Sign in with
Sign up | Sign in
Your question

Bad packets and invalid domain names Please help

Last response: in Windows 2000/NT
Share
Anonymous
July 26, 2005 1:35:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I am having some issues with DNS. here is my situation, i am unable to
authenticate any shares or printers on my domain, kerebos logins work fine
however the user to share SID check is not working. upon inspection my dns
log is filling with the following errors.

Event ID: 3000
Source DNS
The DNS server has encountered numerous run-time events. To determine the
initial cause of these run-time events, examine the DNS server event log
entries that precede this event. To prevent the DNS server from filling the
event log too quickly, subsequent events with Event IDs higher than 3000 will
be suppressed until events are no longer being generated at a high rate.

Event ID: 5501
Source DNS
The DNS server encountered a bad packet from X.X.X.X. Packet processing
leads beyond packet length. The event data contains the DNS packet.

Where X.X.X.X is the internal IP of my router.


Event ID: 5506
Source DNS
The DNS server encountered an invalid domain name offset in a packet from
X.X.X.X. The event data contains the DNS packet.

Event ID: 5504
Source DNS
The DNS server encountered an invalid domain name in a packet from X.X.X.X.
The packet will be rejected. The event data contains the DNS packet.

I am at a complete loss as to what i need to do next as i have never seen
this problem before.

all of the information i can find related to these event IDs typically have
to do with a problem with the ISP dns servers IP address causing the problem,
not a router.
Anonymous
July 26, 2005 6:30:00 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

The 5504 errors are usually from Exchange Server and if so are (more or less) benign. If you think the errors are from outside
resolutions through your ISPs DNS, disable forwarders in your DNS and just resolve with the root hints - this can correct the bad
packet errors and is a little more secure anyway. If you still can't track them down, you can load up Etherreal or netmon and filter
on port 53 to see what they are. However I wouldn't spend a lot of time wandering down that road unless you can determine that is
the source of the problems you are having.

At any rate, it isn't clear whether these errors, or DNS at all, has anything to do with your issues. It also isn't entirely clear
from your post what the specific problems are.

If you can post a "netdiag /fix" log from a DC and any client-side events that are being logged contemporaneiously with the
problems, it might help determine better what is going on. As a general (not absolute) rule, if a netdiag comes up clean, your
internal DNS is probably configured properly for AD.

Steve Duff,. MCSE, MVP
Ergodic Systems, Inc.

"Ken D" <KenD@discussions.microsoft.com> wrote in message news:01DD0655-229F-466F-9CB4-1480FCE21A15@microsoft.com...
>I am having some issues with DNS. here is my situation, i am unable to
> authenticate any shares or printers on my domain, kerebos logins work fine
> however the user to share SID check is not working. upon inspection my dns
> log is filling with the following errors.
>
> Event ID: 3000
> Source DNS
> The DNS server has encountered numerous run-time events. To determine the
> initial cause of these run-time events, examine the DNS server event log
> entries that precede this event. To prevent the DNS server from filling the
> event log too quickly, subsequent events with Event IDs higher than 3000 will
> be suppressed until events are no longer being generated at a high rate.
>
> Event ID: 5501
> Source DNS
> The DNS server encountered a bad packet from X.X.X.X. Packet processing
> leads beyond packet length. The event data contains the DNS packet.
>
> Where X.X.X.X is the internal IP of my router.
>
>
> Event ID: 5506
> Source DNS
> The DNS server encountered an invalid domain name offset in a packet from
> X.X.X.X. The event data contains the DNS packet.
>
> Event ID: 5504
> Source DNS
> The DNS server encountered an invalid domain name in a packet from X.X.X.X.
> The packet will be rejected. The event data contains the DNS packet.
>
> I am at a complete loss as to what i need to do next as i have never seen
> this problem before.
>
> all of the information i can find related to these event IDs typically have
> to do with a problem with the ISP dns servers IP address causing the problem,
> not a router.
Anonymous
July 27, 2005 2:17:09 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

ok here is a situation, I am use to netdiag and dcdiag being in the
tools\support directory on the CD, however this server is SBS2003. where can
i locate these files

"Steve Duff [MVP]" wrote:

> The 5504 errors are usually from Exchange Server and if so are (more or less) benign. If you think the errors are from outside
> resolutions through your ISPs DNS, disable forwarders in your DNS and just resolve with the root hints - this can correct the bad
> packet errors and is a little more secure anyway. If you still can't track them down, you can load up Etherreal or netmon and filter
> on port 53 to see what they are. However I wouldn't spend a lot of time wandering down that road unless you can determine that is
> the source of the problems you are having.
>
> At any rate, it isn't clear whether these errors, or DNS at all, has anything to do with your issues. It also isn't entirely clear
> from your post what the specific problems are.
>
> If you can post a "netdiag /fix" log from a DC and any client-side events that are being logged contemporaneiously with the
> problems, it might help determine better what is going on. As a general (not absolute) rule, if a netdiag comes up clean, your
> internal DNS is probably configured properly for AD.
>
> Steve Duff,. MCSE, MVP
> Ergodic Systems, Inc.
>
> "Ken D" <KenD@discussions.microsoft.com> wrote in message news:01DD0655-229F-466F-9CB4-1480FCE21A15@microsoft.com...
> >I am having some issues with DNS. here is my situation, i am unable to
> > authenticate any shares or printers on my domain, kerebos logins work fine
> > however the user to share SID check is not working. upon inspection my dns
> > log is filling with the following errors.
> >
> > Event ID: 3000
> > Source DNS
> > The DNS server has encountered numerous run-time events. To determine the
> > initial cause of these run-time events, examine the DNS server event log
> > entries that precede this event. To prevent the DNS server from filling the
> > event log too quickly, subsequent events with Event IDs higher than 3000 will
> > be suppressed until events are no longer being generated at a high rate.
> >
> > Event ID: 5501
> > Source DNS
> > The DNS server encountered a bad packet from X.X.X.X. Packet processing
> > leads beyond packet length. The event data contains the DNS packet.
> >
> > Where X.X.X.X is the internal IP of my router.
> >
> >
> > Event ID: 5506
> > Source DNS
> > The DNS server encountered an invalid domain name offset in a packet from
> > X.X.X.X. The event data contains the DNS packet.
> >
> > Event ID: 5504
> > Source DNS
> > The DNS server encountered an invalid domain name in a packet from X.X.X.X.
> > The packet will be rejected. The event data contains the DNS packet.
> >
> > I am at a complete loss as to what i need to do next as i have never seen
> > this problem before.
> >
> > all of the information i can find related to these event IDs typically have
> > to do with a problem with the ISP dns servers IP address causing the problem,
> > not a router.
>
>
>
Related resources
Anonymous
July 27, 2005 2:49:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Here Is dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER1

Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: frsevent
......................... SERVER1 passed test frsevent
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidati

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidati

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : HOC
Starting test: CrossRefValidation
......................... HOC passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... HOC passed test CheckSDRefDom

Running enterprise tests on : HOC.Hutchinsonoil.com
Starting test: Intersite
......................... HOC.Hutchinsonoil.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1
5
A Good Time Server could not be located.
......................... HOC.Hutchinsonoil.com failed test FsmoCheck

here is a netdiag /fix


.......................................

Computer Name: SERVER1
DNS Host Name: server1.HOC.Hutchinsonoil.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
List of installed hotfixes :
KB819696
KB822132
KB822742
KB822743
KB822744
KB822745
KB822925
KB823182
KB823353
KB823559
KB823980
KB824073
KB824105
KB824139
KB824141
KB824146
KB824151
KB825117
KB825119
KB826238
KB826936
KB828035
KB828741
KB833987
KB834707
KB835732
KB837001
KB837272
KB839645
KB840315
KB840374
KB840987
KB841356
KB841533
KB842773
KB867460
KB870763
KB871250
KB873333
KB873376
KB883935
KB883939
KB885250
KB885834
KB885835
KB885836
KB885881
KB886903
KB887797
KB888113
KB890046
KB890175
KB890859
KB890923
KB891711
KB891781
KB893066
KB893086
KB893803v2
KB896358
KB896422
KB896426
KB896428
KB897715
KB901214
KB903235
Q147222
Q828026


Netcard queries test . . . . . . . : Failed
GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'. [ERROR
D_FUNCTION]
[FATAL] - None of the netcard drivers provided satisfactory results.



Per interface results:

Adapter : Server Local Area Connection

Netcard queries test . . . : Failed
NetCard Status: UNKNOWN

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 128.127.2.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 128.127.2.3
Primary WINS Server. . . . : 192.168.16.5
Dns Servers. . . . . . . . : 128.127.2.2

IpConfig results . . . . . : Failed
Pinging the Primary WINS server 192.168.16.5 - not reachable

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '128.1
..


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


and here is a netdiag /test:D ns /v


Gathering IPX configuration information.
Querying status of the Netcard drivers... Failed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
PASS - All the DNS entries for DC are registered on DNS server
'128.127.2.2'
..

Tests complete.


Computer Name: SERVER1
DNS Host Name: server1.HOC.Hutchinsonoil.com
DNS Domain Name: HOC.Hutchinsonoil.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
Hotfixes :
Installed? Name
Yes KB819696
Yes KB822132
Yes KB822742
Yes KB822743
Yes KB822744
Yes KB822745
Yes KB822925
Yes KB823182
Yes KB823353
Yes KB823559
Yes KB823980
Yes KB824073
Yes KB824105
Yes KB824139
Yes KB824141
Yes KB824146
Yes KB824151
Yes KB825117
Yes KB825119
Yes KB826238
Yes KB826936
Yes KB828035
Yes KB828741
Yes KB833987
Yes KB834707
Yes KB835732
Yes KB837001
Yes KB837272
Yes KB839645
Yes KB840315
Yes KB840374
Yes KB840987
Yes KB841356
Yes KB841533
Yes KB842773
Yes KB867460
Yes KB870763
Yes KB871250
Yes KB873333
Yes KB873376
Yes KB883935
Yes KB883939
Yes KB885250
Yes KB885834
Yes KB885835
Yes KB885836
Yes KB885881
Yes KB886903
Yes KB887797
Yes KB888113
Yes KB890046
Yes KB890175
Yes KB890859
Yes KB890923
Yes KB891711
Yes KB891781
Yes KB893066
Yes KB893086
Yes KB893803v2
Yes KB896358
Yes KB896422
Yes KB896426
Yes KB896428
Yes KB897715
Yes KB901214
Yes KB903235
Yes Q147222
Yes Q828026


Netcard queries test . . . . . . . : Failed

Information of Netcard drivers:


---------------------------------------------------------------------------
Description: Intel(R) PRO/1000 MT Network Connection
Device: \DEVICE\{35B3C83C-B68D-4155-96C4-A15832A28911}
GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'.
[ERROR_INVALI
D_FUNCTION]

---------------------------------------------------------------------------
[FATAL] - None of the netcard drivers provided satisfactory results.



Per interface results:

Adapter : Server Local Area Connection
Adapter ID . . . . . . . . : {35B3C83C-B68D-4155-96C4-A15832A28911}

Netcard queries test . . . : Failed
NetCard Status: UNKNOWN


Global results:


Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : HOC
Dns domain name. . . . . . . . : HOC.Hutchinsonoil.com
Dns forest name. . . . . . . . : HOC.Hutchinsonoil.com
Domain Guid. . . . . . . . . . : {AC6663A5-C1B5-4D4B-BD49-7AEEB070A1B2}
Domain Sid . . . . . . . . . . : S-1-5-21-2040972775-2088865363-4077242360
Logon User . . . . . . . . . . : .admin
Logon Domain . . . . . . . . . : HOC


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
Interface {35B3C83C-B68D-4155-96C4-A15832A28911}
DNS Domain:
DNS Servers: 128.127.2.2
IP Address: Expected registration with PDN (primary DNS
domain n
ame):
Hostname: server1.HOC.Hutchinsonoil.com.
Authoritative zone: HOC.Hutchinsonoil.com.
Primary DNS server: server1.HOC.Hutchinsonoil.com 128.127.2.2
Authoritative NS:128.127.2.2
Check the DNS registration for DCs entries on DNS server '128.127.2.2'
The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

The Record is correct on DNS server '128.127.2.2'.

PASS - All the DNS entries for DC are registered on DNS server
'128.127.2.2'
..


The command completed successfully

Thank You For Your Help
Anonymous
July 28, 2005 2:02:12 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Ken:

We need to get the time service problem fixed. The lack of a reliable time source for the domain
will cause all sorts of obscure problems with functions that depend on an accurate time source.
Either the time service isn't working or the PDC role server itself is missing or misconfigured in AD.

First, check that the server's date, time and time zone are all correct. Be sure to check the time zone
as this is easy to overlook and will cause trouble if wrong.

Next, check that the "Windows Time Service" is set to "Automatic" in services, and running. If not, see
if you can start it. If it will not stay running there should be an event in the system event log giving a reason.

Finally, we need to sync the DC to an outside time source. The command "net time /setsntp:<server>"
will set the external time source to an outside server (e.g. net time /setsntp:ntp.ucsd.edu ). You can use
the w32tm command to check the time service, but there are some differences between 2000 and 2003,
the details are here, depending (watch the URL wrap):

http://msdn.microsoft.com/library/default.asp?url=/libr...
http://www.microsoft.com/technet/prodtechnol/windowsser...

If you've fixed the time service problem then a dcdiag should now pass the advertising test and FSMO role
check. (I'm not concerned about the netcard test since the network - I am assuming - is working, but you may
want to look into this as a driver update issue.)

If the time service isn't the problem, then it the PDC emulator "FSMO" role itself is likely the problem.

Open AD Users and Computers, and right-click on the domain name at the top of the tree. Select
"operations masters" and click the "PDC" tab. This will show you FQDN of the server that active
directory has assigned as the PDC emulator. If this is not a functioning DC it will have to be fixed, so post
back in that case.

At the moment I don't see any DNS-related configuration problems. It is possible there is something
else underneath your time service problem, but that has to be corrected first.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"Ken D" <KenD@discussions.microsoft.com> wrote in message news:C8697F02-C13B-4C0D-9913-2F9C12D5FCB4@microsoft.com...
> Here Is dcdiag /fix
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SERVER1
>
> Starting test: Connectivity
> ......................... SERVER1 passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SERVER1
> Starting test: Replications
> ......................... SERVER1 passed test Replications
> Starting test: NCSecDesc
> ......................... SERVER1 passed test NCSecDesc
> Starting test: NetLogons
> ......................... SERVER1 passed test NetLogons
> Starting test: Advertising
> Warning: SERVER1 is not advertising as a time server.
> ......................... SERVER1 failed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... SERVER1 passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... SERVER1 passed test RidManager
> Starting test: MachineAccount
> ......................... SERVER1 passed test MachineAccount
> Starting test: Services
> IsmServ Service is stopped on [SERVER1]
> ......................... SERVER1 failed test Services
> Starting test: ObjectsReplicated
> ......................... SERVER1 passed test ObjectsReplicated
> Starting test: frssysvol
> ......................... SERVER1 passed test frssysvol
> Starting test: frsevent
> ......................... SERVER1 passed test frsevent
> Starting test: kccevent
> ......................... SERVER1 passed test kccevent
> Starting test: systemlog
> ......................... SERVER1 passed test systemlog
> Starting test: VerifyReferences
> ......................... SERVER1 passed test VerifyReferences
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test CrossRefValidati
>
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test CheckSDRefDom
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test CrossRefValidati
>
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test CrossRefValidatio
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : HOC
> Starting test: CrossRefValidation
> ......................... HOC passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... HOC passed test CheckSDRefDom
>
> Running enterprise tests on : HOC.Hutchinsonoil.com
> Starting test: Intersite
> ......................... HOC.Hutchinsonoil.com passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1
> 5
> A Good Time Server could not be located.
> ......................... HOC.Hutchinsonoil.com failed test FsmoCheck
>
> here is a netdiag /fix
>
>
> ......................................
>
> Computer Name: SERVER1
> DNS Host Name: server1.HOC.Hutchinsonoil.com
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
> List of installed hotfixes :
> KB819696
> KB822132
> KB822742
> KB822743
> KB822744
> KB822745
> KB822925
> KB823182
> KB823353
> KB823559
> KB823980
> KB824073
> KB824105
> KB824139
> KB824141
> KB824146
> KB824151
> KB825117
> KB825119
> KB826238
> KB826936
> KB828035
> KB828741
> KB833987
> KB834707
> KB835732
> KB837001
> KB837272
> KB839645
> KB840315
> KB840374
> KB840987
> KB841356
> KB841533
> KB842773
> KB867460
> KB870763
> KB871250
> KB873333
> KB873376
> KB883935
> KB883939
> KB885250
> KB885834
> KB885835
> KB885836
> KB885881
> KB886903
> KB887797
> KB888113
> KB890046
> KB890175
> KB890859
> KB890923
> KB891711
> KB891781
> KB893066
> KB893086
> KB893803v2
> KB896358
> KB896422
> KB896426
> KB896428
> KB897715
> KB901214
> KB903235
> Q147222
> Q828026
>
>
> Netcard queries test . . . . . . . : Failed
> GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'. [ERROR
> D_FUNCTION]
> [FATAL] - None of the netcard drivers provided satisfactory results.
>
>
>
> Per interface results:
>
> Adapter : Server Local Area Connection
>
> Netcard queries test . . . : Failed
> NetCard Status: UNKNOWN
>
> Host Name. . . . . . . . . : server1
> IP Address . . . . . . . . : 128.127.2.2
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 128.127.2.3
> Primary WINS Server. . . . : 192.168.16.5
> Dns Servers. . . . . . . . : 128.127.2.2
>
> IpConfig results . . . . . : Failed
> Pinging the Primary WINS server 192.168.16.5 - not reachable
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
>
> WINS service test. . . . . : Failed
> The test failed. We were unable to query the WINS servers.
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Passed
> PASS - All the DNS entries for DC are registered on DNS server '128.1
> .
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
> The browser is bound to 1 NetBt transport.
>
>
> DC discovery test. . . . . . . . . : Passed
>
>
> DC list test . . . . . . . . . . . : Passed
>
>
> Trust relationship test. . . . . . : Skipped
>
>
> Kerberos test. . . . . . . . . . . : Passed
>
>
> LDAP test. . . . . . . . . . . . . : Passed
>
>
> Bindings test. . . . . . . . . . . : Passed
>
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
>
>
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed information
>
>
> and here is a netdiag /test:D ns /v
>
>
> Gathering IPX configuration information.
> Querying status of the Netcard drivers... Failed
> Testing Domain membership... Passed
> Gathering NetBT configuration information.
> Testing DNS
> PASS - All the DNS entries for DC are registered on DNS server
> '128.127.2.2'
> .
>
> Tests complete.
>
>
> Computer Name: SERVER1
> DNS Host Name: server1.HOC.Hutchinsonoil.com
> DNS Domain Name: HOC.Hutchinsonoil.com
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
> Hotfixes :
> Installed? Name
> Yes KB819696
> Yes KB822132
> Yes KB822742
> Yes KB822743
> Yes KB822744
> Yes KB822745
> Yes KB822925
> Yes KB823182
> Yes KB823353
> Yes KB823559
> Yes KB823980
> Yes KB824073
> Yes KB824105
> Yes KB824139
> Yes KB824141
> Yes KB824146
> Yes KB824151
> Yes KB825117
> Yes KB825119
> Yes KB826238
> Yes KB826936
> Yes KB828035
> Yes KB828741
> Yes KB833987
> Yes KB834707
> Yes KB835732
> Yes KB837001
> Yes KB837272
> Yes KB839645
> Yes KB840315
> Yes KB840374
> Yes KB840987
> Yes KB841356
> Yes KB841533
> Yes KB842773
> Yes KB867460
> Yes KB870763
> Yes KB871250
> Yes KB873333
> Yes KB873376
> Yes KB883935
> Yes KB883939
> Yes KB885250
> Yes KB885834
> Yes KB885835
> Yes KB885836
> Yes KB885881
> Yes KB886903
> Yes KB887797
> Yes KB888113
> Yes KB890046
> Yes KB890175
> Yes KB890859
> Yes KB890923
> Yes KB891711
> Yes KB891781
> Yes KB893066
> Yes KB893086
> Yes KB893803v2
> Yes KB896358
> Yes KB896422
> Yes KB896426
> Yes KB896428
> Yes KB897715
> Yes KB901214
> Yes KB903235
> Yes Q147222
> Yes Q828026
>
>
> Netcard queries test . . . . . . . : Failed
>
> Information of Netcard drivers:
>
>
> ---------------------------------------------------------------------------
> Description: Intel(R) PRO/1000 MT Network Connection
> Device: \DEVICE\{35B3C83C-B68D-4155-96C4-A15832A28911}
> GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'.
> [ERROR_INVALI
> D_FUNCTION]
>
> ---------------------------------------------------------------------------
> [FATAL] - None of the netcard drivers provided satisfactory results.
>
>
>
> Per interface results:
>
> Adapter : Server Local Area Connection
> Adapter ID . . . . . . . . : {35B3C83C-B68D-4155-96C4-A15832A28911}
>
> Netcard queries test . . . : Failed
> NetCard Status: UNKNOWN
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
> Machine is a . . . . . . . . . : Primary Domain Controller Emulator
> Netbios Domain name. . . . . . : HOC
> Dns domain name. . . . . . . . : HOC.Hutchinsonoil.com
> Dns forest name. . . . . . . . : HOC.Hutchinsonoil.com
> Domain Guid. . . . . . . . . . : {AC6663A5-C1B5-4D4B-BD49-7AEEB070A1B2}
> Domain Sid . . . . . . . . . . : S-1-5-21-2040972775-2088865363-4077242360
> Logon User . . . . . . . . . . : .admin
> Logon Domain . . . . . . . . . : HOC
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
> 1 NetBt transport currently configured.
>
>
> DNS test . . . . . . . . . . . . . : Passed
> Interface {35B3C83C-B68D-4155-96C4-A15832A28911}
> DNS Domain:
> DNS Servers: 128.127.2.2
> IP Address: Expected registration with PDN (primary DNS
> domain n
> ame):
> Hostname: server1.HOC.Hutchinsonoil.com.
> Authoritative zone: HOC.Hutchinsonoil.com.
> Primary DNS server: server1.HOC.Hutchinsonoil.com 128.127.2.2
> Authoritative NS:128.127.2.2
> Check the DNS registration for DCs entries on DNS server '128.127.2.2'
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> The Record is correct on DNS server '128.127.2.2'.
>
> PASS - All the DNS entries for DC are registered on DNS server
> '128.127.2.2'
> .
>
>
> The command completed successfully
>
> Thank You For Your Help
Anonymous
July 29, 2005 3:00:18 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23KuA6FzkFHA.572@TK2MSFTNGP15.phx.gbl,
Steve Duff [MVP] <ergodic@ergodic-systems.com> stated, which I then
commented on below:
> Ken:
>
> We need to get the time service problem fixed. The lack of a reliable
> time source for the domain will cause all sorts of obscure problems with
> functions that depend
> on an accurate time source. Either the time service isn't working or the
> PDC role server itself
> is missing or misconfigured in AD.
> First, check that the server's date, time and time zone are all
> correct. Be sure to check the time zone as this is easy to overlook and
> will cause trouble if wrong.
>
> Next, check that the "Windows Time Service" is set to "Automatic" in
> services, and running. If not, see if you can start it. If it will not
> stay running there should be an
> event in the system event log giving a reason.
> Finally, we need to sync the DC to an outside time source. The
> command "net time /setsntp:<server>" will set the external time source to
> an outside server (e.g. net time
> /setsntp:ntp.ucsd.edu ). You can use the w32tm command to check the time
> service, but there are some
> differences between 2000 and 2003, the details are here, depending (watch
> the URL wrap):
>
> http://msdn.microsoft.com/library/default.asp?url=/libr...
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> If you've fixed the time service problem then a dcdiag should now
> pass the advertising test and FSMO role check. (I'm not concerned about
> the netcard test since the network -
> I am assuming - is working, but you may want to look into this as a driver
> update issue.)
>
> If the time service isn't the problem, then it the PDC emulator
> "FSMO" role itself is likely the problem.
> Open AD Users and Computers, and right-click on the domain name at
> the top of the tree. Select "operations masters" and click the "PDC"
> tab. This will show you FQDN of the server that active directory has
> assigned as the PDC emulator. If this is not a
> functioning DC it will have to be fixed, so post back in that case.
>
> At the moment I don't see any DNS-related configuration problems. It
> is possible there is something else underneath your time service problem,
> but that has to be
> corrected first.
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.


Steve, good point about the time service and AD's Kerberos service's
reliance on it.

But just to point out, I saw a mix of referenced public IPs and private IPs
in the ipconfig in the netdiag:

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 128.127.2.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 128.127.2.3
Primary WINS Server. . . . : 192.168.16.5
Dns Servers. . . . . . . . : 128.127.2.2

IpConfig results . . . . . : Failed
Pinging the Primary WINS server 192.168.16.5 - not reachable

If this is the case, where two DCs (or a DC on one side, and clients on the
other) are on opposite sides of a NAT device, AD communication will not
function across a NAT, unless there's a VPN created between them to allow
communication.

Just for the poster's benefit, NAT cannot traverse LDAP, RPC and Kerberos
calls.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Anonymous
July 29, 2005 3:24:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Way good catch - completely missed that.

Since it's the only place where that address shows up and isn't reachable my guess is
that it is probably just a dud IP leftover from days of yore. I don't think it would
explain the other symptoms, but it definitely should be pulled out. WINS is
unnecessary to resolve any of these problems.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message
news:o OJP94ElFHA.2916@TK2MSFTNGP14.phx.gbl...
> In news:%23KuA6FzkFHA.572@TK2MSFTNGP15.phx.gbl,
> Steve Duff [MVP] <ergodic@ergodic-systems.com> stated, which I then commented on below:
>> Ken:
>>
>> We need to get the time service problem fixed. The lack of a reliable
>> time source for the domain will cause all sorts of obscure problems with functions that depend
>> on an accurate time source. Either the time service isn't working or the PDC role server itself
>> is missing or misconfigured in AD.
>> First, check that the server's date, time and time zone are all
>> correct. Be sure to check the time zone as this is easy to overlook and will cause trouble if wrong.
>>
>> Next, check that the "Windows Time Service" is set to "Automatic" in
>> services, and running. If not, see if you can start it. If it will not stay running there should be an
>> event in the system event log giving a reason.
>> Finally, we need to sync the DC to an outside time source. The
>> command "net time /setsntp:<server>" will set the external time source to an outside server (e.g. net time
>> /setsntp:ntp.ucsd.edu ). You can use the w32tm command to check the time service, but there are some
>> differences between 2000 and 2003, the details are here, depending (watch the URL wrap):
>>
>> http://msdn.microsoft.com/library/default.asp?url=/libr...
>> http://www.microsoft.com/technet/prodtechnol/windowsser...
>>
>> If you've fixed the time service problem then a dcdiag should now
>> pass the advertising test and FSMO role check. (I'm not concerned about the netcard test since the network -
>> I am assuming - is working, but you may want to look into this as a driver update issue.)
>>
>> If the time service isn't the problem, then it the PDC emulator
>> "FSMO" role itself is likely the problem.
>> Open AD Users and Computers, and right-click on the domain name at
>> the top of the tree. Select "operations masters" and click the "PDC"
>> tab. This will show you FQDN of the server that active directory has assigned as the PDC emulator. If this is not a
>> functioning DC it will have to be fixed, so post back in that case.
>>
>> At the moment I don't see any DNS-related configuration problems. It
>> is possible there is something else underneath your time service problem, but that has to be
>> corrected first.
>> Steve Duff, MCSE, MVP
>> Ergodic Systems, Inc.
>
>
> Steve, good point about the time service and AD's Kerberos service's reliance on it.
>
> But just to point out, I saw a mix of referenced public IPs and private IPs in the ipconfig in the netdiag:
>
> Host Name. . . . . . . . . : server1
> IP Address . . . . . . . . : 128.127.2.2
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 128.127.2.3
> Primary WINS Server. . . . : 192.168.16.5
> Dns Servers. . . . . . . . : 128.127.2.2
>
> IpConfig results . . . . . : Failed
> Pinging the Primary WINS server 192.168.16.5 - not reachable
>
> If this is the case, where two DCs (or a DC on one side, and clients on the other) are on opposite sides of a NAT device, AD
> communication will not function across a NAT, unless there's a VPN created between them to allow communication.
>
> Just for the poster's benefit, NAT cannot traverse LDAP, RPC and Kerberos calls.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
Anonymous
July 30, 2005 5:23:03 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:e3WUNrGlFHA.2920@TK2MSFTNGP14.phx.gbl,
Steve Duff [MVP] <ergodic@ergodic-systems.com> made this post, which I then
commented about below:
> Way good catch - completely missed that.
>
> Since it's the only place where that address shows up and isn't
> reachable my guess is that it is probably just a dud IP leftover from days
> of yore. I don't
> think it would explain the other symptoms, but it definitely should be
> pulled out.
> WINS is unnecessary to resolve any of these problems.
>
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.

Thanks.

I agree WINS is useless here and should be removed. But I'm curious if
there's another card on the machine or if the machine is or was on a
multi-subnetted wire?

Not that it would make a difference, but would the bad WINS address
contribute to the netdiag [ERROR D_FUNCTION] of the NIC test in the results?
I originally thought netdiag uses DNS, but maybe not, but since the WINS
server is not reachable, I don't think it matters and wouldn have anything
to do with failing the NIC test. I searched on that error, but couldn't find
what it is or what can cause it.

Back to the original post with the 5504 errors, that usually indicates an
illegal character in a host name. But what's strange is it's coming from the
router, so maybe an outside source is causing it and causing the NIC test to
fail.
http://www.eventid.net/display.asp?eventid=5504&eventno...

I've also seen *similar* issues (not saying it's the cause here), in the
past with NICs when an SQL server got slammed with the Slammer and it just
flooded the entire network and affected every machine due to the useless UDP
broadcasts.

Ace
!