Management Shell
Run: Get-MailboxStatistics | ft Displayname, MailboxGUID

Open up another Exchange Management Shell
Run: Get-MailboxStatistics | fl Displayname, LegacyDN

Go to

http://www.joeware.net/freetools/tools/adfind/index.htm

and download adfind. Extract somewhere accessible. It's already on the desktop for administrator

Open up

http://www.asciitable.com/

Keep it handy.

Actual work --
Open up adsiedit.msc
Connect to the default configuration
Drill down through the OUs to where the user is Pull up the properties on the user and edit them as listed:

homeMTA CN=Microsoft MTA,CN=SERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local

Note on this one you need to change it to match what is displayed from the second powershell command I had you run i.e. for Joe User the last part was changed to /cn=joe
legacyExchangeDN /o=first organization/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=juser

Change to the same value you used earlier i.e. joe user is Joe mailNickname juser

Increment this one by 500
msExchALObjectVersion 50

msExchHomeServerName /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SERVER

For this one first consult the first EMS window I had you open. Find the MailboxGUID for the user, such as for Joe it is 98ee00d7-df19-4282-bedf-3a1340b8b7c0
Open up a command prompt and go to where you extracted adfind.
Run, replacing the GUID with the one you copied from EMS: adfind -gc -b "" -binenc -f " msExchMailboxGUID={{GUID:98ee00d7-df19-4282-bedf-3a1340b8b7c0}}" -dn

Take the output of msExchMailboxGUID \D7\00\EE\98\19\DF\82B\BE\DF\3A\13\40\B8\B7\C0
and convert it to hex, using the asciitable.com site. Here is how Joe's breaks down:

\D7\00\EE\98\19\DF\82B\BE\DF\3A\13\40\B8\B7\C0

D7 00 EE 98 19 DF 82 42 BE DF 3A 13 40 B8 B7 C0

And one other:

T\BA\A04l\B8\EEM\9F\D6\40m\25\08\CE\A0

54 BA A0 34 6C B8 EE 4D 9F D6 40 6D 25 08 CE A0

Basically, if it looks like hex, leave it, if not then convert it with the table. Take the resulting value and paste it into this attribute as hex. Make sure you have hex selected as the type.
msExchMailboxGuid

Now open up another Exchange Management Shell and run for your user:
Set-Mailbox "Joe User" -ApplyMandatoryProperties

You're done!

-------------------------------------------
As for whether the 2008 is in migration mode, I would have to ask, as I did not participate in the part of the migration.

AD appears to be syncing, the only thing the 2008 server complains about is the GC.

When we took over this account the internal ip's were 3.100.10.x I have no Idea why as those ip's belong to G.E. We also suspect that the previous IT guy had hacked in somehow and was screwing things up, but as of yet can not find any proof of this, there were just too many things screwed up and weird coincidences. Several users had domain admin rights (since revoked). All unaccounted accounts disabled. All former employee accounts disabled. All user passwords changed (though some may have been changed back). Firewall locked down and password changed.

Both servers had their GC deselected in Active directory sites and services at some point during the migration (no one admits to doing this).

As for how did I get here... I wish I knew.

We recently did a migration to 2008 and exchange 2007 for a 300 user network without a hitch, our same tech was lead on that job that did this one.

 

[ShackDaddy]

Nightmare.

Check out this article, maybe it's a lead:

http://technet.microsoft.com/en-us/library/dd391965(WS.10).aspx

You don't have any sort of AV installed on the 2008 box, right? If so, try uninstalling the agent (not the management bits), rebooting, and testing again.

What does a DCDIAG show you?

Dave Shackelford
ThirdTier.net

 

[Flinx]

we will check into the article mentioned.

There is no AV on the new server.

Disabling AV on the old server made no difference.

Here is the DCDIAG
--------------------------------------------------

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

* Verifying that the local machine SERVER, is a Directory Server.
Home Server = SERVER

* Connecting to directory service on server SERVER.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 2 DC(s). Testing 1 of them.

Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site-Name\SERVER

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERVER passed test Connectivity



Doing primary tests


Testing server: Default-First-Site-Name\SERVER

Starting test: Advertising

The DC SERVER is advertising itself as a DC and having a DS.
The DC SERVER is advertising as an LDAP server
The DC SERVER is advertising as having a writeable directory
The DC SERVER is advertising as a Key Distribution Center
The DC SERVER is advertising as a time server
The DS SERVER is advertising as a GC.
......................... SERVER passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
An Warning Event occurred. EventID: 0x800034FF

Time Generated: 10/21/2009 18:25:48

Event String:

File Replication Service has detected and suppressed an average of 15 or more file updates every hour for the last 3 hours because the updates did not change the contents of the file. The tracking records in FRS debug logs will have the filename and event time for the suppressed updates. The tracking records have the date and time followed by :T: as their prefix.



Updates that do not change the content of the file are suppressed to prevent unnecessary replication traffic. Following are common examples of updates that do not change the contents of the file.



[1] Overwriting a file with a copy of the same file.

[2] Setting the same ACLs on a file multiple times.

[3] Restoring an identical copy of the file over an existing one.



Suppression of updates can be disabled by running regedit.



Click on Start, Run and type regedit.



Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, and create or update the value "Suppress Identical Updates To Files" to 0 (Default is 1) to force identical updates to replicate.

......................... SERVER passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... SERVER passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVER passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
......................... SERVER passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC SERVER on DC SERVER.
* SPN found :LDAP/SERVER.domain.local/domain.local
* SPN found :LDAP/SERVER.domain.local
* SPN found :LDAP/SERVER
* SPN found :LDAP/SERVER.domain.local/DOMAIN
* SPN found :LDAP/d4b06fa0-eb0e-4a13-83bb-d6dfd1f03d00._msdcs.domain.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d4b06fa0-eb0e-4a13-83bb-d6dfd1f03d00/domain.local
* SPN found :HOST/SERVER.domain.local/domain.local
* SPN found :HOST/SERVER.domain.local
* SPN found :HOST/SERVER
* SPN found :HOST/SERVER.domain.local/DOMAIN
* SPN found :GC/SERVER.domain.local/domain.local
......................... SERVER passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC SERVER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for

DC=ForestDnsZones,DC=domain,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=domain,DC=local
* Security Permissions Check for

DC=DomainDnsZones,DC=domain,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=domain,DC=local
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=domain,DC=local
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=domain,DC=local
(Configuration,Version 3)
* Security Permissions Check for

DC=domain,DC=local
(Domain,Version 3)
......................... SERVER failed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\SERVER\netlogon
Verified share \\SERVER\sysvol
......................... SERVER passed test NetLogons

Starting test: ObjectsReplicated

SERVER is in domain DC=domain,DC=local
Checking for CN=SERVER,OU=Domain Controllers,DC=domain,DC=local in domain DC=domain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local in domain CN=Configuration,DC=domain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SERVER passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
......................... SERVER passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 2109 to 1073741823
* SERVER.domain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1609 to 2108
* rIDPreviousAllocationPool is 1609 to 2108
* rIDNextRID: 1653
......................... SERVER passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER passed test Services

Starting test: SystemLog

* The System Event log test
An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:37:10

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:37:52

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:38:34

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:39:16

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0x0000041A

Time Generated: 10/22/2009 07:39:56

Event String:

The DHCP/BINL service on the local machine encountered a network error. The error was: 0x 2.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:39:58

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:40:40

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:41:22

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:42:04

Event String:

DCOM was unable to communicate with the computer JeanD630Laptop.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:46:58

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:48:40

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:50:22

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0x00000457

Time Generated: 10/22/2009 07:50:28

Event String:

Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 10/22/2009 07:50:29

Event String:

Driver EPSON Stylus CX7800 Series required for printer EPSON Stylus CX7800 Series is unknown. Contact the administrator to install the driver before you log in again.

An Error Event occurred. EventID: 0x00000457

Time Generated: 10/22/2009 07:50:32

Event String:

Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:52:04

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:53:46

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:55:28

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:57:10

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

An Error Event occurred. EventID: 0xC0002719

Time Generated: 10/22/2009 07:58:52

Event String:

DCOM was unable to communicate with the computer DXLJ13C1.domain.local using any of the configured protocols.

......................... SERVER failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=SERVER,OU=Domain Controllers,DC=domain,DC=local and backlink on

CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local

and backlink on

CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
......................... SERVER passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Test omitted by user request: DNS

Test omitted by user request: DNS


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : domain

Starting test: CheckSDRefDom

......................... domain passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... domain passed test CrossRefValidation


Running enterprise tests on : domain.local

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\SERVER.domain.local

Locator Flags: 0xe00013fd
PDC Name: \\SERVER.domain.local
Locator Flags: 0xe00013fd
Time Server Name: \\SERVER.domain.local
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\SERVER.domain.local
Locator Flags: 0xe00013fd
KDC Name: \\SERVER.domain.local
Locator Flags: 0xe00013fd
......................... domain.local passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... domain.local passed test Intersite

-----------------------------------------------------------------------------

 

[Flinx]

looked at this article

http://technet.microsoft.com/en-us/library/dd391965(WS.10).aspx

Checked and the registry and group policy is clean, though the GC A address was not registered. Address is now registered.

 

[ShackDaddy]

On a functional level, is there anything not working? Beyond the events and the inability to conduct a local ping with IPv6, are there any issues?

Dave Shackelford
ThirdTier.net

 

[Flinx]

Well..... No.

 

[Flinx]

Actually it takes about 2 minutes to log into the server. When we get properties on a user or object SIDs take a long time to resolve to actual names.

 

[ShackDaddy]

When you temporarily disable the Windows Firewall on the 2008 server, are you able to ping the local server name, even though it uses IPv6? It's normal for it to use IPv6, but not normal for it to fail, even with the firewall up.

You might try leaving the firewall down for a few hours and see if you have any of the slowness problems. If they go away, you could enable logging and notification on the firewall and turn it back on, and use the logs to tell you what's being blocked so that you could create custom rules to resolve the issue.

Dave Shackelford
ThirdTier.net

 

[Flinx]

The 2008 Servers Firewall service is running, but the firewall is, and has been off.

 

[ShackDaddy]

OK...weird.

Since you refreshed the NetBIOS stuff, have you restarted the server or restarted the NetLogon service? Could you do that and see what sorts of errors show up in the event log? Are you continuing to get the same GC errors every hour?

Dave Shackelford
ThirdTier.net

 

[Flinx]

I did restart netlogon around 8:45am. I just did it again. There have been the same errors in the Active Directory Domain Services log. They occur every our starting at 4 minutes after the hour, now five minutes. The latest occurred at 13:06 5 minutes after I restarted netlogon.

The following information event just showed up at the same time in the applications log
---------------------------
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2084). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
SERVER1.domain.local CDG 1 7 7 1 0 1 1 7 1
SERVER.domain.local CDG 1 0 0 1 0 0 0 0 0
Out-of-site:
-------------------------------

 

[Flinx]

I just noticed the Microsoft Exchange Service Host service which was setup to start automatically was not running. when I started i,t I got these messages in the event viewers:

The Microsoft Exchange Service Host service entered the running state.

The Microsoft Exchange Service Host service terminated unexpectedly. It has done this 4 time(s).

Watson report about to be sent to dw20.exe for process id: 11784, with parameters: E12, c-RTL-AMD64, 08.01.0393.001, M.E.ServiceHost, mscorlib, M.W.RegistryKey.OpenSubKey, S.Security.SecurityException, fe5e, 02.00.50727.4200. ErrorReportingEnabled: False

 

[ShackDaddy]

Just in case, check this thread:

http://social.technet.microsoft.com...l/thread/214ec3f8-96d0-41cb-9b2a-3e700b80d2fc

Dave Shackelford
ThirdTier.net

 

[Flinx]

Looked into the thread above. Did not entirely apply. only thing missing from the folder was the web.config file. I copied it over from another server, but made no difference.

 

[Flinx]

After much googleing We believe the original problems may be caused by IPV6 we will disable it tomorrow and see what happens.

 

[ShackDaddy]

You will probably be in trouble if you disable IPv6. Once you disable it, your next reboot may take 40 minutes to get to a logon prompt. I've done this on an SBS 2008 box before, and it wasn't a solution to anything.

What you might want to do is look at your IPv6 settings, comparing them with a live, problem-free SBS 2008 box, and adjusting them as needed, but I would not disable it.

Do you have production SBS 2008 boxes to compare with? Normally the IPv6 IP is set statically.

Dave Shackelford
ThirdTier.net

 

[Flinx]

My tech assures me he has done this before and absolutely nothing will go wrong......

 

[ShackDaddy]

I guess as long as he follows these steps, he should be fine:

http://blogs.technet.com/sbs/archiv...r-disabling-ipv6-on-your-nic-on-sbs-2008.aspx

Dave Shackelford
ThirdTier.net