Netlogon Error Causes RDC to Fail Until After Local Logon?

Tutorials Win: Microsoft Windows Forum

Hi,

A few months ago I changed the network connection for one of my DCs from its
100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
connector having been possibly damaged.)

Since then, any time I reboot this server remotely (security patch
application) I am unable to log back on to it remotely until AFTER I have
gone to the server and logged on locally. All other functionality on the
server and the domain appears to be fine.

I find a single instanced of Event ID 3096 in the System log after each
boot. I have done some research and learned that if the Netlogon service
starts before the NIC is bound (And this appears to be common with gigabit
NICs.) and / or before DNS has started on the server, then this error is
likely to occur.

My understanding is that this error is of no real consequence under these
circumstances and can be ignored safely. Otherwise, I can configure the
system to delay the starting of Netlogon, or I can set the DC to use one of
the other DCs as a secondary DNS server (instead of only having it point at
itself), or switch back to the 100 MB NIC.

Does anyone (besides me) think that my inability to log on via RDP is
related to this issue? Because, if it is, then I'll be more likely to take
steps to correct the issue. The server is in a very inconvenient location for
me to get to, and I'd be happier not having to make the trek to it after each
reboot.

I'd like to make my effort on this count, because I can only reboot that
server once per month (following application of security updates). And my
reboot for this month is already used up.

Thanks for your observations,
LeftFoot
Top

RE: Netlogon Error Causes RDC to Fail Until After Local Logon? by MuhammadEssa

MuhammadEssa
Thu Aug 14 07:09:04 PDT 2008

Hi;
In short the problem you are facing is that when the server is restarted you
are unable to log via RDP unless you log locally, the problem is probably not
with netlogon service what i have seen and faced these issues are with
firewall services,try restarting the server one more time and check the
firewall service whether that is running or not.

Thanks
--
Essa


"LeftFoot" wrote:

> Hi,
>
> A few months ago I changed the network connection for one of my DCs from its
> 100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
> connector having been possibly damaged.)
>
> Since then, any time I reboot this server remotely (security patch
> application) I am unable to log back on to it remotely until AFTER I have
> gone to the server and logged on locally. All other functionality on the
> server and the domain appears to be fine.
>
> I find a single instanced of Event ID 3096 in the System log after each
> boot. I have done some research and learned that if the Netlogon service
> starts before the NIC is bound (And this appears to be common with gigabit
> NICs.) and / or before DNS has started on the server, then this error is
> likely to occur.
>
> My understanding is that this error is of no real consequence under these
> circumstances and can be ignored safely. Otherwise, I can configure the
> system to delay the starting of Netlogon, or I can set the DC to use one of
> the other DCs as a secondary DNS server (instead of only having it point at
> itself), or switch back to the 100 MB NIC.
>
> Does anyone (besides me) think that my inability to log on via RDP is
> related to this issue? Because, if it is, then I'll be more likely to take
> steps to correct the issue. The server is in a very inconvenient location for
> me to get to, and I'd be happier not having to make the trek to it after each
> reboot.
>
> I'd like to make my effort on this count, because I can only reboot that
> server once per month (following application of security updates). And my
> reboot for this month is already used up.
>
> Thanks for your observations,
> LeftFoot
Top

RE: Netlogon Error Causes RDC to Fail Until After Local Logon? by LeftFoot

LeftFoot
Thu Aug 14 07:24:12 PDT 2008

Hi! Thanks for your response.

I should have included the fact that this particular server is a Windows
2000 Server (Std) installation, running on a AD2003 domain. No firewall.

"Muhammad Essa" wrote:

> Hi;
> In short the problem you are facing is that when the server is restarted you
> are unable to log via RDP unless you log locally, the problem is probably not
> with netlogon service what i have seen and faced these issues are with
> firewall services,try restarting the server one more time and check the
> firewall service whether that is running or not.
>
> Thanks
> --
> Essa
>
>
> "LeftFoot" wrote:
>
> > Hi,
> >
> > A few months ago I changed the network connection for one of my DCs from its
> > 100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
> > connector having been possibly damaged.)
> >
> > Since then, any time I reboot this server remotely (security patch
> > application) I am unable to log back on to it remotely until AFTER I have
> > gone to the server and logged on locally. All other functionality on the
> > server and the domain appears to be fine.
> >
> > I find a single instanced of Event ID 3096 in the System log after each
> > boot. I have done some research and learned that if the Netlogon service
> > starts before the NIC is bound (And this appears to be common with gigabit
> > NICs.) and / or before DNS has started on the server, then this error is
> > likely to occur.
> >
> > My understanding is that this error is of no real consequence under these
> > circumstances and can be ignored safely. Otherwise, I can configure the
> > system to delay the starting of Netlogon, or I can set the DC to use one of
> > the other DCs as a secondary DNS server (instead of only having it point at
> > itself), or switch back to the 100 MB NIC.
> >
> > Does anyone (besides me) think that my inability to log on via RDP is
> > related to this issue? Because, if it is, then I'll be more likely to take
> > steps to correct the issue. The server is in a very inconvenient location for
> > me to get to, and I'd be happier not having to make the trek to it after each
> > reboot.
> >
> > I'd like to make my effort on this count, because I can only reboot that
> > server once per month (following application of security updates). And my
> > reboot for this month is already used up.
> >
> > Thanks for your observations,
> > LeftFoot
Top

RE: Netlogon Error Causes RDC to Fail -> NOPE! by LeftFoot

LeftFoot
Thu Aug 14 09:35:00 PDT 2008

Okay. The Netlogon is probably not related to the RDC issue. I just created
the same Netlogon error on a test system. I can now be reasonably certain
that the Netlogon error on this box was caused by switching to the gigabit
NIC. (My test system is exactly the same hardware / OS configuration.) But
the appearance of the Netlogon error on the test box is not accompanied by
any problems with RDP.

I guess I'll go off to try to find out what would cause RDP to fail
temporarily after each reboot.

Thanks to all who read my post and considered. And especially to you,
Muhammad Essa, for trying to help me.

"LeftFoot" wrote:

> Hi,
>
> A few months ago I changed the network connection for one of my DCs from its
> 100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
> connector having been possibly damaged.)
>
> Since then, any time I reboot this server remotely (security patch
> application) I am unable to log back on to it remotely until AFTER I have
> gone to the server and logged on locally. All other functionality on the
> server and the domain appears to be fine.
>
> I find a single instanced of Event ID 3096 in the System log after each
> boot. I have done some research and learned that if the Netlogon service
> starts before the NIC is bound (And this appears to be common with gigabit
> NICs.) and / or before DNS has started on the server, then this error is
> likely to occur.
>
> My understanding is that this error is of no real consequence under these
> circumstances and can be ignored safely. Otherwise, I can configure the
> system to delay the starting of Netlogon, or I can set the DC to use one of
> the other DCs as a secondary DNS server (instead of only having it point at
> itself), or switch back to the 100 MB NIC.
>
> Does anyone (besides me) think that my inability to log on via RDP is
> related to this issue? Because, if it is, then I'll be more likely to take
> steps to correct the issue. The server is in a very inconvenient location for
> me to get to, and I'd be happier not having to make the trek to it after each
> reboot.
>
> I'd like to make my effort on this count, because I can only reboot that
> server once per month (following application of security updates). And my
> reboot for this month is already used up.
>
> Thanks for your observations,
> LeftFoot
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by Jorge

Jorge
Thu Aug 14 12:38:16 PDT 2008

Hi
Please See inline:

> A few months ago I changed the network connection for one of my DCs from
> its
> 100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
> connector having been possibly damaged.)

Ok, make sure that use the latest drivers, also chek«ck for compatability
issues.

> Since then, any time I reboot this server remotely (security patch
> application) I am unable to log back on to it remotely until AFTER I have
> gone to the server and logged on locally. All other functionality on the
> server and the domain appears to be fine.

No errors? Any Firewall between you and your machine and the Server?

> I find a single instanced of Event ID 3096 in the System log after each
> boot. I have done some research and learned that if the Netlogon service
> starts before the NIC is bound (And this appears to be common with gigabit
> NICs.) and / or before DNS has started on the server, then this error is
> likely to occur.

check:
http://www.eventid.net/display.asp?eventid=3096&eventno=145&source=NETLOGON&phase=1

> My understanding is that this error is of no real consequence under these
> circumstances and can be ignored safely. Otherwise, I can configure the
> system to delay the starting of Netlogon, or I can set the DC to use one
> of
> the other DCs as a secondary DNS server (instead of only having it point
> at
> itself), or switch back to the 100 MB NIC.

That can be one of the explanations, but I also thonk that isn't related
with RDP access.

> Does anyone (besides me) think that my inability to log on via RDP is
> related to this issue? Because, if it is, then I'll be more likely to take
> steps to correct the issue. The server is in a very inconvenient location
> for
> me to get to, and I'd be happier not having to make the trek to it after
> each
> reboot.

First thing to check is iof the Terminal Services configuration is listening
in the NIC that you're using, did you check that (Under Administrative
Tools)?

> I'd like to make my effort on this count, because I can only reboot that
> server once per month (following application of security updates). And my
> reboot for this month is already used up.

Start by checking the TS configuration, then use the "NETSTAT -na |FindStr
3389" check if is listening on that port, than check FW configuration that
is between you and the server, then use your workstation and do a "telnet
serverip 3389"

Good luck :D
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by LeftFoot

LeftFoot
Thu Aug 14 13:19:01 PDT 2008



"Jorge Silva" wrote:

> Hi
> Please See inline:
>
> > A few months ago I changed the network connection for one of my DCs from
> > its
> > 100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
> > connector having been possibly damaged.)
>
> Ok, make sure that use the latest drivers, also chek«ck for compatability
> issues.
>
> > Since then, any time I reboot this server remotely (security patch
> > application) I am unable to log back on to it remotely until AFTER I have
> > gone to the server and logged on locally. All other functionality on the
> > server and the domain appears to be fine.
>
> No errors? Any Firewall between you and your machine and the Server?
>
> > I find a single instanced of Event ID 3096 in the System log after each
> > boot. I have done some research and learned that if the Netlogon service
> > starts before the NIC is bound (And this appears to be common with gigabit
> > NICs.) and / or before DNS has started on the server, then this error is
> > likely to occur.
>
> check:
> http://www.eventid.net/display.asp?eventid=3096&eventno=145&source=NETLOGON&phase=1
>
> > My understanding is that this error is of no real consequence under these
> > circumstances and can be ignored safely. Otherwise, I can configure the
> > system to delay the starting of Netlogon, or I can set the DC to use one
> > of
> > the other DCs as a secondary DNS server (instead of only having it point
> > at
> > itself), or switch back to the 100 MB NIC.
>
> That can be one of the explanations, but I also thonk that isn't related
> with RDP access.
>
> > Does anyone (besides me) think that my inability to log on via RDP is
> > related to this issue? Because, if it is, then I'll be more likely to take
> > steps to correct the issue. The server is in a very inconvenient location
> > for
> > me to get to, and I'd be happier not having to make the trek to it after
> > each
> > reboot.
>
> First thing to check is iof the Terminal Services configuration is listening
> in the NIC that you're using, did you check that (Under Administrative
> Tools)?
>
> > I'd like to make my effort on this count, because I can only reboot that
> > server once per month (following application of security updates). And my
> > reboot for this month is already used up.
>
> Start by checking the TS configuration, then use the "NETSTAT -na |FindStr
> 3389" check if is listening on that port, than check FW configuration that
> is between you and the server, then use your workstation and do a "telnet
> serverip 3389"
>
> Good luck :D
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
>

Thanks, Jorge.

I have not actually done:

NETSTAT -na |FindStr 3389

or

telnet {serverip} 3389

because the issue corrects itself following ONLY the intervention of logging
on to the server locally. Once I have done that one time I can again connect
to it remotely any time from anywhere -- until the next server reboot.

The firewall on the workstation has been checked repeatedly. There is no
firewall on the WS2000 server. The ability to use RDP to get to the server
fails from any location after that server is rebooted. I have tried many
different workstations from all subnets on the network. No difference. After
that server reboots the ONLY way it will be possible to connect to RDP on it
is to log on to it locally. That's all. No changes in settings or anything.
Just log / log off. Now anyone (with appropriate credentials) can log on via
RDP from anywhere -- until the next reboot.

I will try the two commands you listed just in case they give interesting
errors, but it will be nearly a month before I can do so. The production
folks here are serious about keeping that puppy running.

;)

Many thanks for your input so far, and please let me know if you can think
of anything I might do in the meantime. I had already found the reference on
Event ID back when this started, which was where I got all of my leads on the
3096 issue. But it just doesn't really seem to be more than coincidental to
the RDP issue, I guess.

Funny thing is that I can find a few references to this sort of behavior on
various Windows versions, but not a single solution.
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by Jorge

Jorge
Fri Aug 15 05:30:45 PDT 2008

In my expirience I remember 2 things that also may be that cause of this
(assuming, that what I mentioned before is properly setup), one is the
AntiVirus, the other is when the server is full with RDC connections, but
somehow it doesn't return the error message "This server reach the limit of
RDP connections, bla, bla...".


--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by LeftFoot

LeftFoot
Fri Aug 15 06:09:01 PDT 2008

Hi,

We did have a terrible problem with Symantec Antiviris Corporate Edition on
these servers. That software was removed last year and replaced with ESET's
NOD32 2.7 (soon going to their version 3.x product when a few kinks in it
have been ironed out), and we have not seen any AV-related issues with
performance / responsiveness. I have checked with the TS manager from another
server each time this has happend. No open / crashed TS sessions on this
server or on the domain.

I modified the Netlogon DependOnService entry in the registry to create a
dependency on DNS. Time will tell whether or not this will provide any kind
of solution.

Thank you very much for your help!


"Jorge Silva" wrote:

> In my expirience I remember 2 things that also may be that cause of this
> (assuming, that what I mentioned before is properly setup), one is the
> AntiVirus, the other is when the server is full with RDC connections, but
> somehow it doesn't return the error message "This server reach the limit of
> RDP connections, bla, bla...".
>
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
>
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by Jorge

Jorge
Fri Aug 15 10:18:32 PDT 2008

Ok, let me know the results and good luck :D

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by LeftFoot

LeftFoot
Fri Aug 15 11:08:29 PDT 2008

I have made a note to report the result in this thread.

Many thanks, again.

"Jorge Silva" wrote:

> Ok, let me know the results and good luck :D
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by LeftFoot

LeftFoot
Wed Sep 10 09:26:04 PDT 2008

Well, the ensuing month's "patch Tuesday" has arrived, so I got to try
another remote reboot of the server. Unfortunately, the trick of altering the
startup order of the services had no effect on the problem. We still had to
send someone to log on and off locally on the server before we were able to
log on via RDP.

They'll never let me take this thing down for a few hours to tinker with it.
I think I'll just build a replacement server for it, and then bring it back
to my office for "conversation", if you know what I mean.

;)

Thank you for your help, Jorge!

"Jorge Silva" wrote:

> Ok, let me know the results and good luck :D
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
Top

Re: Netlogon Error Causes RDC to Fail Until After Local Logon? by Jorge

Jorge
Wed Sep 10 13:30:10 PDT 2008

yeah, that's extra work... but if it's the only way... good luck on that.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Top