2008 Active Directory Problems. Naming Information cannot be located for the following reasons: "The Server is not operational"
2008 Has introduced one of the most interesting AD problems I have come across....Unfortunately for me, this problem has shown its face in my production environment so things are a little more tricky when trouble shooting.
Some Background
2008 Server introduced as an additional Domain Controller months ago, into a Windows Server 2003 Forest, running at Server 2003 Functionality. All seemed ok for months, until one sunny morning, one of my RODC's in a remote office, stopped authenticating requests for users or services not cached on the RODC.
Some Initial troubleshooting pointed back to authentication requests bouncing back between the RODC in the remote office and the 2008 DC in my Data Cente of which the RODC was paired with. A reboot of the parent 2008 Server, seemed to resolve everything and I figured that was it, problem Solved.
Very Wrong it would seem.
This problem occured numerous times over the next few weeks and people started getting quite annoyed. The only fix i had at the time, was to blow the RODC into a full blown DC at the remote site, and do some research. So that was completed, problem solved.
Now, This is where it gets interesting. Users that use the 2008 DC in my Datacentre for DNS resolution, started complaining about DNS related
problems. Logging on to the 2008 DC and firing up ADUC resulted in this
_______________________________________________________________________________________
"Naming Information cannot be located for the following reasons"
"The Server is not operational"
"If you are trying to connect to a Domain Controller running windows 2000, Verify that........blah blah blah"
_______________________________________________________________________________________
What the hell! The only resolution is a reboot - restarting AD DS services makes no difference etc
This occured time and time again for a matter of months, with nothing that I could really see to indicate anything of use, google turns up empty when referring to 2008 Server
Everything seems to point to DNS for this error, but there is nothing clear to work with, DNS errors show these entries which can be quite confusing
_____________________________________________________________________________________
Source: DNS
Category: None
Event ID: 404
Type: Error
The DNS Server Could not bind a Transmission Control Protocol (TCP) socket to Address 0.0.0.0.
The Event Data is in the error code
An IP Address of 0.0.0.0 can indicate a valid "any Address" configuration in which all configuration IP Addresses on the computer are available to use
_____________________________________________________________________________________
And
_____________________________________________________________________________________
Source: DNS
Category: None
Event ID: 408
Type: Error
The DNS Server could not open a socket for address 0.0.0.0
Verify that this is a valid IP address for the Server Computer
If it is NOT valid use the interface dialog under Server Properties in the DNS Manager to remove it from the List of IP's
_____________________________________________________________________________________
And
_____________________________________________________________________________________
Source: DNS
Category: None
Event ID: 4004
Type: Error
The DNS Server was unable to complete directory service enumeration of zone. . This DNS server is configured to use information obtained from Active Directory for this zone and is unable to to load the zone without it
_____________________________________________________________________________________
Really not a lot to work with especially when your DNS Server Properties are configured correctly, with the appropriate IP's etc etc
Demoted, Repromoted, Reinstalled DNS, Rebuilt Zones, nothing worked...
Some more trauling and research, and at the breaking point just before it was time to call Microsoft and start begging for help, I stumbled across a page in one the EBS blogs outlining a situation that sounded a touch familiar, but with the server manager component of EBS rather than my ADUC console.....The blog post described a situation where resource exhaustion occurs due to a third party TDI (Transport Driver Interface) filter driver is installed.....which is commonly used in Anti Virus software (of which i run McAfee).....
(http://blogs.technet.com/essentialbusinessserver/archive/2009/02/27/ebs-console-crashes-every-5-7-days.aspx)
Microsoft have documented the issue here....: 961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed
There is a patch for this problem here http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us which once installed, resolved my issues....who would have guessed that again. it was a Virus Scan software that once again knocked out AD related tools.....
Hope this helps resolve the issue for anyone else who comes across this one....certainly a tough one to fix!
James