Windows 2003 Terminal Server not responding after reboots

Question

We have 5 Windows 2003 R2 SP2 Std x64 terminal servers that are set to reboot each night all within 45 mins of each other. Frequently at least one of them will not respond to RDP requests after reboot. If I connect to console I can login just fine. Netstat shows TS listening on 3389 etc. Only way I am able to get them to respond again is to reboot manually.

All terminal servers show the following errors in the event log after reboots (however not all of them arent responding, most work fine post reboot)

Event ID 5719 - Error - Netlogon - This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following: There are no logon servers available.

Event ID 4321 - Error - NetBT - The name DOMAIN :1d" could not be registered on the interface with IP address [IP address]. The machine with the IP [IP address of domain controller] did not allow the name to be claimed by this machine.

However, those events show up on the machines that successfully reboot as well. Can someone please assist me with troubleshooting this problem? Like I said, it doesnt happen every time or on every server. Only sometimes are one or two servers. Very frustrating.

Thanks for any assistance!

Answer 1

Sounds like a problem with TS services on the impacted servers. Maybe they're hung, or waiting on a response from the DC that got lost or garbled on the network, or failed to start correctly when the OS booted, etc.

1. First thing I'd do is set the TS services to delayed start up, in case it's an OS or machine boot issue. It'll set the service to start up after most everything else, so any dependencies should be fully started and there won't be any conflicts with it started at the same time as whatever else.
2. Failing that, I'd use a scheduled task to restart the service a couple minutes after the OS boots up. (Would take a little bit of guesswork to schedule it right, based on reboot time, machine boot speed and OS load speed.)
3. Investigate the NICs on the machines? Is it possible that the cause is outdated drivers or firmware, and updated software (like Windows Updates and any other patches you've [hopefully] applied) conflicting with each other from time to time?
4. Failing that (and maybe anyway, to try to resolve the root cause, rather than just alleviate the symptom), I'd do a reinstall (uninstall, install fresh) of the Terminal Services on the impacted servers. I've had this kind of issue, absent EventID 4321 and that usually resolves it, at least when it's a problem with the TS services on the server, and not caused by networking or domain controller issue.
5. (Maybe do this before #4) Troubleshoot this from the Domain Controller. There is a reason that the Eventlog is telling you the server can't contact a logon server and the Domain Controller isn't allowing the hostname to be assigned to the indicated interface. This can be caused by domain or Domain Controller settings. Look on the DC to see if there are any indications of that. (Don't forget to look for GPO settings, startup scripts and the like too.)
6. (Maybe do this before #4 too) Troubleshoot this from a networking perspective. Is it possible the network is occasionally mangling the traffic between these servers and the DC, causing the authentication and name assignment problems you're seeing in the server Eventlogs.
7. (Maybe do this before anything) Try to convince your bosses (or whoever does "control" the nightly reboots) that the nightly reboots are what's causing this, and/or that this is "expected behavior" when engaging in the dumbassed practice of nightly server reboots. Or you if you fix/fixed it, that the fix will stop working unless the reboots stop or decrease in frequency. You'll get the added benefit of not having to replace your servers in a couple years after the added stress of booting causes a hardware fault. :/

Answer 2

I've seen those errors in our Windows 2003 SP2 TS server. It's rebooted every night (just like yours) for legacy app compatibility reasons.

I assume you've already checked this but but in the past I had some harddrive space problems that led us to a similar scenario.

By the way, any of those TS servers is a DC. Aren't they?

Answer 3

I found a lot of KB articles from Microsoft that hinted about NIC issues and as you said all servers exhibited the same errors. I think that the problem is in your switches. If you have managed switch you must disable Spanning Tree or Enable faststart (for Cisco).

Here are the commands to do it in a Cisco Catalyst Switch:

config terminal
interface Gi1/0/19
spanning-tree portfast

Note to turn off use the command:

no spanning-tree portfast

For reference Cisco

Answer 4

It looks like you are not using STATIC IP addresses but it could be an imaging problem. I highly suggest that you set up static IP addresses if you already don't. Each terminal server should have its own static IP address and be manually configured to point to the proper domain controller.

Event ID 4321 - Error - NetBT This specific error could be several things. I have a feeling that the terminal servers you have were imaged. There is a good chance that after they were imaged the virutal network adapter was not re-made; thus, the NIC info is the exact same for all the servers. If they were imaged and if this is the case, I suggest copying what information you have for the virtual adapters (take a photo of it or something... ip address info, dns and wins info, dns suffixes, etc.) and then then re-create the virutal adapter. All the terminal servers could be trying to communicate and the network gets confused... as 3 servers have the same NIC info. Also, be sure to check all your information. Make sure your subnet mask is correct (probably 255.255.255.0).

I have had a situation much like this where I seemed to be able to use the computers directly, but I was not able to remote in. I found that due to imaging the machines, my virtual adapters needed to be re-made. I hope this helps!