none
Problem connecting to a domain controller with FQDN or Netbios name

    Question

  • Hi!

    We first got an alert of a replication problem between Server A (Windows Server 2016 Std) that is the domain controller with all the FSMO roles in the domain, that is placed in site A. And Server B (Windows Server 2012 R2 Std), that is placed in site B.

    They are connected via a VPN tunnel.

    When looking into it, we discovered that you can access server B from server A using FQDN or netbios name, for exemple \\serverb.domain.local or \\serverb, but the folder is empty (not showing sysvol or netlogon).

    Server B responds to ping from server A using the netbios name or FQDN, so there is no DNS issue.

    If we instead use \\ipadressofserverB we can connect with out any issues (and we can see sysvol and netlogon).

    If we turn it around, server B can access and see all the shares on server A using FQDN, netbios or IP.

    The time of server B did differ from server A with about 4 seconds, and that is sorted out. There are no credentials saved in the credentials manager.

    The servers were restarted a couple of days ago to try to fix this, but it did not help.

    What I could read, using FQDN or netbios when connecting is autentication via kerberos, and using IPAdress is autenticating via NTLM?

    There are 4 additional domain controllers in this domain (one in site A, one in site C, one in site D and one in site E), there are no issue between these, or from server A or B.

    I have run telnet and connected from server A to server B on kerberos ports, and they respond ok.

    I can also add, when trying to RDP from server A to server B with name, you get a client error. IP is ok. Same for Computer Management, when you try to connect with name it "times out", but when connecting with IP it connects ok.

    Any suggestions on what this can be?

    // Alexander


    • Edited by bOYd42 Friday, January 13, 2017 9:15 AM Added additional info
    Friday, January 13, 2017 8:44 AM

All replies

  • Hi Boud,

    1- verify replication using this command and double check if there is a real replication issue between server A & B or not: repadmin /showrepl * /csv showrepl.csv

    2- create an emtpy shared folder on both server A & B

    3- on both servers A & B run cmd and run nslookup and verify each other's DNS names and IP addresses.

    4- try to access shares by IP and FQDN from A to B then from B to A and observe if you see the newly created shared folder or no alonth with sysvol folders as well....

    let us know the result of above points in order so we can take it to next step

    Thanks


    Thanks Mahmoud

    • Proposed as answer by Lolet2012 Friday, January 20, 2017 6:36 AM
    Friday, January 13, 2017 10:55 AM
  • Hi Mahmoud!

    Thanks for replying.

    1. On server A i get the following:

    DC=domain,DC=local
    SiteB\ServerB via RPC
            DSA object GUID: 9bcfc9d8-918c-4d8f-a03f-d869e48051ef
            Last attempt @ 2017-01-13 12:40:48 failed, result 1727 (0x6bf):
                The remote procedure call failed and did not execute.
            177 consecutive failure(s).
            Last success @ 2017-01-11 16:23:59.



    CN=Configuration,DC=domain,DC=local
    SiteB\ServerB via RPC
            DSA object GUID: 9bcfc9d8-918c-4d8f-a03f-d869e48051ef
            Last attempt @ 2017-01-13 12:39:30 failed, result 1727 (0x6bf):
                The remote procedure call failed and did not execute.
            177 consecutive failure(s).
            Last success @ 2017-01-11 16:23:57.



    CN=Schema,CN=Configuration,DC=domain,DC=local
    SiteB\ServerB via RPC
            DSA object GUID: 9bcfc9d8-918c-4d8f-a03f-d869e48051ef
            Last attempt @ 2017-01-13 12:40:09 failed, result 1727 (0x6bf):
                The remote procedure call failed and did not execute.
            177 consecutive failure(s).
            Last success @ 2017-01-11 16:23:58.

    DC=DomainDnsZones,DC=domain,DC=local

    SiteB\ServerB via RPC
            DSA object GUID: 9bcfc9d8-918c-4d8f-a03f-d869e48051ef
            Last attempt @ 2017-01-13 12:39:30 failed, result 1256 (0x4e8):
                The remote system is not available. For information about network troubleshooting, see Windows Help.
            177 consecutive failure(s).
            Last success @ 2017-01-11 16:23:59.

    Source: SiteB\ServerB
    ******* 177 CONSECUTIVE FAILURES since 2017-01-11 16:23:59
    Last error: 1727 (0x6bf):
    The remote procedure call failed and did not execute


    On server B I get the following:

    DC=domain,DC=local
    SiteA\ServerA via RPC
    DSA object GUID: 7056b76d-281f-4eff-8485-90eee0bed2a7
    Last attempt @ 2017-01-13 12:42:00 failed, result 1818 (0x71a):
    The remote procedure call was cancelled.
    49 consecutive failure(s).
    Last success @ 2017-01-11 16:22:50.

    CN=Configuration,DC=domain,DC=local
    SiteA\ServerA via RPC
    DSA object GUID: 7056b76d-281f-4eff-8485-90eee0bed2a7
    Last attempt @ 2017-01-13 12:47:19 failed, result 1818 (0x71a):
    The remote procedure call was cancelled.
    177 consecutive failure(s).
    Last success @ 2017-01-11 16:22:49.

    CN=Schema,CN=Configuration,DC=domain,DC=local
    SiteA\ServerA via RPC
    DSA object GUID: 7056b76d-281f-4eff-8485-90eee0bed2a7
    Last attempt @ 2017-01-13 12:52:38 failed, result 1818 (0x71a):
    The remote procedure call was cancelled.
    177 consecutive failure(s).
    Last success @ 2017-01-11 16:22:50.

    DC=ForestDnsZones,DC=domain,DC=local
    SiteA\ServerA via RPC
    DSA object GUID: 7056b76d-281f-4eff-8485-90eee0bed2a7
    Last attempt @ 2017-01-13 12:10:05 failed, result 1818 (0x71a):
    The remote procedure call was cancelled.
    48 consecutive failure(s).
    Last success @ 2017-01-11 16:22:50.

    DC=DomainDnsZones,DC=domain,DC=local

    SiteA\ServerA via RPC
    DSA object GUID: 7056b76d-281f-4eff-8485-90eee0bed2a7
    Last attempt @ 2017-01-13 12:26:02 failed, result 1818 (0x71a):
    The remote procedure call was cancelled.
    48 consecutive failure(s).
    Last success @ 2017-01-11 16:22:50.

    Source: SiteA\ServerA
    ******* 176 CONSECUTIVE FAILURES since 2017-01-11 16:22:50
    Last error: 1818 (0x71a):
    The remote procedure call was cancelled.

    2. Shares created (Everyone full control)

    3.

    --- ServerA---

    PS C:\> nslookup ServerB
    Server:  ServerA.domain.local
    Address:  172.16.9.50

    Name:    ServerB.domain.local
    Address:  192.168.34.13

    --- ServerB---

    PS C:\> nslookup ServerA
    Server:  ServerA.domain.local
    Address:  172.16.9.50

    Name:    ServerA.domain.local
    Address:  172.16.9.50



    4.

    From server A (to B), I can see the shares when using IP only, when using FQDN the folder is "empty".

    From server B (to A), I can see the shares both when using IP and FQDN.

    // Alexander


    • Edited by bOYd42 Friday, January 13, 2017 12:37 PM Corrected a typo
    Friday, January 13, 2017 12:25 PM
  • hi Boyd,

    Thanks for replying...

    status 1727 refers to RPC being failing to establish connection between server A and server B

    try following please to test RPC. we will use 2 applications to test it..

    - on server A open event viewer and try "conenct to another computer" and connect to server B.

    - see if you are able to browse application and system logs of server B from server A eventviwer console

    - on server A START > RUN> type "wmimgmt.msc" and try to connect to server B from WMI console

    - after it connects > right click on server B name from the console and select "properties" and you should see a "successful" note in the window indicating connection is successful.

    reason of testing:

    RPC uses static TCP port 135 as well as a dynamic range ports so by the result of these tests we will know if RPC is working or not...

    now for the share thing... please do following:

    we will try to enumerate shares remotely with RPC instead of share protocol SMB.

    - on server A START > RUN> open compmgmt.msc

    - connect to server B from console 

    - expand local shares node >> (here it should list shares on server B including newly created folder)

    let us know how it goes

    Thanks


    Thanks Mahmoud

    Friday, January 13, 2017 12:54 PM
  • Hi!

    We did some more troubleshooting.

    On ServerB, we ran netstat.

    When connecting from ServerA by IP, we can se a session on port 445 (SMB), but when we connect by FQDN and we get an "empty folder," there is no visible connection on port 445.

    // Alexander

    Friday, January 13, 2017 12:55 PM
  • Hi!

    When running VMI console, it looks like it connects ok to ServerB, but when we "right click" and choose properties, we get the error: "Failed to connect to \\ServerB because "Win32: The RPC server is unavailable"

    On the eventviewer, we get "Computer ServerB.domain.local cannot be connected. Verify that the nework path is correct........". We get this both using FQDN and IP.

    Computer Management, we cannot connect using FQDN or netbios, only using IP. When using IP it gets connected, but when expanding "System Tools" we get an error. From eventviewer (trying to open it), everything else can be expanded as expected. And we can see the shares.

    // Alexander

    Friday, January 13, 2017 1:29 PM
  • Just as an FYI

    repadmin /replsummary gives a nice condensed report of DC replication.

    Friday, January 13, 2017 1:51 PM
  • hi Boyd,

    wmi console and event viewer console is failing because RPC is failing. this is a verified conclusion now.

    action item#1: please check with your network team and get them allow RPC communication between server A and B to get replication to work. you can share with them the above results as it's a confirmed troubleshooting result.

    now regarding SMB sharing... it's a bit strange! i'd say to do following:

    1- download microrost netmon 3.4 and install it on servers A and B

    2- open netmon console on both servers and start capturing in same time with almost all windows exploreres windows closed for acurate results.

    3- from server A try to access share of server B using IP address and FQDN

    4- stop capture and send me the two capture files to mahelsay@gmail.com

    note that the capture period shouldn't be long. approximate 1 minute is a max.... this is to avoid creating a large capture file.

    Thanks


    Thanks Mahmoud

    Friday, January 13, 2017 1:59 PM
  • Hi!

    I have asked our network team to take a look into the network and RPC. I have also capured with Netmon and sent you an e-mail with the .*cap files.

    // Alexander

    Friday, January 13, 2017 3:01 PM
  • hi Alexander.

    i'm checking the files now however would you tell me what are the IPs of server A and B?


    Thanks Mahmoud

    Friday, January 13, 2017 3:24 PM
  • Hi Mahmoud!

    I wrote that in the email.

    ServerA has IP 172.16.9.50 and serverB has 192.168.34.13.

    // Alexander

    Friday, January 13, 2017 3:50 PM
  • Hi,
    Regarding RPC failure error, you could also refer to the following articles for troubleshooting:
    How IT Works Troubleshooting RPC Errors
    https://technet.microsoft.com/en-us/library/2007.07.howitworks.aspx
    Windows Server Troubleshooting: "The RPC server is unavailable"
    https://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx
    And regarding error message “The remote procedure call failed and did not execute”, please manually have a try the workaround in the following KB to see if it helps:
    https://support.microsoft.com/en-us/kb/911799
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 16, 2017 7:35 AM
    Moderator
  • Thanks Wendy! I will look into this.

    We still have not got any reply from the network department, but I will keep you posted.

    // Alexander

    Monday, January 16, 2017 9:01 AM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, January 19, 2017 2:38 AM
    Moderator
  • Hi!

    An update.

    Prior to investigating this problem deeper (before I started this thread), we rebooted ServerA and ServerB. The error still persisted.

    ServerA stopped working with RDP a couple of days ago, so I ordered a reboot of the server (once more). After this 2nd reboot, all errors are gone and both servers are happy.

    I will monitor this for a couple of weeks, and will comment on the stability of the server. But it looks like ServerA is (or was) the problem.

    // Alexander

    Friday, January 20, 2017 12:28 PM
  • Hi Alexander,
    Appreciate for the feedback, and if you have any questions later, please feel free to let us know.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 23, 2017 1:39 AM
    Moderator