Hi,
We have a DC in our environment that is used for a one way cross domain trust. It is server 2008 R2 Virtual Machine on Hyper-V, and it runs DNS also.
Recently we've noticed that it becomes unresponsive, or loses packets every minute ..and that's to the second.
It has 2 NICs, one for our network, and one for the other Domains network, the trust is working ok mainly (except for some authentication problems intermittently between us and the other Domains US office)
In order to find out what is running every minute, i've tried:
1. PROCMON ....nothing really stands out, just looks like standard server activities, nothing showing that it took 3 seconds to finish (sometimes the ping takes 3 seconds to return) ..I've ran this about 20 times with everything switched on
2. AV was removed
3. DNS is working correctly, and can forward to the internet
4. PROCEXPLORER - also not a great help as nothing spikes the CPU
5. Task Manager - nothing is spiking the CPU, and nothing is hogging the resources
6. netlogon.log shows lots of "domain threat doing API timeout" ..which i've already asked about, but the only answer was that we might have network problems
7. Wireshark - nearly impossible to check what was happening at the exact time on a cross domain trust DC ..there is LOTS going on.
So basically we have a DC that looks fine, that is intermittently failing NTLM authentication requests with the US, and that is dropping packets or taking a long time to respond every single minute.
There is nothing in scheduled tasks. Local IP configuration is fine. I've switched on firewall logging, but not a great deal there. Something is making the server 'think' for a couple of seconds and its making everything else wait ..but its not taking a lot of resources. ..I've also moved it to another cluster node several times, but still no luck. pinging 127, and its own IP doesn't drop packets!!! so that suggest its only pings coming in ...
Very complex I know, but i'm getting to the end of my tether with it. Does anyone know how I can track down what the hell is going on?! :)
Kind Regards,
Jon