Event ID: 6004 - DNS Networking issues...
BProc_Lizard
server. He downloaded and ran one of those cheesy system cleaning utilities
that purports to "clean your registry". Arggghhhh... I was not very nice to
him when I found out what he did!!! I let him know with no uncertainty that
this machine is NOT one of his workstations, that this was a SERVER - fer
christsakes!!! And it was not his for playing around with!...
Regardless, now I'm in a bit of a pickle... Of course, it's a Murphyism;
the last registry backup I have is too far down the road (3 months ago) and
the regular system backup doesn't do the registry, I just learned. There's
been a couple of major updates and a few modifications - too many things to
remember all of them, so I'm left with trying to repair the problem - AND,
then determine a better means of backing things up so I don't have this issue
again and so I have a better recovery plan.
Anyway... I sure hope someone can point me in a direction where I can
troubleshoot this problem. I've already tried messing around with the
networking settings by changing them, saving and setting them back; to no
avail. I double-checked the entire system with two deep-scanning Antivirus
progs and temporarily turned off the (BlackIce) Firewall I had on that
machine - all to no avail. My network symptoms are that I can resolve DNS
(browsers don't work unless I type specific IP addresses) and the email
client on that machine will not send alerts via SMTP (this is most likely due
to DNS resolution issues since the SMTP is looking for a named address). RDP
will not connect unless specific IP address (again, DNS issue). But, the
server can "see" the DNS server which also correctly gives the problem child
server a DHCP address when I configed it dynamic. It's looking more and more
like a weird issue due to something missing in the registry...
Here's my log entry:
Event Type: Error
Event Source: EventLog
Event Category: None
Event ID: 6004
Date: 3/9/2009
Time: 9:51:58 PM
User: N/A
Computer: GREBE
Description:
A driver packet received from the I/O subsystem was invalid. The data is
the packet.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0c 00 e0 00 0e 00 00 00 ..à.....
0008: e0 5c 54 2e 2b a1 c9 01 à\T.+¡É.
0010: 40 00 00 00 00 00 00 00 @.......
0018: 00 00 00 00 04 00 4e 00 ......N.
0020: 00 00 00 00 cb 0b 00 80 ....Ë..?
0028: 00 00 00 00 10 00 00 c0 .......À
0030: 00 00 00 00 00 00 00 00 ........
0038: 00 00 00 00 00 00 00 00 ........
0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
0048: 6d 00 62 00 00 00 5c 00 m.b...\.
0050: 44 00 65 00 76 00 69 00 D.e.v.i.
0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
0070: 69 00 72 00 65 00 63 00 i.r.e.c.
0078: 74 00 6f 00 72 00 00 00 t.o.r...
0080: 41 00 43 00 53 00 43 00 A.C.S.C.
0088: 4c 00 41 00 4e 00 00 00 L.A.N...
0090: 4e 00 65 00 74 00 42 00 N.e.t.B.
0098: 54 00 5f 00 54 00 63 00 T._.T.c.
00a0: 70 00 69 00 70 00 5f 00 p.i.p._.
00a8: 7b 00 34 00 42 00 35 00 {.4.B.5.
00b0: 31 00 39 00 38 00 34 00 1.9.8.4.
00b8: 39 00 2d 00 43 00 32 00 9.-.C.2.
00c0: 37 00 44 00 2d 00 34 00 7.D.-.4.
00c8: 43 00 33 00 34 00 2d 00 C.3.4.-.
00d0: 41 00 37 00 33 00 43 00 A.7.3.C.
00d8: 2d 00 36 00 30 00 00 00 -.6.0...
Sure hope someone can shed a bit of light on this... :/
-- da Lizard
BProc_Lizard
posted it here. In the other group, I had a reply with the following:
"Danny Sanders" wrote:
> See:
> http://eventid.net/display.asp?eventid=6004&eventno=1596&source=EventLog&phase=1
>
>
> hth
> DDS|
To which I followed up with:
ALAS... I posted to the wrong place... Somehow, in my befuddlement, I
happened to be looking at some other earlier posting within this group and
simply clicked on the "New Thread" button without assuring I was in the
correct group. My apologies!!!
I have just posted this question over to another more appropriate group
m.p.windows.server.networking...
But, I will followup...
Wow, such a quick response! Thanks DANNY!!! But, I've already done my due
diligence with my friend, Google. The link you provided discusses issues
with Antivirus software and NIC drivers - I'm not having those issues.
I am running Eset NOD32 v2.7 Business (which, btw, I have been on their
newsgroup forum researching my problem - but I've pretty much determined my
issues don't apply to any A/V application. If you'll recall, this problem
was inadvertently caused by the running of a "Registry Cleaning" utility [I
won't name the actual application to protect the innocent] which was not
meant nor designed for server usage).
And I've already checked all my network devices - that was one of my first
thoughts, that one of my device drivers' parameters got hosed - but, I don't
see anything showing up there.
Again, thanks Danny for trying to help. But, further communication on this
topic will be moved to the server networking group. And, again, I apologize
for posting to the wrong group.
--da Lizard
~~~~~~~~~~~~~
BProc_Lizard
it during my testing, to no change in system behavior), it is not my NIC
drivers. I can ping my gateway just fine. Other machines within the network
can "see" and access the file share on the troubled machine (but this access,
it appears also generates random instances of the 6004 events). The most
obvious and annoying issue is that I'm not able to resolve URL and Named
network elements (making the machine virtually inoperative). there is
something that got trashed in the registry... but what??? Any ideas as to
where to look or what else to try???
Thanks -- da Lizard
Alister
<BProcLiz...@discussions.microsoft.com> wrote:
> So... I am kinda stuck - the issue is not within my AV software (I disabled
> it during my testing, to no change in system behavior), it is not my NIC
> drivers. I can ping my gateway just fine. Other machines within the network
> can "see" and access the file share on the troubled machine (but this access,
> it appears also generates random instances of the 6004 events). The most
> obvious and annoying issue is that I'm not able to resolve URL and Named
> network elements (making the machine virtually inoperative). there is
> something that got trashed in the registry... but what??? Any ideas as to
> where to look or what else to try???
>
> Thanks -- da Lizard
<snip>
Looking at the packet you posted it was looking for SMB\Device
\LanmanRedirector - which is part of the Microsoft Networking stack
and references %SystemRoot%\System32\ntlanman.dll so I would suggest:
1/ Check that the dll is in place.
2/ Check the following Registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\DeviceName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\ProviderPath
3/ Try re-installing the drivers for your NIC (which may sort out any
missing registry entries)
4/ If all else fails try resetting the TCP/IP stack - netsh int ip
reset resetlog.txt and then the Winsock: netsh winsock reset and then
reboot.
Alister
BProc_Lizard
server and on a different server all on the same subnet, checked ipconfig
again - made sure they were the same (except for the server's name and IP
address). Ran nslookup and saw that the problem server could see and resolve
the DNS server's IP and name. Quit nslookup and did a ping to an internal
machine's name and it resolved just fine. So internal names are resolving
but not external names and only external names queried from the problem
machine. Any other machine within the subnet can ping outside the subnet
using URIs and Domain Names, telling me there's no problem with the router
nor the DNS server. On the problem server, I invoked ipconfig /flushdns
followed by ipconfig /registerdns - but the behavior persisted. Just for
grins, I opened the networking GUI and ran a 'repair connections' function -
no change in behavior. I open network properties - TCP/IP settings and
manually added the router's external DNS entries and saved - ** we hear the
brash bugling sound of success ** - a workaround is born!!! So, now the
network services and functions all magically started working again...
sheesh...
That's all the time I had this afternoon to work on it... I might dig some
more later to determine why the 'automatic' settings in the network
properties - TCP/IP settings did not work as it should. Anyone have any idea
why all of a sudden I need to manually add my external DNS IPs, why they
aren't automatically forwarding using the dynamic/automatic setting? Where
in the registry is this controlled - I bet that's where the issue lies???