I've been experiencing some very strange problems today. It all started when the health monitor on our server picked up an alert in the event logs that looked a bit like this;
(172.16.48.5 is my primary DC running DNS and DHCP as well, 172.16.48.6 is my secondary DC running secondary DNS)Code:Log File: System Record Number: 2351 Type: Error Time Generated: 20070430163614.000000+060 Source: NetBT Category: None Category String: Event: 4321 User: N/A Computer: DC2 Message: The name "SCHOOL :1d" could not be registered on the Interface with IP address 172.16.48.6. The machine with the IP address 172.16.48.5 did not allow the name to be claimed by this machine.
This error occured repeatedly throughout the day, and got a lot worse in the last 2 hours. Initially we thought there was a rougue device on the network trying to register itself in DNS and failing, so we went off on a hunt for things plugged in that shouldn't be with no success.
We then noticed after several reports of problems that all our wireless access points had stopped talking to the network, we couldn't ping them or get the management consoles up, and when laptops were connected to them they couldn't communicate to the network although they did connect to the access point. Rebooting the APs sorted this, but after a while it went the same way again for some of them. Very weird.
We also started noticing a major slow down on our netowork, trouble connecting to exchange server, problems saving files and logging on etc. etc. At this point we were exceedingly worried, as we have had simelar problems in the past with DOS attacks on our network, and we felt this had a simelar pattern to what we were getting before. We then started isolating portions of our network, and rebooting all our switches to illiminate them from the equation, but all throughout we were still gettting errors reported on our domain controllers.
As a last resort, we decided to reboot both our DCs one after the other. We were amazed as this seems to have solved the problem. Since rebooting, we've had no further instances of this error. We are however still confused as to what exactly has caused these errors and problems in the first place?? Looking back through the event logs, it seems that it's only our second domain controller (DC2) generating these errors, and they've been occuring in a small way since the 18th April but we hadn't picked up on them before today (we were getting 2 reports a minute at its height.)
Can anyone at all shed any light on what we may have experienced here today as it's certainly got us very confused. I've done a google for simelar errors, and there is information out there but it's very sketchy, and doesn't provide any conclusive answers. If anyone could shed some light on it I'd be very grateful.
Lots of reasons on eventid.net
There are currently 1 users browsing this thread. (0 members and 1 guests)