Re: Application of MS04-011 - missing SRV records on DCs - GC failures
From: Aimme Lirette MSFT (alirette_at_online.microsoft.com)
Date: 05/07/04
- Next message: Bob T: "username:password, how to fix registry to allow this to work again?"
- Previous message: railroader: "Multiple entries for same event id errros"
- In reply to: Trust No One: "Application of MS04-011 - missing SRV records on DCs - GC failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 May 2004 10:53:45 -0500
See this article for updates to known issues regarding the MS04-011 security
patch- the article should be updated regularly:
http://support.microsoft.com/default.aspx?scid=kb;en-us;835732
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Trust No One" <dana.scully@usa.net> wrote in message news:3300c5e4.0405060541.62151823@posting.google.com... > Hi Folks, > > We've recently applied MS04-011 to our Global Active Directory. The > roll-out intially appeared to have gone flawlessly, but this morning > we noticed that clients worldwide were reporting slow logins; > furthermore non GC domain controllers were logging hundreds of Event > ID:1126 - unable to establish connection with global catalog" > messages. > > All our domain controllers are running Windows 2000 with SP4. > > We ran DCDIAG on some of the remote domain controllers, and DCDIAG > quite worryingly reported "Warning: DcGetDcName(GC_SERVER_REQUIRED) > call failed, error 1355 - A Global Catalog Server could not be located > - All GC's are down" > > I ran REPADMIN on a number of Global Catalogs and it indicated that > all the expected naming contexts were present (thanks goodness!). I > next had a look at the netlogon.dns file and was surprised to see the > file was less than half its expected size - a number of SRV records > including those usually registered for Global Catalogs were missing. > > This was the case for all our domain controllers worldwide, and the > time on the netlogon.dns file corresponded roughly to when the hotfix > was applied. The missing SRV records meant among other things that > none of the GCs in the forest were advertising. > > Luckily deleting the Netlogon.DNS and Netlong.DNB files, followed by a > stop and restart of the Netlogon service resulted in a correct version > of Netlogon.DNS being written, with all the appropriate DNS records. > > We drummed up a quick script to perform the above and all the domain > controllers and our AD now appears to be back to normal. Hopefully > this is an isolated incident, but the procedure above might save > someone some time in digging around if similar symptoms appear on > application of MS04-011. > > hth > > -- > Peter <X-Files FAN and AD enthusiast :)>
- Next message: Bob T: "username:password, how to fix registry to allow this to work again?"
- Previous message: railroader: "Multiple entries for same event id errros"
- In reply to: Trust No One: "Application of MS04-011 - missing SRV records on DCs - GC failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
