Fixed: Windows 2008 server “No logon Servers Available”

This was a strange issue, usually resolved with a reboot. The server would not process jobs that were scheduled and when we tried to RDP, it would say ” No logon servers available” The issue was unrelated to Kerberos or time settings, instead it was an exhaustion of available ports to communicate with the domain.

The only error to go on was ‘0x80070044 The name limit for the local computer network adapter card was exceeded.’

Searching google mostly came up with recommendation on rebooting the server which would have worked but I wanted to understand what was going on with this…

when running this command

netstat ano | find /c “TIME_WAIT”

There were a ton of connections in the TIME_WAIT state.

 

The fix was quite simple, open an elevated command prompt and enter

netsh int ipv4 set dynamicport tcp start=1025 num=64510

 

wanted to give props to this guy for finding the solution: https://capens.net/content/fix-windows-error-name-limit-local-computer-network-adapter-card-was-exceeded

** Update **

 

This issue may be affecting Citrix as well, and I ran across this TechNet post:

Sever "Hangs" and Ephemeral Port Exhaustion issues

In this post they have a good description of the behavior:

In the case of this type of Server “Hangs”:

  • The mouse works on the console
  • Keyboard works  on the console
  • Local logon will likely work  on the console and RDP
  • Existing connections where no authentication takes place (where Kerberos is going off the box for verification)  will work (file shares, currently connected RDP users)
  • Ping will work (ICMP)
  • UDP connections will  work (NSLookup)
  • TCP Connections Into the box will work
  • TCP connection from the box outside will fail. (Nslookup -v)

More to come as we investigate the issue…

*****UPDATE******

 

This issue was apparently caused by a windows update.

I ran across this today: https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777

According to Microsoft this new update:

Addressed issue where applications that have LDAP referral chasing options enabled use a TCP dynamic port connection that doesn’t close until the applications close or the calling OS restarts. With sufficient time and volume, these applications may completely consume all TCP dynamic ports. If that occurs, network communications will fail for any protocol or operation that uses dynamic ports. This issue was introduced by the July and August 2017 cumulative updates, starting with KB4025337 and KB4025341.

good to know…

 

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: