Проблема с Win2000Server (AD)
Модератор: Модераторы
Сообщений: 13
• Страница 1 из 2 • 1, 2
Dima » 30 авг 2004, 13:28
Help!!!!
Есть такая проблема, гдето через 1.5 месяца после установки вспомогательный сервер Win2000Serv перестал видеть по имени домен Win2000Serv.
На вспомогательном сервере стоит AD и после этого сбоя репликация между AD контролера домена и AD вспомогательного сервера не проходит.
Причем самое интересное, что один из компов локальной сети тоже по имени не видит контролер, а остальные работают нормально.
Догадываюсь, что что-то с DNS, подскажите где и что нужно прописать?
Есть такая проблема, гдето через 1.5 месяца после установки вспомогательный сервер Win2000Serv перестал видеть по имени домен Win2000Serv.
На вспомогательном сервере стоит AD и после этого сбоя репликация между AD контролера домена и AD вспомогательного сервера не проходит.
Причем самое интересное, что один из компов локальной сети тоже по имени не видит контролер, а остальные работают нормально.
Догадываюсь, что что-то с DNS, подскажите где и что нужно прописать?
Harry33 » 30 авг 2004, 13:59
Dima
Для начала dcdiag /v netdiag /v
Для начала dcdiag /v netdiag /v
Знания, которые нельзя применить - бесполезны
Dima » 30 авг 2004, 18:18
вот что дает dcdiag:
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\OLIMP
Starting test: Connectivity
......................... OLIMP passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\OLIMP
Starting test: Replications
REPLICATION LATENCY WARNING
OLIMP: This replication path was preempted by higher priority work.
from NEST to OLIMP
Reason: Win32 Error 8418
The last success occurred at 2004-08-30 16:07.24.
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
OLIMP: This replication path was preempted by higher priority work.
from NEST to OLIMP
Reason: Win32 Error 8418
The last success occurred at 2004-08-30 16:07.24.
Replication of new changes along this path will be delayed.
......................... OLIMP passed test Replications
Starting test: NCSecDesc
......................... OLIMP passed test NCSecDesc
Starting test: NetLogons
......................... OLIMP passed test NetLogons
Starting test: Advertising
......................... OLIMP passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OLIMP passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OLIMP passed test RidManager
Starting test: MachineAccount
......................... OLIMP passed test MachineAccount
Starting test: Services
......................... OLIMP passed test Services
Starting test: ObjectsReplicated
......................... OLIMP passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... OLIMP passed test frssysvol
Starting test: kccevent
......................... OLIMP passed test kccevent
Starting test: systemlog
......................... OLIMP passed test systemlog
Running enterprise tests on : NGST.ART
Starting test: Intersite
......................... NGST.ART passed test Intersite
Starting test: FsmoCheck
......................... NGST.ART passed test FsmoCheck
OLIMP- это контроллер, NEST вспомогательный сервер
И вот netdiag:
Computer Name: OLIMP
DNS Host Name: olimp.NGST.ART
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
List of installed hotfixes :
KB823980
KB835732
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Intel 8255x-based PCI Ethernet Adapter (10/100)' may
not be working.
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
Host Name. . . . . . . . . : olimp
Autoconfiguration IP Address : 169.254.249.34
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
Adapter : 1g
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : olimp
IP Address . . . . . . . . : 192.168.1.202
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 192.168.1.202
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.20
2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do NTLM authenticated ldap_bind to 'NEST': Invalid Credential
s.
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'NEST': Invalid Crede
ntials.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\OLIMP
Starting test: Connectivity
......................... OLIMP passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\OLIMP
Starting test: Replications
REPLICATION LATENCY WARNING
OLIMP: This replication path was preempted by higher priority work.
from NEST to OLIMP
Reason: Win32 Error 8418
The last success occurred at 2004-08-30 16:07.24.
Replication of new changes along this path will be delayed.
REPLICATION LATENCY WARNING
OLIMP: This replication path was preempted by higher priority work.
from NEST to OLIMP
Reason: Win32 Error 8418
The last success occurred at 2004-08-30 16:07.24.
Replication of new changes along this path will be delayed.
......................... OLIMP passed test Replications
Starting test: NCSecDesc
......................... OLIMP passed test NCSecDesc
Starting test: NetLogons
......................... OLIMP passed test NetLogons
Starting test: Advertising
......................... OLIMP passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OLIMP passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OLIMP passed test RidManager
Starting test: MachineAccount
......................... OLIMP passed test MachineAccount
Starting test: Services
......................... OLIMP passed test Services
Starting test: ObjectsReplicated
......................... OLIMP passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... OLIMP passed test frssysvol
Starting test: kccevent
......................... OLIMP passed test kccevent
Starting test: systemlog
......................... OLIMP passed test systemlog
Running enterprise tests on : NGST.ART
Starting test: Intersite
......................... NGST.ART passed test Intersite
Starting test: FsmoCheck
......................... NGST.ART passed test FsmoCheck
OLIMP- это контроллер, NEST вспомогательный сервер
И вот netdiag:
Computer Name: OLIMP
DNS Host Name: olimp.NGST.ART
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
List of installed hotfixes :
KB823980
KB835732
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Intel 8255x-based PCI Ethernet Adapter (10/100)' may
not be working.
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
Host Name. . . . . . . . . : olimp
Autoconfiguration IP Address : 169.254.249.34
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
Adapter : 1g
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : olimp
IP Address . . . . . . . . : 192.168.1.202
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 192.168.1.202
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.20
2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D02E771C-B12C-49EA-BB7A-2BE6210EA28E}
NetBT_Tcpip_{A094136F-CE92-407D-9181-5D2A1F04D7EC}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do NTLM authenticated ldap_bind to 'NEST': Invalid Credential
s.
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'NEST': Invalid Crede
ntials.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
Harry33 » 31 авг 2004, 09:50
Dima
Первое, где шлюз по умолчанию?
Это итоги с Полумертвого контроллера или с живого?
Что рисуется в логах обоих контроллеров?
Первое, где шлюз по умолчанию?
Это итоги с Полумертвого контроллера или с живого?
Что рисуется в логах обоих контроллеров?
Знания, которые нельзя применить - бесполезны
Harry33 » 31 авг 2004, 09:50
Синхронизировано ли время на контроллерах
Знания, которые нельзя применить - бесполезны
Dima » 31 авг 2004, 13:57
Это данные с живого коннтроллера.
В его логах вот что:
- в FileReoplicationServices 3 Warnings:
1. The File Replication Service is having trouble enabling replication from NEST to OLIMP for c:\winnt\sysvol\domain using the DNS name nest.NGST.ART. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name nest.NGST.ART from this computer.
[2] FRS is not running on nest.NGST.ART.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
2. Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller olimp.NGST.ART for FRS replica set configuration information.
The nTDSConnection object cn=07800844-106c-487e-94cc-acdd056a0de4,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art is conflicting with cn=nest,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art. Using cn=07800844-106c-487e-94cc-acdd056a0de4,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art
3. Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller olimp.NGST.ART for FRS replica set configuration information.
Could not find computer object for this computer. Will try again at next polling cycle.
- в DNS Server 2 Error:
1. The DNS server was unable to complete directory service enumeration of zone ngst.art. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
2. The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
- в System 1 Warning:
1. The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible.
Это все с Живого контроллера
В его логах вот что:
- в FileReoplicationServices 3 Warnings:
1. The File Replication Service is having trouble enabling replication from NEST to OLIMP for c:\winnt\sysvol\domain using the DNS name nest.NGST.ART. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name nest.NGST.ART from this computer.
[2] FRS is not running on nest.NGST.ART.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
2. Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller olimp.NGST.ART for FRS replica set configuration information.
The nTDSConnection object cn=07800844-106c-487e-94cc-acdd056a0de4,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art is conflicting with cn=nest,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art. Using cn=07800844-106c-487e-94cc-acdd056a0de4,cn=ntds settings,cn=olimp,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ngst,dc=art
3. Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller olimp.NGST.ART for FRS replica set configuration information.
Could not find computer object for this computer. Will try again at next polling cycle.
- в DNS Server 2 Error:
1. The DNS server was unable to complete directory service enumeration of zone ngst.art. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
2. The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
- в System 1 Warning:
1. The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible.
Это все с Живого контроллера
Dima » 31 авг 2004, 14:18
Причем DNS стоит на живом контроллере OLIMP.
А на вспомогательном сервере NEST такой Warnings в FileReplicationService:
1. The File Replication Service is having trouble enabling replication from OLIMP to NEST for c:\winnt\sysvol\domain using the DNS name olimp.NGST.ART. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name olimp.NGST.ART from this computer.
[2] FRS is not running on olimp.NGST.ART.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
А в System логе такой Error :
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.
А на вспомогательном сервере NEST такой Warnings в FileReplicationService:
1. The File Replication Service is having trouble enabling replication from OLIMP to NEST for c:\winnt\sysvol\domain using the DNS name olimp.NGST.ART. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name olimp.NGST.ART from this computer.
[2] FRS is not running on olimp.NGST.ART.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
А в System логе такой Error :
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.
Harry33 » 31 авг 2004, 15:17
Dima
Запусти W32Time на контроллере! Синхронизируй время на машинах. Подожди репликаций и проверь логи.
У тебя DNS интегрирована в AD?
После проверки служб времени и синхронизации запусти на полумертвом контроллере dcdiag /v /fix и пости итоги сюда
Запусти W32Time на контроллере! Синхронизируй время на машинах. Подожди репликаций и проверь логи.
У тебя DNS интегрирована в AD?
После проверки служб времени и синхронизации запусти на полумертвом контроллере dcdiag /v /fix и пости итоги сюда
Знания, которые нельзя применить - бесполезны
Dima » 02 сен 2004, 14:17
Я перезапустил w32time на контроллере, а при попытке сенхронизировать время на вспомогательном сервере в командной строке, командой net time, появляется такое сообщение:
System error 5 has occurred.
Access is denied.
а при попытке запустить dcdiag пишет:
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.
И еще как посмотреть интегрирован ли DNS в AD
System error 5 has occurred.
Access is denied.
а при попытке запустить dcdiag пишет:
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.
И еще как посмотреть интегрирован ли DNS в AD
Harry33 » 02 сен 2004, 14:45
Dima
Пропиши в переменных окружения в Path путь C:\WINDOWS\system32;C:\Program Files\Support Tools\
Пропиши в переменных окружения в Path путь C:\WINDOWS\system32;C:\Program Files\Support Tools\
Знания, которые нельзя применить - бесполезны
Сообщений: 13
• Страница 1 из 2 • 1, 2
Вернуться в Сетевые операционные системы
Кто сейчас на конференции
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 35