none
Local Server DNS notworking EventID:1014. RRS feed

  • 问题

  • Server: Windows Server 2008 R2 EN

    after Checking EventLog, we found below clues.

    1. Server is fine.

    2. Get EventID:56, TermDD

    The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 172.28.xxx.xxx

    .(this client is our security team Nessus Scanner Server)

    3. after this event. then generated thousands of event log  EventID:36874/368888

    4. keeping several days of step 3. huge of EventID:36874/36888. Local DNS client not working  EventID:1014

    Name resolution for the name update.symantec.com timed out after none of the configured DNS servers responded.

    at the meanwhile, the ip is pingable.

    5. Because the server is one of AD members, DNS client is not working cause server not working, and not able login as no local administrator account(was disabled by Policy)

    6. must cool restart server. everything recovered.

    Checked with Cyber team to query that may Nessus issue, but there are hundreds servers all fine been scanned., just this one have issue. get nothing from them.

    wish someone can help .

      


    夏天

    2018年3月7日 4:42

全部回复

  • Hi,

    Thanks for your question.

    1. Did all these error Events mentioned occur on local DNS server?

     

    1. Please make sure the problem server’s configuration is correct as the figure below. Please confirm that the option “Register this connection’s addresses in      DNS” in the advanced IPV4 properties tab should be ticked. You could also refer to the following link: tps://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee941150(v=ws.10)

                

    Furthermore, additional information for system event, please refer to the following detailed.

    Event ID 1014:

    • Customers have reported the following scenarios as possible causes for this event:

    -          TCP/IP Offload is enabled for a network adapter

    -          TCP/IP v6 is enabled and their ISP does not yet support TCP/IP v6.

    -          The spanning tree “portfast" setting is not enabled on your servers switch ports.

    -          Router and PC communicating with different channel or standard.

    • Methods to resolve the issue:

    -          Disable RSS, Autotuning, and Taskoffload

    -          Disable TCP/IP v6

    -          Enable the spanning tree portfast setting in your router 

    -          Set your router and PC to communicate with same channel and standard manually

    Please refer to the following article:

    https://social.technet.microsoft.com/wiki/contents/articles/3336.event-id-1014-microsoft-windows-dns-client.aspx

    Event ID 56: TermDD

    https://community.spiceworks.com/how_to/85664-termdd-event-id-56

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Event ID 36874/36888 and how to fix it

    https://social.technet.microsoft.com/wiki/contents/articles/3336.event-id-1014-microsoft-windows-dns-client.aspx

    Hope the information above helpful.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    2018年3月8日 8:12
    版主
  • Hi Pisces,

    How are things going on? Was your issue resolved?

    Please let us know if you would like further assistance.

    Wish you have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年3月12日 8:46
    版主
  • Hi Pisces,

    How are things going on? Was your issue resolved?

    Please let us know if you would like further assistance.

    Wish you have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年3月14日 3:13
    版主
  • Thank you Michael, your reply is very helpful.

    the issue persist on.

    now we are working with MS support, although the support is not good.  we are trying to collect all information they requested.

    this server is member of AD , we don't have local account, local administrator was disabled. when issue happend. application (SAP) is not working, RDP is working but can not pass authentication. the error like no domain controller is available.

    along with this problem, I also find there is a major NETLOGON Event , ID 5719

    This computer was not able to set up a secure session with a domain controller in domain xxxx due to the following:

    the RPC server is unavailable.

    This may lead to authentication problem. make sure that this computer is connected to the network, if the problem persists, please contact your domain administrators

    I think this may the root cause.

    any idea for that.

    Server is SAP application server.


    夏天

    2018年3月28日 9:26
  • Hi Pisces,

    Thanks for your detailed reply.

    I encountered a similar case recently. It may be caused by the port TCP/UDP 53 on the dns server was occupied by other system processes. You may check to see if it helps.

    I will follow up this thread and stand by with you. If you have any questions and concerns, please feel free to let me know.

    Highly appreciate your successive effort and time. 

    Wish you have a nice day!

    Best regards,

    Michael 


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年3月28日 9:44
    版主
  • Micosoft Engineer ask me run Network monitor to get more details traffic info. but I can not, as Local account will be clear up automatically by GPO.AD account was not able login while the issue happen.

    just find tcpip Warning, then NETlogon error.

    the problem happen every 4-7 days.


    夏天


    2018年4月2日 9:39