10mins to shutdown

[freedomit]

I went to a small client with a Server 2011 Essentials server and a handful of Windows 8.1 desktops. The job was to uninstall Sophos and replace with Sophos Cloud, the actual job went really well. Anyway one of the desktops did some Windows Updates and now wont shutdown, it hangs for about 10mins before finally going off. Lots of messing around it appears the Group Policy Service is causing the issue, i cant stop the service within Windows and gpupdate fails

We now have it back in our workshop so are troubleshooting it over a VPN. When we remove from the domain and rejoin the following appear in the event logs:

DNS Client - 1023
Name Resolution policy table has been corrupted. DNS Resolution will fail until this is fixed. For more information: read policy rule {lots of numbers and letters} failed with error 0x2

Netjoin - 4097
The machine name atempted to join the domain but failed. The error code was 1722.

After a few more event 1023's we get..

NetJoin 4096
This computer has been successfully joined to the domain.

Also get the following error pop up after the domain join successful popup:

Changing the Primary Domain DNS name of this computer to "" failed
The name will remain "domain.local"
The error was: The RPC Server is unavailable

Things we have tried:
* Uninstall Sophos Cloud
* Clean Boot
* Windows AIO Tookit - all repairs
* Remove, rename and rejoin to domain, when no longer a domain member it shuts down fine.
* Removed all windows updates apart from one which couldn't be removed as it was servicing stack update.
* Confirmed we can ping domain and server via name
* Cant system restore as no restore points before service stack restore point
* Turned off firewall
* Reinstalled NIC
* Winsock repair

Any ideas?

 

[TAPtech]

What is the computer name, anything goofy looking?

At first I thought you performed these steps on the 2011E server and nearly wet myself.

 

[freedomit]

The name is ENLT-LEN73-4 we have a 1-3 working fine and this computer has been fine for 18 months.

 

[freedomit]

One thing we have discovered is we can find the DNS policy rule mentioned in DNS Client - event 1023 and delete it but when we join the PC to the domain a new policy is created which it then complains about being corrupt.

 

[NETWizz]

Um... Okay. Ideas:

Reset the NRPT client for DNS SEC...

Basically to do that delete all subkeys of this

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig


Restart the DNSCache service (actually named DNS Client) via services.msc or dnscache via net start/net stop

Then ipconfig /flushdns



Next verify you can see Active Directory via its SRV records in DNS with queries like these:
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kpasswd._tcp
c:\>nslookup -type=srv _gc._tcp
c:\>nslookup -type=srv _ldap._tcp

At this point, I would probably re-join the domain and reboot the computer...


Maybe do a gpupdate or a gpupdate / force

Then check it with rsop.msc to see the Resultant Set of Policies



^^^^ Let me know if this works. If not, it is probably best to just re-image the computer provided other computers are not exhibiting the problem.

 

[freedomit]

Um... Okay. Ideas:

Reset the NRPT client for DNS SEC...

Basically to do that delete all subkeys of this

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig


Restart the DNSCache service (actually named DNS Client) via services.msc or dnscache via net start/net stop

Then ipconfig /flushdns



Next verify you can see Active Directory via its SRV records in DNS with queries like these:
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kpasswd._tcp
c:\>nslookup -type=srv _gc._tcp
c:\>nslookup -type=srv _ldap._tcp

At this point, I would probably re-join the domain and reboot the computer...


Maybe do a gpupdate or a gpupdate / force

Then check it with rsop.msc to see the Resultant Set of Policies



^^^^ Let me know if this works. If not, it is probably best to just re-image the computer provided other computers are not exhibiting the problem.

Damm...your post is about 3 minutes to late, ive cut my losses and just started a format/reload

 

[lcoughey]

Just the perfect amount of time to sit back and enjoy a fresh cup of coffee.

 

[NETWizz]

Damm...your post is about 3 minutes to late, ive cut my losses and just started a format/reload

Nothing wrong with that... it's all good, billable time.

 

[AndyM]

Damm...your post is about 3 minutes to late, ive cut my losses and just started a format/reload

I was going to suggest that if it is a Domain machine, with no user documents on it (assuming the docs are set to re-direct to the server), then the easiest way is a full re-format and install the required software.

What I would do personally, especially as this sounds like a long time customer, is to create an image once you've built the machine (without activating Windows or any Windows COA entered). Next time something like this happens, just restore from the image and rejoin the domain/activate etc.

Andy

 

[freedomit]

Just to update on this, format/reload and same issue. Logged onto the server checked all services were started which they were, was clicking around and notice DHCP console wouldn't expand (red x) even though was working and services started. I tried to add a permission to a folder and got RPC server not found and then domain controller not found? Rebooted the Server overnight and now the desktop issue has been resolved.

Strange thing is other computers is the office were fine and server was running with no issues (although it clearly has some).