A domain controller that is running Microsoft Windows Server 2003 may stop responding for 2 to 15 minutes several times a day (908370)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Professional


Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SUMMARY

A domain controller that is running Microsoft Windows Server 2003 may stop responding for 2 to 15 minutes several times a day.

A Server Message Block (SMB) session may be unresponsive when the user of a client computer tries to browse files or to open files on a network. The problem affects all the client computers at the same time. The problem may also occur when you try to browse files on the server by using a Universal Naming Convention (UNC) path.

When this problem occurs, you can view a shared location on the network by using a Command Prompt window. The server uses no more resources than usual.

SYMPTOMS

In a Windows Server 2003-based domain, you experience one or more of the following problems on a client computer that is running Microsoft Windows Server 2003, Microsoft Windows XP or Microsoft Windows 2000:
  • You cannot log on or map network drives to the server. If you have successfully logged on, you cannot access shared items on the network by using Windows Explorer.
  • Programs on the client computer are unresponsive. For example, Excel worksheets may take 2 minutes longer than usual to respond over the network.
  • When you try to connect to the server, you receive one of the following error messages.

    Message 1
    System Error 53: The network path was not found. (ERROR_BAD_NETPATH)
    Message 2
    System Error 64: The specified network name is no longer available. (ERROR_NETNAME_DELETED)
    Message 3
    System Error 67: The network name cannot be found. (ERROR_BAD_NET_NAME)
  • The server becomes unresponsive several times a day. The system cannot handle any SMB-based network request. However, the problem is temporarily resolved when the server is restarted.
  • When you try to access Distributed File System (DFS) shared resources on the server, the DFS service stops responding.
  • The server stops responding until the DFS service is restarted. When this problem occurs, open files on the client computer also stop responding.
The shared resource does not have to be a DFS shared resource for these problems to occur.

When this problem occurs, computers that are running Windows XP Professional or Windows Server 2003 may log entries that are similar to the following in the Application log. However, no entries may be logged.

Message 1Event Type: Error
Event Source: Userenv
Event ID: 1058
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=<DomainName>,DC=<TopLevelDomain>. The file must be present at the location <\\DomainName.com\sysvol\DomainName.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.Message 2Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.Typically, client computers and member servers log these events at startup if the error condition already exists.

CAUSE

These problems occur because of a problem with the H.323/Lightweight Directory Access Protocol (LDAP) proxy. This problem occurs when network address translation (NAT) prevents LDAP requests from reaching services on the domain server.

RESOLUTION

To resolve this problem, follow these steps:
  1. If Windows Server 2003 has network adaptor teaming software installed, uninstall the network adaptor teaming software, and then update the network adaptor driver to the latest version. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    843156 You receive a "System error 67 has occurred. The network name cannot be found" error message in Windows Server 2003

  2. Install Microsoft Windows Server 2003 Service Pack 1 (SP1) on the domain controller. If you cannot apply Service Pack 1, follow the steps in the "Workaround" section.
Notes
  • These steps may not resolve the problem that is mentioned in the "Symptoms" section if you do not install Windows Server 2003 SP1 before you install and set up the Routing and Remote Access service and the network address translation (NAT) service on the domain controller. If you install Windows Server 2003 SP1 after the Routing and Remote Access service and the NAT service, follow the steps in the "Workaround" section.
  • A similar problem may occur where the DFS service on a Windows Server 2003-based server stops responding for approximately 10 minutes. When this problem occurs, DFS shared resources stop responding to user requests. If the DFS server is a member of a Microsoft Windows NT 4.0-based domain, follow the steps in Knowledge Base article 810418 to resolve the problem. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    810418 Disabling site awareness for Windows Server 2003 or for Windows 2000 DFS in a Windows NT 4.0 domain

WORKAROUND

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, use one of the following methods.

Note These methods assume the following conditions:
  • The domain controller is running Windows Server 2003.
  • The domain controller is operating as a file server and as a print server.
  • The domain controller does not have Windows Server 2003 Service Pack 1 installed.
  • The domain controller is running one or more of the following:
    • Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    • Routing and Remote Access (RRAS)

Method 1: Restart the DFS service

Restart the Distributed File System (DFS) service. To do this, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. Type net stop DFS, and then press ENTER.
  3. Type net start DFS, and then press ENTER.
Note Active Directory requires the DFS service so that clients can locate the SYSVOL shared resource. Therefore, the DFS service has to run on every domain controller. In an environment with more than one domain controller, do not stop the DFS service without restarting the service.

Method 2: Stop Internet Connection Firewall, Internet Connection Sharing, and Routing and Remote Access

Stop the following services:
  • Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
  • Routing and Remote Access (RRAS)
Note If these services are not disabled by default, use method 5.

Method 3: Disable the IP NAT driver

If network address translation (NAT) is not correctly configured, you may be able to work around this problem by disabling the IP NAT driver. To do this, follow these steps:
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the Hardware tab, click Device Manager, and then click Show Hidden Devices on the View menu.
  3. Double-click Non-Plug and Play Drivers, and then double-click IP Network Address Translator.
  4. Click the Driver tab, click Stop, and then click OK.
  5. Restart the computer.
For more information about how use the registry to disable the IP NAT driver, click the following article number to view the article in the Microsoft Knowledge Base:

816071 How to temporarily deactivate the kernel mode filter driver in Windows

Method 4: Disable NAT/Basic Firewall

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Double-click Server name, double-click IP Routing, and then click NAT/Basic Firewall.
  3. In the right pane, right-click the interface name of the private interface that is connected to the private network interface, or right-click the public interface that is connected to the Internet interface, and then click Delete.
  4. Repeat step 3 for all the interfaces where a private interface is connected to a private network interface or where the public interface is connected to the Internet interface.
  5. Restart the Routing and Remote Access service.
If a Routing and Remote Access server separates the client network and a Digital Subscriber Line (DSL) router, you may have to take more steps so that client computers retain Internet connectivity. You must also correctly configure routing between Windows Small Business Server and a DSL router. To do this, make sure that the DSL router has a static route to the client's network. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

837453 How to use the Windows Server 2003 Routing and Remote Access Service or ISA Server 2004 with a DSL router for Internet access

Method 5: Disable the H.323/LDAP proxy

If NAT must be enabled because it acts as a network bridge between the LAN network adaptor and an Internet network adaptor, disable the H.323/LDAP proxy by setting the EnableH323Proxy registry subkey to 0 (zero). To do this, follow these steps:
  1. If the 835732 security update is not installed, install this security update. For more information about the 835732 security update, click the following article number to view the article in the Microsoft Knowledge Base:

    835732 MS04-011: Security update for Microsoft Windows

  2. Follow these steps to add the EnableH323Proxy registry subkey to the registry:
    1. Locate and right-click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
    2. Point to New, click DWORD Value, and then type EnableH323Proxy.
    3. Right-click EnableH323Proxy, click Modify, and then type 0 in Value data box.
  3. Restart the computer.
  4. Enable the Windows firewall.
Note In Windows Server 2003 with Service Pack 1, the H.323/LDAP proxy has been removed from Internet Connection Firewall, Internet Connection Sharing, and Routing and Remote Access.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" service (Service_Name: SharedAccess) provides the following services for a home office network or a small office network:
  • Network address translation
  • Addressing
  • Name resolution
  • Intrusion prevention
For diagnostics purposes, you can enable extended LDAP logging. When this problem occurs, event 1216 may be logged if the following conditions are true:
  • The system is configured to use extended NTDS logging.
  • The LDAP Interface Events logging level is set to a value of 4 by using the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

When event 1216 is logged, you may see an entry that is similar to the following in Event Viewer:Event Type: Warning
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 1216
Description:
Internal event: An LDAP client connection was closed because of an error.
Client ID: 11387

Additional Data
Error value: 995 The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID: c0602ec For more information, click the following article number to view the article in the Microsoft Knowledge Base:

816071 How to temporarily deactivate the kernel mode filter driver in Windows

Modification Type:MajorLast Reviewed:10/3/2006
Keywords:kbtshoot kbprb KB908370 kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.