Tuesday, February 12, 2013 5:05 PM
We have a client with a problem on one of there servers following a reboot of the systems. This is what we have:
- (2) AD servers running Windows 2003 R2 Standard
- (1) Windows Server 2003 R2 file server with MSMQ installed (a few message queues going to other systems)
- (1) Windows Server 2008 R2 file server with MSMQ installed (same as above, just a few message queues to other systems. Nothing high volume)
The servers are set to reboot weekly.
- 1 AD server reboots at 2a and is back online by 2:05a.
- We reboot all of the other systems at 2:30a. We make sure there is always an AD server online at all times.
Upon reboot on only the Windows Server 2008 R2 system, we see the following event message in the event logs:
7:28:34 am 12-Feb-13 LsaSrv None 40961
SYSTEM The Security System could not establish a secured connection with the server ldap/hill-ad2.HillInternal.local/HillInternal.local@HILLINTERNAL.LOCAL. No authentication protocol was available.
7:52:49 am 11-Feb-13 Microsoft-Windows-MSMQ None 2016
N/A The Message Queuing service is not online with Active Directory Domain Services, since the service properties cannot be retrieved or set. The service will attempt to retrieve and set its properties in a few minutes. Error 0x8007203b: A local error has occurred.
These messages do not happen on the other Windows Server 2003 R2 system with MSMQ. I checked the other systems onsite and no other system or service is reporting problems connecting to AD.
Before I open a case with support, I thought I'd post it here and see if anyone has any ideas about this.
Tuesday, February 12, 2013 5:08 PMOne additional note. The MSMQ service reconnects and starts working about noon time without any intervention on my part and then continues to work throughout the week OK. It is really a bizarre problem.
Wednesday, February 13, 2013 4:12 AMModeratorHi,
Please check and make sure this server has same DNS configuration as other servers, apart from this, you also can check netlogon.log on that server to see if there is any clue about the problem as it looks like this server failed to locate a domain controller to set up secure channel and do authentication. As the problem disappeared automatically, you may need to enable netlogon debug on this server by using nltest "nltest /dbflag:0x2080ffff" to capture netlogon debug logs when the problem happens again.
- Marked As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Tuesday, February 19, 2013 4:51 AM