none
Group Policy Error and DHCP with Active Directory?

    Question

  • Hi,

    I was wondering if someone could shed some light on howcome every week or two the windows server DHCP blocks out then the active directory then everything else Besides the DNS. So recently users tell me that they cant print or they dont get DHCP because of this error. Whats odd i have installed other servers with the same ISO and never encountered this problem. The solution is a restart and everything works but its around every week or so this happens.  Also when I connect to the RDP I get that the server certificate expired which is odd even after the restart. Im attaching some photos sorry that its in Spanish :( I also want to note that I installed it around less then a month and its giving these issues

    Thank you

    Friday, March 18, 2016 1:54 PM

Answers

  • Hi,

    As the error message is not English, I am not very clear about your issues. In order to offer the better troubleshooting, I would suggest you translate the error message into English.

    Regarding the error1054 in third screenshot, it may have DNS issues to locate DCs. This behavior may occur if the address for the configured preferred DNS server on the client is invalid or unreachable. If this is the case, please go to refer to the following article for troubleshooting: https://support.microsoft.com/en-us/kb/324174

    For error about expired server certificate for RDP, the first thing to check is the remote machines certificate. Please perform steps as below on a client:

    Start > Run > mmc.exe

    File > Add/Remove Snap-in…

    Certificates > Add > Computer Account > Local Computer > Finish

    Remote Desktop > Certificates rdpcert.png

    Check the certificate expiration date. If the date has past, delete the certificate and From the client try and connect again. Upon the reconnection attempt, the remote machine with auto generate a new certificate

    if the problem still shows up, please ensure that the client settings for remote desktop connection are set to “Warn Me” or “Connect and don’t warn me” under Advanced and Server Authentication.

    Also, you could check for time and date settings between the client and remote server, anything more than a few minutes could cause problems.

    Regards,

    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 21, 2016 8:57 AM
    Moderator
  • Hi,

    Regarding to event 4231, please confirm that error message is:

    A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use.

    In this case, with TCP ports, correct operation of the protocol requires that one end of the connection puts its port in an unusable state for a while after the connection is closed. This is the TIME_WAIT state that shows up in netstat. So, if some app is rapidly creating new connections and immediately closing them, you can end up with a lot of TCP ports in TiME_WAIT and none available. Shutting the responsible app down will not immediately free up such ports (only time does that), but it will stop it consuming more of them. And eventually you will have TCP ports. When a client initiates a TCP/IP socket connection to a server, the client typically connects to a specific port on the server and requests that the server respond to the client over an ephemeral, or short lived, TCP or UDP port. Under certain conditions it is possible that the available ports in the default range will be exhausted.

    I would suggest you take a look the following the article which is about avoiding TCP/IP Port Exhaustion, please see: https://msdn.microsoft.com/en-us/library/aa560610%28v=bts.20%29.aspx?tduid=%2824e818a264907a09110ba2e96a2716af%29%28256380%29%282459594%29%28TnL5HPStwNw-na_EfZKmOXtRNNGBL.a95Q%29%28%29&f=255&MSPPError=-2147217396

    Regards,

    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 30, 2016 1:06 AM
    Moderator
  • Basically it is port exhaustion and that is what is causing this.Pleaae check the server performance and also run a command netstat -anob and check what is holding more time wait. On which port you have lot if time-wait.
    Wednesday, March 30, 2016 1:18 AM

All replies

  • Hi,

    As the error message is not English, I am not very clear about your issues. In order to offer the better troubleshooting, I would suggest you translate the error message into English.

    Regarding the error1054 in third screenshot, it may have DNS issues to locate DCs. This behavior may occur if the address for the configured preferred DNS server on the client is invalid or unreachable. If this is the case, please go to refer to the following article for troubleshooting: https://support.microsoft.com/en-us/kb/324174

    For error about expired server certificate for RDP, the first thing to check is the remote machines certificate. Please perform steps as below on a client:

    Start > Run > mmc.exe

    File > Add/Remove Snap-in…

    Certificates > Add > Computer Account > Local Computer > Finish

    Remote Desktop > Certificates rdpcert.png

    Check the certificate expiration date. If the date has past, delete the certificate and From the client try and connect again. Upon the reconnection attempt, the remote machine with auto generate a new certificate

    if the problem still shows up, please ensure that the client settings for remote desktop connection are set to “Warn Me” or “Connect and don’t warn me” under Advanced and Server Authentication.

    Also, you could check for time and date settings between the client and remote server, anything more than a few minutes could cause problems.

    Regards,

    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 21, 2016 8:57 AM
    Moderator
  • Hi Wendy,

    Thank you for the reply, As the certificate error it was my computer had the wrong time for some odd reason but that was fixed. What I have been realizing is after the error 4231 thats when the DHCP and the Active directory falls apart. But the DNS is working and ran some test also. After a reboot everything back to normal which is odd.

    Thank you

    Monday, March 21, 2016 3:23 PM
  • Hi,

    Regarding to event 4231, please confirm that error message is:

    A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use.

    In this case, with TCP ports, correct operation of the protocol requires that one end of the connection puts its port in an unusable state for a while after the connection is closed. This is the TIME_WAIT state that shows up in netstat. So, if some app is rapidly creating new connections and immediately closing them, you can end up with a lot of TCP ports in TiME_WAIT and none available. Shutting the responsible app down will not immediately free up such ports (only time does that), but it will stop it consuming more of them. And eventually you will have TCP ports. When a client initiates a TCP/IP socket connection to a server, the client typically connects to a specific port on the server and requests that the server respond to the client over an ephemeral, or short lived, TCP or UDP port. Under certain conditions it is possible that the available ports in the default range will be exhausted.

    I would suggest you take a look the following the article which is about avoiding TCP/IP Port Exhaustion, please see: https://msdn.microsoft.com/en-us/library/aa560610%28v=bts.20%29.aspx?tduid=%2824e818a264907a09110ba2e96a2716af%29%28256380%29%282459594%29%28TnL5HPStwNw-na_EfZKmOXtRNNGBL.a95Q%29%28%29&f=255&MSPPError=-2147217396

    Regards,

    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 30, 2016 1:06 AM
    Moderator
  • Basically it is port exhaustion and that is what is causing this.Pleaae check the server performance and also run a command netstat -anob and check what is holding more time wait. On which port you have lot if time-wait.
    Wednesday, March 30, 2016 1:18 AM
  • Hi,

    Thank you for the reply and sorry for the late reply have not getting the notification, I ran the netstat -anob i right now have dfsrs.exe time wait. My work around right now is a batch script that runs every 3 days that reboots Im going to wait 4 days to see if i get more time wait. Curious question could it be a program causing this?

    Thank you

    Tuesday, April 05, 2016 6:42 PM
  • Hi,

    Thank you for the reply and sorry for the late reply,

    Right now my work around is the batch script to reboot but i only have 1 time wait but thats because its been on around 12 hours a dfsrs.exe I will try to pinpoint the program thats causing this

    Thank you

    Tuesday, April 05, 2016 6:44 PM
  • Hi,

    So i think your right the time wait but what port is 3308?

    Thank you see picture

    Wednesday, April 06, 2016 10:23 PM
  • Hi,
    As far as I know, TCP Port 3308 may use a defined protocol to communicate depending on the application. PORT 3308 – Information:
    •Port Number: 3308
    •TCP / UDP: TCP
    •Delivery: Yes
    •Protocol / Name: tns-server
    •Port Description: TNS Server
    •Virus / Trojan: No
    You could run netstat –a –n –o command to get a PID number belonging with port3308, then from Task Manager, you could find the detail application which has the same PID.

    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 07, 2016 1:38 AM
    Moderator