7

PROBLEM

Domain member service reports the following when attempting to RDP from any Windows 10 workstation on the same domain or any Windows client from an external source:

  • Remote Desktop cannot verify the identity of the remote computer because there is a time or date difference between your computer and the remote computer. Make sure your computer’s clock is set to the correct time, and then try connecting again. If the problem occurs again, contact your network administrator or the owner of the remote computer.

Member Server Event Log contains:

  • EVENTID 5719. This computer was not able to set up a secure session with a domain controller in domain due to the following: The RPC server is unavailable.

  • EVENTID 1054. The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

ENVIRONMENT

MEMBER SERVER

  • This is the only server exhibiting the issue.
  • Windows Server 2012 Standard R2.
  • File server.
  • SQL server.
  • Event log reports errors above.
  • Cannot RDP to server when issue occurs.
  • DNS address set as PDC and SDC IP addresses.

PDC

  • Windows Server 2012.
  • Holds all FSMO roles.
  • GC.
  • Windows Firewall disabled for testing.
  • No ERRORS reported, operating normally.
  • AD services.
  • DNS service.
  • WINS service.
  • Can RDP to all nodes and autheticate with domain user credentials.

SDC

  • Windows Server 2016.
  • GC.
  • Windows Firewall disabled for testing.
  • No ERRORS reported, operating normally.
  • AD services.
  • DNS service.
  • WINS service.
  • Can RDP to all nodes and autheticate with domain user credentials.

EXCHANGE SERVER

  • Windows Server 2008.
  • Exchange Server 2007
  • Also added as a member server.
  • No ERRORS reported, operating normally.
  • Can RDP to all nodes and autheticate with domain user credentials.

WINDOWS 10 CLIENTS

  • All Windows 10 clients operating normally.
  • Can RDP to all nodes and autheticate with domain user credentials.

Some further information that maybe important:

  • I had another domain controller that died (vserver). It was manually removed from the domain using the correct procedure (meta data remove, transfer roles, delete from DNS etc). Satifited this is no longer and issue. Server name has not appeared in any error logs. DCDIAG on existing domain controller (PDC, SDC) reports no errors. This was many months ago.

  • When the domain controller (vserver) died workstations reported time sync issues. This was resolved on all client work stations using the W32TM commands detailed below many months ago. This W32TM has not resolved has not resolve the issue with the problematic member server issues documented here.

DEBUGGING

MEMBER SERVER

  • I can RDP and authenticate as a local user on the server when the issue occurs.
  • I cannot RDP and authenticate as a domain user on the server when the issue occurs.
  • If I reboot the server the issue is resolved for 24 hours approx.
  • Ensuring network firewall allows time queries to external sources.
  • W32tm /resync /rediscover (all executed elevated).
  • W32tm /query /configuration.
  • W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update.
  • w32tm /config /syncfromflags:domhier.
  • net stop w32time && net start w32time.
  • GPUPDATE does not resolve the problem.
  • NIC settings have the DNS and WINS address set as PDC and SDC server IP addresses.
  • Removed from the domain , domain join again using wizard tools.
  • When the issues occurs NSLOOKUP will resolve internal sever.internal.com domain addresses.
  • When the issues occurs NSLOOKUP will resolve internal extenal domain addresses.
  • When the issues occurs google Chrome deployed on the server will not display a web page. DNS confirmed operatinal via NSLOOKUP. I have seen this behaviour from workstation that deployed the application FIDDLER as the IE PROXY address is set to the machine loopback IP. Confirmed FIDDLER not installed on this member server.
  • See REF1. Tested MMC, connect to computer , load SECURITY LOG.
  • Set GROUP POLICY to allow Allow Remote Administration Exception and Allow File and Printer Sharing Exception.
  • Confirm Windows Management Instrumentation service running domain controllers and member server.
  • Confirm TCP/IP NetBIOS Helper service is running on domain controllers and member server.
  • Confirm Remote Procedure Call service is running on domain controllers and member server.
  • See REF2. Enabled `FAST LINK' on servers managed switch port.

Member Server w32tm /query /configuration results

[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 30000 (Local)

[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: AllSync (Local)
NtpServer: time.windows.com (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 0 (Local)
InputProvider: 1 (Local)

Member Server w32tm /query /status result:

Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.1455078s
Root Dispersion: 0.0777873s
ReferenceId: 0x0D4FEF45 (source IP:  13.79.239.69)
Last Successful Sync Time: 05/07/2017 13:31:40
Source: time.windows.com
Poll Interval: 12 (4096s)

Member Server RPCping result:

Completed 1 calls in 15 ms
66 T/S or  15.000 ms/T

Granted these tests above were performed several hours post reboot when the issue has not reoccurred yet. I can repeat the test and post the results upon reoccurrence.

PDC

  • DCDIAG reports no issues.
  • NSLOOKUP resolves internal and external addresses.

PDC w32tm /query /status result:

Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.1517181s
Root Dispersion: 0.0426882s
ReferenceId: 0x338D2033 (source IP:  51.141.32.51)
Last Successful Sync Time: 05/07/2017 13:18:51
Source: time.windows.com
Poll Interval: 10 (1024s)

SDC

  • DCDIAG reports no issues.
  • NSLOOKUP resolves internal and external addresses.

SUMMARY

Seems clear its a time sync issue. I believe that is everything I have tried to date to debug and resolve this issue, will EDIT if I can remember anything else. Thank you for any help (desk / head / bang ). Keen to understand the root cause.

Scott

REFERENCES

REF1. http://social.technet.microsoft.com/wiki/contents/articles/4494.troubleshooting-the-rpc-server-is-unavailable.aspx

REF2. Spanning Tree blocking DHCP requests in Windows/BOOTP

REF2. https://nchrissos.wordpress.com/2013/04/26/configuring-time-on-windows-2008-r2-servers/

UPDATE-1

Edited following the comment from Joeqwerty (thank you Joe).

Current State

  • No reocurence of this issue to date , approx 24 hours since this article was posted.
  • No reboots.

Amendment

However the following change has been applied now (see REF3) on the problematic MEMBER SERVER:

  • Reg Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type=NTP amended from NTP to NT5DS

  • Windows Time service restarted..

  • Output of w32tm /query /configuration now shows:

    [TimeProviders]
    NtpClient (Local)
    DllName: C:\Windows\system32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    CrossSiteSyncFlags: 2 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Local)
    ResolvePeerBackoffMaxTimes: 7 (Local)
    CompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 1 (Local)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Local)
    Type: NT5DS (Local)
    
  • GPUPDATE applied

  • Type: NT5DS (Local) still displayed when checking w32tm /query /configuration.

I need to leave this for a few days and try a reboot before I can confirm the issue has been resolved.

UPDATE-2

  • Issue just reoccurred. An admin rebooted it before I could run any tests.
  • On reboot w32tm /query /configuration still shows Type: NT5DS (Local)
  • Will report back Monday.
  • FYI w32tm /query /status

    Leap Indicator: 0(no warning)
    Stratum: 4 (secondary reference - syncd by (S)NTP)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.1827698s
    Root Dispersion: 7.8574884s
    ReferenceId: 0xC0A80103 (source IP:  192.168.1.3)
    Last Successful Sync Time: 06/07/2017 16:29:58
    Source: PDC.MYDOMAIN.COM
    Poll Interval: 10 (1024s)
    

Sorry for all the text.

UPDATE-3

No reoccurence of the RDP error document above yet but posted an update to highlight that at 0200 UTC the Member Server event log again started to report the EVENTID errors documented at the start of this thread chiefly:

    1. SOURCE NETLOGON. This computer was not able to set up a secure session with a domain controller in domain due to the following: The RPC server is unavailable.
    1. SOURCE GROUP POLICY. The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

In the past I found this was a precursor to the RDP connection / time sync problem given enough time.

In response I execute the following all from the MEMBER SERVER experiencing the issue:

  • w32tm /query /status

    Leap Indicator: 0(no warning)
    Stratum: 4 (secondary reference - syncd by (S)NTP)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.8504282s
    Root Dispersion: 0.3015940s
    ReferenceId: 0xC0A80103 (source IP:  192.168.1.3)
    Last Successful Sync Time: 07/07/2017 06:08:58
    Source: PDC.MYDOMAIN.COM
    Poll Interval: 13 (8192s)
    
  • w32tm /query /configuration

    [Configuration]
    EventLogFlags: 2 (Local)
    AnnounceFlags: 10 (Local)
    TimeJumpAuditOffset: 28800 (Local)
    MinPollInterval: 10 (Local)
    MaxPollInterval: 15 (Local)
    MaxNegPhaseCorrection: 4294967295 (Local)
    MaxPosPhaseCorrection: 4294967295 (Local)
    MaxAllowedPhaseOffset: 300 (Local)
    
    FrequencyCorrectRate: 4 (Local)
    PollAdjustFactor: 5 (Local)
    LargePhaseOffset: 50000000 (Local)
    SpikeWatchPeriod: 900 (Local)
    LocalClockDispersion: 10 (Local)
    HoldPeriod: 5 (Local)
    PhaseCorrectRate: 1 (Local)
    UpdateInterval: 30000 (Local)
    
    [TimeProviders]
    NtpClient (Local)
    DllName: C:\Windows\system32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    CrossSiteSyncFlags: 2 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Local)
    ResolvePeerBackoffMaxTimes: 7 (Local)
    vCompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 1 (Local)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Local)
    Type: NT5DS (Local)
    
    NtpServer (Local)
    DllName: C:\Windows\system32\w32time.DLL (Local)
    Enabled: 0 (Local)
    InputProvider: 0 (Local)
    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 0 (Local)
    InputProvider: 1 (Local)
    
  • RPCping

    Completed 1 calls in 1 ms
    1000 T/S or   1.000 ms/T
    
  • Net time /Domain:mydomain.com.com

    Current time at \\PDC.MYDOMAIN.COM is 07/07/2017 06:51:29
    
  • w32tm /query /source

    PDC.MYDOMAIN.COM
    
  • W32tm /monitor /domain:mydomain.com

    PDC.MYDOMAIN.COM *** PDC ***[192.168.1.3:123]:
    ICMP: 0ms delay
    NTP: +0.0000000s offset from PDC.MYDOMAIN.COM
    RefID: (unknown) [0x33208D33]
    Stratum: 3
    SDC.MYDOMAIN.COM.COM[192.168.1.1:123]:
    ICMP: 0ms delay
    NTP: -0.0013367s offset from PDC.MYDOMAIN.COM
    RefID: PDC.MYDOMAIN.COM [192.168.1.3]
    Stratum: 4
    
    Warning:
    Reverse name resolution is best effort. It may not be
    correct since RefID field in time packets differs across
    NTP implementations and may not be using IP addresses.
    

The amended NT5DS settings are still in place. Give it a few hours and the RDP issues will reoccur. Not sure where to go from here sorry.

UPDATE-4

In response to Drifter104 , please find below the output of IPCONFIG/ALL for each node:

MEMBER SERVER

Windows IP Configuration
Host Name . . . . . . . . . . . . : memberserver
Primary Dns Suffix  . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Ethernet:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 330i Adapter
Physical Address. . . . . . . . . : 28-80-23-90-ED-D8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.1
                                    192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.1
Secondary WINS Server . . . . . . : 192.168.1.3
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C78DD9B1-685E-4DB0-BE2C-79D92494D094}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

PDC

Windows IP Configuration
Host Name . . . . . . . . . . . . : PDC
Primary Dns Suffix  . . . . . . . : mydomian.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.COM

Ethernet adapter Ethernet:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 332i Adapter #2
Physical Address. . . . . . . . . : 64-51-06-0D-EE-C9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2440:bffc:b999:f930%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::217:c5ff:fe28:91cc%12
                                   192.168.1.25
DHCPv6 IAID . . . . . . . . . . . : 207900934
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-53-B2-D2-64-51-06-0D-EE-C9
DNS Servers . . . . . . . . . . . : 192.168.1.3
                                   192.168.1.1
                                   127.0.0.1
Primary WINS Server . . . . . . . : 192.168.1.1
Secondary WINS Server . . . . . . : 192.168.1.3
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0C6841BD-69AB-491B-819B-9167B188139A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

SDC

Windows IP Configuration
Host Name . . . . . . . . . . . . : SDC
Primary Dns Suffix  . . . . . . . : mydomain.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.COM

Ethernet adapter Ethernet:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 332i Adapter
Physical Address. . . . . . . . . : 64-51-06-0D-EA-B8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e006:41b6:be7c:e580%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::217:c5ff:fe28:91cc%2
                                   192.168.1.25
DHCPv6 IAID . . . . . . . . . . . : 56905990
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E6-6B-A7-64-51-06-0D-EA-B8
DNS Servers . . . . . . . . . . . : ::1
                                   192.168.1.1
                                   192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
Secondary WINS Server . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0A5E9C3A-B92E-4114-B0BF-5A30BCA821D7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

MEMBER SERVER

WINS addresses removed on response to comment.

Windows IP Configuration
Host Name . . . . . . . . . . . . : memberserver
Primary Dns Suffix  . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Ethernet:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 330i Adapter
Physical Address. . . . . . . . . : 28-80-23-90-ED-D8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.1
                                    192.168.1.3
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C78DD9B1-685E-4DB0-BE2C-79D92494D094}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Will power cycle the machine shortly.

UPDATE-5 10/07/17

72 hours since the last update the issue has recurred. RDP and attempt to authenticate with the domain administrator user results in:

Remote Desktop cannot verify the identity of the remote computer because there is a time or date difference between your computer and the remote computer. Make sure your computer’s clock is set to the correct time, and then try connecting again. If the problem occurs again, contact your network administrator or the owner of the remote computer.

  • Login as a local member service admin is successful.

  • w32tm /query /status

    Leap Indicator: 0(no warning)
    Stratum: 4 (secondary reference - syncd by (S)NTP)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.1826172s
    Root Dispersion: 0.1925883s
    ReferenceId: 0xC0A80103 (source IP:  192.168.1.3)
    Last Successful Sync Time: 10/07/2017 04:27:51
    Source: PDC.MYDOMAIN.COM
    Poll Interval: 15 (32768s)
    
  • w32tm /query /configuration

    [Configuration]
    EventLogFlags: 2 (Local)
    AnnounceFlags: 10 (Local)
    TimeJumpAuditOffset: 28800 (Local)
    MinPollInterval: 10 (Local)
    MaxPollInterval: 15 (Local)
    MaxNegPhaseCorrection: 4294967295 (Local)
    MaxPosPhaseCorrection: 4294967295 (Local)
    MaxAllowedPhaseOffset: 300 (Local)
    
    FrequencyCorrectRate: 4 (Local)
    PollAdjustFactor: 5 (Local)
    LargePhaseOffset: 50000000 (Local)
    SpikeWatchPeriod: 900 (Local)
    LocalClockDispersion: 10 (Local)
    HoldPeriod: 5 (Local)
    PhaseCorrectRate: 1 (Local)
    UpdateInterval: 30000 (Local)
    
    [TimeProviders]
    NtpClient (Local)
    DllName: C:\Windows\system32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    CrossSiteSyncFlags: 2 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Local)
    ResolvePeerBackoffMaxTimes: 7 (Local)
    CompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 1 (Local)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Local)
    Type: NT5DS (Local)
    
    NtpServer (Local)
    DllName: C:\Windows\system32\w32time.DLL (Local)
    Enabled: 0 (Local)
    InputProvider: 0 (Local)
    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 0 (Local)
    InputProvider: 1 (Local)
    
  • RPCping

    Exception 1722 (0x000006BA)
    Number of records is: 10
    ProcessID is 65644
    System Time is: 7/10/2017 6:7:3:935
    Generating component is 18
    Status is 0x6BA, 1722
    Detection location is 1442
    Flags is 0
    NumberOfParameters is 1
    Unicode string:
    ProcessID is 65644
    System Time is: 7/10/2017 6:7:3:935
    Generating component is 18
    ETC .... (large result)
    
  • Net time /Domain:mydomain.com.com

    The service has not been started.
    
  • w32tm /query /source

    PDC.mydomain.COM
    
  • W32tm /monitor /domain:mydomain.com

    GetDcList failed with error code:  0x800706BA.
    Exiting with error 0x800706BA
    

Progress of sorts.

  • DCDIAG ON PDC. There is a "pointer device" exception which is not relevant and will clear.

    Directory Server Diagnosis
    
    Performing initial setup:
       Trying to find home server...
       Home Server = PDC
       * Identified AD Forest.
       Done gathering initial info.
    
    Doing initial required tests
    
       Testing server: Default-First-Site-Name\PDC
          Starting test: Connectivity
             ......................... PDC passed test Connectivity
    
    Doing primary tests
    
       Testing server: Default-First-Site-Name\PDC
          Starting test: Advertising
             ......................... PDC passed test Advertising
          Starting test: FrsEvent
             ......................... PDC passed test FrsEvent
          Starting test: DFSREvent
             ......................... PDC passed test DFSREvent
          Starting test: SysVolCheck
             ......................... PDC passed test SysVolCheck
          Starting test: KccEvent
             ......................... PDC passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... PDC passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... PDC passed test MachineAccount
          Starting test: NCSecDesc
             ......................... PDC passed test NCSecDesc
          Starting test: NetLogons
             ......................... PDC passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... PDC passed test ObjectsReplicated
          Starting test: Replications
             ......................... PDC passed test Replications
          Starting test: RidManager
             ......................... PDC passed test RidManager
          Starting test: Services
             ......................... PDC passed test Services
          Starting test: SystemLog
      A warning event occurred.  EventID: 0x80000109
                        Time Generated: 07/10/2017   07:15:13
                Event String: A pointer device did not report a valid unit of angular measurement.
             A warning event occurred.  EventID: 0x80000101
                Time Generated: 07/10/2017   07:15:13
                Event String: A pointer device reported a bad angular         physical range.
             ......................... PDC passed test SystemLog
          Starting test: VerifyReferences
             ......................... PDC passed test VerifyReferences
    
    
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test         CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test         CrossRefValidation
    
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test         CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test         CrossRefValidation
    
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
    
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test         CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test         CrossRefValidation
    
       Running partition tests on : MYDOMAIN
          Starting test: CheckSDRefDom
             ......................... MYDOMAIN passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... MYDOMAIN passed test CrossRefValidation
    
       Running enterprise tests on : MYDOMAIN.com
          Starting test: LocatorCheck
             ......................... MYDOMAIN.com passed test LocatorCheck
          Starting test: Intersite
             ......................... MYDOMAIN.com passed test Intersite
    
scott_lotus
  • 1,079
  • 3
  • 16
  • 29
  • The member server is showing that it's using type AllSync and syncing with an external time source (time.windows.com). It should be using type NT5DS and syncing with one of the DC's. You should reconfigure w32time on the member server to fix that. – joeqwerty Jul 05 '17 at 13:50
  • Thanks for the commend Joeqwerty, WIll try this first thing tomorrow and post the result. – scott_lotus Jul 05 '17 at 14:03
  • Thanks Joeqwerty. REGKEY update applied to the Member Server. Will confirm in a few days if this resolves the issue. Will mark your answer as "answered" if there is no occurrence. Appreciate your help. Scott. – scott_lotus Jul 06 '17 at 13:41
  • Based on your updates to the question, the type and source look correct now. The type should be NT5DS and the source should be one of your DC's, in your case (based on the source server name) it looks like the PDC is the source. – joeqwerty Jul 06 '17 at 16:13
  • Thanks Joe. Thats correct. MemberServer reports source is PDC. Type is reported as NT5DS. Server has been rebooted. Need to give it a few days to be sure the issue has been resolved. Will review the EVENT LOG tomorrow. – scott_lotus Jul 06 '17 at 16:22
  • Can you post the output of ipconfig /all for the member server and pdc please. The difference in time might be a symptom of something else – Drifter104 Jul 07 '17 at 09:42
  • @Drifter104 , thank you for the response. Results posted. All the best. – scott_lotus Jul 07 '17 at 10:20
  • Can you remove the WINS servers in the NIC properties? Just leave them empty – Drifter104 Jul 07 '17 at 10:26
  • WINS addresses removed from memberserver, thank you. – scott_lotus Jul 07 '17 at 10:32
  • A new occurrence this morning sorry following 36 hours since last change was implemented. RPCPing reports failure. Thank you for any help. Scott – scott_lotus Jul 10 '17 at 06:22

1 Answers1

4

The member server is showing that it's using type AllSync and syncing with an external time source (time.windows.com). It should be using type NT5DS and syncing with one of the DC's. You should reconfigure w32time on the member server to fix that.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Marking this as resolved. Although initially the accepted answer did not resolve the issue, it appeared to fix the source about 4 weeks later. The EVENT LOG errors in regards to "Group Policy Failed to Load" stopped on the 10th Aug as did the NETLOGON errors both reported above. I no longer need to reboot daily. No other fixes were attempted other than Windows Updates and what is documented above. Thanks Joe. – scott_lotus Sep 12 '17 at 05:53