DNS server RPC problem
Gorjan
The problem: the DNS server stops responding after random periods of time.
The logs look very strange:
-------------------------------------------------------------------------
The DNS server could not open socket for address 0.0.0.0.
Verify that this is a valid IP address for the server computer. If it is
NOT valid use the Interfaces dialog under Server Properties in the DNS
Manager to remove it from the list of IP interfaces. Then stop and restart
the DNS server. (If this was the only IP interface on this machine and the
DNS server may not have started as a result of this error. In that case
remove the DNS\Parmeters\ ListenAddress value in the services section of the
registry and restart.)
If this is a valid IP address for this machine, make sure that no other
application (e.g. another DNS server) is running that would attempt to use
the DNS port.
----------------------------
The DNS server could not bind a Transmission Control Protocol (TCP) socket
to address 0.0.0.0. The event data is the error code. An IP address of
0.0.0.0 can indicate a valid "any address" configuration in which all
configured IP addresses on the computer are available for use.
Restart the DNS server or reboot the computer.
---------------------------
No knowledge base articles were available. I fixed the Interfaces dialog
under Server Properties in the DNS Manager to the correct IP address. Will
this resolve my problem?
There were problems with the RPC also:
The DNS server could not initialize the remote procedure call (RPC) service.
If it is not running, start the RPC service or reboot the computer. The event
data is the error code.
One of the solutions - reinstall the RPC service?
Is this really necessary?
jacks...@hotmail.com
interface has at least one ip of 0.0.0.0 have you checked with
ipconfig/all
Ace Fekay [MVP]
Gorjan <Gor...@discussions.microsoft.com> made this post, which I then
commented about below:
It would have been much easier if you were to have posted the actual Event
ID # and source. However, I believe it is Event ID 408? If so, the only
thing I can think of if you have the ISA firewall software or some other
Winsock client software for another firewall and the DNS server is not
listed in the trusted zone? Here's more info:
http://www.eventid.net/display.asp?eventid=408&eventno=778&source=DNS&phase=1
--
Regards,
Ace
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Gorjan
Yes, the event id is 408.
However, we have no ISA firewall software in our organization.
We have one Cisco Pix firewall but that shouldn't afect anything since the
DNS server is in the "inside" zone (along with all the DNS clients) and is
inaccessible from the internet. The name resolution is accomplished via
"forvarder" servers.
Would setting "Interfaces: Listen on: Only the following IP address <IP of
DNS>" reslove the matter?
I've already done it; just asking to make sure........
Regards, Gorjan
Todd J Heron
responding. Advanced logging greatly increases the DNS server workload
(writing to the log on top of answering queries). DNS Advanced logging
should only be used as a short term troubleshooting diagnostic. Try
disabling it to see if it improves RPC performance.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"Gorjan" <Gor...@discussions.microsoft.com> wrote in message
news:FD6C0235-A7DB-41B0...@microsoft.com...
Ace Fekay [MVP]
>
> Yes, the event id is 408.
> However, we have no ISA firewall software in our organization.
> We have one Cisco Pix firewall but that shouldn't afect anything
> since the DNS server is in the "inside" zone (along with all the DNS
> clients) and is inaccessible from the internet. The name resolution
> is accomplished via "forvarder" servers.
> Would setting "Interfaces: Listen on: Only the following IP address
> <IP of
> I've already done it; just asking to make sure........
>
> Regards, Gorjan
Try Todd's suggestions. Otherwise I would suspect something else (spyware,
etc) that can cause similar problems.
Ace
Ace Fekay [MVP]
>
> No logging is turned on the DNS server (apart from the event log that
> generates some 10 entries a day). I checked the server for spyware,
> it's pretty clean...
> The thing is, after I get the message "could not bind to 0.0.0.0
> (event ID 408)" and I try to restart the dns service, I get the
> following:
>
> 1. The DNS server has encountered a critical error from the Active
> Directory. Check that the Active Directory is functioning properly.
> The extended error debug information (which may be empty) is "". The
> event data contains the error.
> (EventID 4015)
> After several such event log entries,
> 2. The DNS server was unable to open the Active Directory. This DNS
> server is configured to use directory service information and can not
> operate without access to the directory. The DNS server will wait
> for the directory to start. If the DNS server is started but the
> appropriate event has not been logged, then the DNS server is still
> waiting for the directory to start. (EventID 4013)
> and then
> 3. The DNS server was unable to open Active Directory. This DNS
> server is configured to obtain and use information from the directory
> for this zone and is unable to load the zone without it. Check that
> the Active Directory is functioning properly and reload the zone. The
> event data is the error code. (EventID 4000)
> the final statement is
> 4. The DNS server could not initialize the remote procedure call (RPC)
> service. If it is not running, start the RPC service or reboot the
>
> The same server acts as a domain controller, so the message "unable
> to open Active Directory" is somewhat strange. Also, the problem
> resolves itself after a server restart, works fine for a few days and
> then start crushing again.
>
> Any ideas?
How many DC/DNS servers are there in your environment?
What AD replication scope is the zone set to?
If you change the zone to a Primary zone, does that help?
Does the DC/DNS server also have RRAS installed?
Ace
Gorjan
There is just one DNS/DC (this one). I had another DC but that one is
permanently offline.Hence there is no AD replication. I haven't been able to
run dcpromo and to demote the second one because I was unable to log on. I
guess I could have run ntdsutil and do a metadata cleanup.
The zones are ActiveDirectory Integrated Primary.
Ace Fekay [MVP]
>
> There is just one DNS/DC (this one). I had another DC but that one is
> permanently offline.Hence there is no AD replication. I haven't been
> able to run dcpromo and to demote the second one because I was unable
> to log on. I guess I could have run ntdsutil and do a metadata
> cleanup.
> The zones are ActiveDirectory Integrated Primary.
>
I don't think it has to do anything with the socket error first described,
but you MUST run a metadata cleanup.
Ace