Hi geeks,
Recently I have identified an issue wherein one of my DR server was logging event ID 1054 and Event ID 5719 in the eventlog. Server was not able to make secure channel with the DC. I tried to do telnet my DC on port 445(for netlogon) but was unfortunate. On my further investigation I found that if you keep doing telnetting continuosly ,it will connect it to your DC. This shows that there is a leak either in kernel or a problem lies with the phyical NIC/Switch Port.
I did some below precheck before moving to resolution:
Resolution :
I found that there is kernel socket leak happening within the server.I applied the below hotfix and it worked as expected. Thereafter didn't see any authentication issues with the server.
NOTE : This issue is only related to microsoft windows server 2008R2 enterprise SP1.
Have a great Day !!
Recently I have identified an issue wherein one of my DR server was logging event ID 1054 and Event ID 5719 in the eventlog. Server was not able to make secure channel with the DC. I tried to do telnet my DC on port 445(for netlogon) but was unfortunate. On my further investigation I found that if you keep doing telnetting continuosly ,it will connect it to your DC. This shows that there is a leak either in kernel or a problem lies with the phyical NIC/Switch Port.
I did some below precheck before moving to resolution:
Prechecks/confirmation
of issue :
1. Ping domain controllers
2. Do ns lookup
3. Check DNS IP provided to the server
4. Run nltest /sc_verify:domain name in command
prompt. This command checks the secure channel is being established to the
DC via DNS>sites and services>nearest DC. If found successfully then run nltest /sc_reset:domain name . This will change the DC
authentication to a new DC from the existing one. DO this many times and
analyse the result . if its changing dc then secure channel is absolutely
fine.But if not then move forward as below.
6. Do telnet to below ports
Telnet dcname 445 : This port is netlogon port
Telnet dcname 3389 : RDP port
Telnet dcname 135,137,138,139 : Port used by
RPC end point mapper for collect dc information.
7. Run netstat and check which port is
responding as” waiting”
Resolution :
I found that there is kernel socket leak happening within the server.I applied the below hotfix and it worked as expected. Thereafter didn't see any authentication issues with the server.
NOTE : This issue is only related to microsoft windows server 2008R2 enterprise SP1.
Have a great Day !!
No comments:
Post a Comment