Коллеги помогите решить проблему. Сервер с системой Windows 2003 server SP1 на нём настроены резервный контролер домена, DNS, DHCP, WINS. После проблемы с винтом на сервере, пришлось восстанавливать систему с резервной копии, сделанной с помощью Acronis всё встало гладко без ошибок, но после загрузки выяснилось что к серверу из локалки никто не может обратится по имени (в ответ пишет что типа отсутствуют права) а по IP спокойно к нему всё проходит. Причём при попытке понизить ему роль он пишет фразу что Операция не выполнена по следующей причине:
Active directory не удолось передать оставшиеся в разделе СN=Schema, CN=Congiguration,DC=mselz,DC=local данные котроллеру доменов xxxxx.mselz.local
“Вход в ситему не произведён: конечная учётная запись указанна неверно.”
Также после удаления его учётной записи в AD к нему стало возможно обращаться по имени.
пришлось восстанавливать систему с резервной копии, сделанной с помощью Acronis
[/quote]
А имидж старше 30 дней.
Слетел пароль учетной записи компа (DC), надо было просто его отресетить.
http://support.microsoft.com/kb/260575/ru При доступе по имени используется Kerberos, а т.к. пароль для DC изменился - в доступе отлуп. При доступе по IP используется NTLM, а там все ок.
Цитата
Также после удаления его учётной записи в AD к нему стало возможно обращаться по имени.
[/quote]
учетку восстанавливать, как ты ей пароль отресетишь, если ее нет в AD сейчас от него осталься только GUID в зоне _msdcs.имя_леса.
Сделай для начала dcdiag и netdiag, результат запости сюда
и ipconfig /all c обоих DC
Testing server: Default-First-Site-Name\HPSERVER
Starting test: Replications
[Replications Check,HPSERVER] A recent replication attempt failed:
From SERVERXP to HPSERVER
Naming Context: DC=ForestDnsZones,DC=mselz,DC=local
The replication generated an error (1256):
Удаленная система недоступна. За информацией о разрешении проблем в
сети, обратитесь к справочной системе Windows.
The failure occurred at 2006-08-10 07:45:09.
The last success occurred at 2006-08-04 13:50:08.
141 failures have occurred since the last success.
[Replications Check,HPSERVER] A recent replication attempt failed:
From SERVERXP to HPSERVER
Naming Context: DC=DomainDnsZones,DC=mselz,DC=local
The replication generated an error (1256):
Удаленная система недоступна. За информацией о разрешении проблем в
сети, обратитесь к справочной системе Windows.
The failure occurred at 2006-08-10 07:45:09.
The last success occurred at 2006-08-04 13:50:08.
156 failures have occurred since the last success.
[Replications Check,HPSERVER] A recent replication attempt failed:
From SERVERXP to HPSERVER
Naming Context: CN=Schema,CN=Configuration,DC=mselz,DC=local
The replication generated an error (1396):
Вход в систему не произведен: конечная учетная запись указана неверн
о.
The failure occurred at 2006-08-10 07:45:09.
The last success occurred at 2006-08-04 13:50:08.
151 failures have occurred since the last success.
Kerberos Error.
The KDC could not find the SPN for the server SERVERXP.
This can be for several reasons:
(1) - The SPN is not registered on the KDC (usually HPSERVER).
Check that the SPN is registered on at least one other server
besides SERVERXP, and that replication is progressing between
this server and the KDC. The tool repadmin/syncall can be used
for this purpose.
(2) - This server could be a deleted server (and deleted DSA
object), and this deletion has not replicated across the
enterprise yet. This will rectify itself within the general
replication latency plus the latency of the KCC. Should be less
than a day.
(3) - It's possible that this server was reclaimed, but it's
DSA object was not deleted and an old DNS record representing
the server is present. This can result in this error for the
duration of a DNS record lease. Often about 2 weeks. To fix
this, please clean up the DSA's metadata with ntdsutil.
(4) - Finally, it's possible that this server has acquired a
new IP address, the server's old IP address has been reused, and
DNS hasn't been updated to reflect the new IP address. If this
problem persists, stop and restart the "Net Logon" service on
SERVERXP, and delete the old DNS record.
[Replications Check,HPSERVER] A recent replication attempt failed:
From SERVERXP to HPSERVER
Naming Context: CN=Configuration,DC=mselz,DC=local
The replication generated an error (1396):
Вход в систему не произведен: конечная учетная запись указана неверн
о.
The failure occurred at 2006-08-10 07:45:09.
The last success occurred at 2006-08-04 13:50:08.
145 failures have occurred since the last success.
Kerberos Error.
The KDC could not find the SPN for the server SERVERXP.
This can be for several reasons:
(1) - The SPN is not registered on the KDC (usually HPSERVER).
Check that the SPN is registered on at least one other server
besides SERVERXP, and that replication is progressing between
this server and the KDC. The tool repadmin/syncall can be used
for this purpose.
(2) - This server could be a deleted server (and deleted DSA
object), and this deletion has not replicated across the
enterprise yet. This will rectify itself within the general
replication latency plus the latency of the KCC. Should be less
than a day.
(3) - It's possible that this server was reclaimed, but it's
DSA object was not deleted and an old DNS record representing
the server is present. This can result in this error for the
duration of a DNS record lease. Often about 2 weeks. To fix
this, please clean up the DSA's metadata with ntdsutil.
(4) - Finally, it's possible that this server has acquired a
new IP address, the server's old IP address has been reused, and
DNS hasn't been updated to reflect the new IP address. If this
problem persists, stop and restart the "Net Logon" service on
SERVERXP, and delete the old DNS record.
[Replications Check,HPSERVER] A recent replication attempt failed:
From SERVERXP to HPSERVER
Naming Context: DC=mselz,DC=local
The replication generated an error (1396):
Вход в систему не произведен: конечная учетная запись указана неверн
о.
The failure occurred at 2006-08-10 08:18:20.
The last success occurred at 2006-08-04 14:08:30.
342 failures have occurred since the last success.
Kerberos Error.
The KDC could not find the SPN for the server SERVERXP.
This can be for several reasons:
(1) - The SPN is not registered on the KDC (usually HPSERVER).
Check that the SPN is registered on at least one other server
besides SERVERXP, and that replication is progressing between
this server and the KDC. The tool repadmin/syncall can be used
for this purpose.
(2) - This server could be a deleted server (and deleted DSA
object), and this deletion has not replicated across the
enterprise yet. This will rectify itself within the general
replication latency plus the latency of the KCC. Should be less
than a day.
(3) - It's possible that this server was reclaimed, but it's
DSA object was not deleted and an old DNS record representing
the server is present. This can result in this error for the
duration of a DNS record lease. Often about 2 weeks. To fix
this, please clean up the DSA's metadata with ntdsutil.
(4) - Finally, it's possible that this server has acquired a
new IP address, the server's old IP address has been reused, and
DNS hasn't been updated to reflect the new IP address. If this
problem persists, stop and restart the "Net Logon" service on
SERVERXP, and delete the old DNS record.
REPLICATION-RECEIVED LATENCY WARNING
HPSERVER: Current time is 2006-08-10 08:29:20.
DC=ForestDnsZones,DC=mselz,DC=local
Last replication recieved from SERVERXP at 2006-08-04 13:50:08.
DC=DomainDnsZones,DC=mselz,DC=local
Last replication recieved from SERVERXP at 2006-08-04 13:50:08.
CN=Schema,CN=Configuration,DC=mselz,DC=local
Last replication recieved from SERVERXP at 2006-08-04 13:50:08.
CN=Configuration,DC=mselz,DC=local
Last replication recieved from SERVERXP at 2006-08-04 13:50:08.
DC=mselz,DC=local
Last replication recieved from SERVERXP at 2006-08-04 14:08:30.
......................... HPSERVER passed test Replications
Starting test: NCSecDesc
......................... HPSERVER passed test NCSecDesc
Starting test: NetLogons
......................... HPSERVER passed test NetLogons
Starting test: Advertising
......................... HPSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... HPSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... HPSERVER passed test RidManager
Starting test: MachineAccount
......................... HPSERVER passed test MachineAccount
Starting test: Services
......................... HPSERVER passed test Services
Starting test: ObjectsReplicated
......................... HPSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... HPSERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... HPSERVER failed test frsevent
Starting test: kccevent
......................... HPSERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 07:33:01
Event String: The session setup from computer 'A-2-12-3' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 08/10/2006 07:39:31
Event String: The session setup from the computer A-2-12-3
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 07:42:55
Event String: The session setup from computer 'A-4-49-3' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 08/10/2006 07:45:27
Event String: The session setup from the computer A-4-49-3
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 07:49:47
Event String: The session setup from computer 'A-3-34-1' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 08/10/2006 07:53:19
Event String: The session setup from the computer A-3-34-1
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 08:09:03
Event String: The session setup from computer 'A-3-B-00' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 08/10/2006 08:11:18
Event String: The session setup from the computer A-3-B-00
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 08:12:35
Event String: The session setup from computer 'A-3-38-2' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 08/10/2006 08:15:27
Event String: The session setup from the computer A-3-38-2
An Error Event occured. EventID: 0x00000457
Time Generated: 08/10/2006 08:16:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/10/2006 08:28:25
Event String: The session setup from computer 'A-3-33-1' failed
......................... HPSERVER failed test systemlog
Starting test: VerifyReferences
......................... HPSERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mselz
Starting test: CrossRefValidation
......................... mselz passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mselz passed test CheckSDRefDom
Running enterprise tests on : mselz.local
Starting test: Intersite
......................... mselz.local passed test Intersite
Starting test: FsmoCheck
......................... mselz.local passed test FsmoCheck
Testing server: Default-First-Site-Name\SERVERXP
Starting test: Replications
[Replications Check,SERVERXP] Inbound replication is disabled.
To correct, run "repadmin /options SERVERXP -DISABLE_INBOUND_REPL"
[Replications Check,SERVERXP] Outbound replication is disabled.
To correct, run "repadmin /options SERVERXP -DISABLE_OUTBOUND_REPL"
......................... SERVERXP failed test Replications
Starting test: NCSecDesc
......................... SERVERXP passed test NCSecDesc
Starting test: NetLogons
......................... SERVERXP passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\HPServer.mselz.local, w
hen we were trying to reach SERVERXP.
Server is not responding or is not considered suitable.
......................... SERVERXP failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVERXP passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVERXP passed test RidManager
Starting test: MachineAccount
......................... SERVERXP passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVERXP]
NETLOGON Service is paused on [SERVERXP]
......................... SERVERXP failed test Services
Starting test: ObjectsReplicated
......................... SERVERXP passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVERXP passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVERXP failed test frsevent
Starting test: kccevent
......................... SERVERXP passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40011006
Time Generated: 08/10/2006 07:35:11
Event String: The connection was aborted by the remote WINS.
An Error Event occured. EventID: 0x40000004
Time Generated: 08/10/2006 07:50:13
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 08/10/2006 07:51:05
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40011006
Time Generated: 08/10/2006 08:05:11
Event String: The connection was aborted by the remote WINS.
An Error Event occured. EventID: 0x00000457
Time Generated: 08/10/2006 08:15:35
(Event String could not be retrieved)
......................... SERVERXP failed test systemlog
Starting test: VerifyReferences
......................... SERVERXP passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mselz
Starting test: CrossRefValidation
......................... mselz passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mselz passed test CheckSDRefDom
Running enterprise tests on : mselz.local
Starting test: Intersite
......................... mselz.local passed test Intersite
Starting test: FsmoCheck
......................... mselz.local passed test FsmoCheck
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{84BA602D-9A72-46B3-96CC-099DFA24C339}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{84BA602D-9A72-46B3-96CC-099DFA24C339}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{84BA602D-9A72-46B3-96CC-099DFA24C339}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
Computer Name: SERVERXP
DNS Host Name: SERVERXP.mselz.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B224E478-3DD4-409E-AB7A-A07252552790}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.2'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B224E478-3DD4-409E-AB7A-A07252552790}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B224E478-3DD4-409E-AB7A-A07252552790}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'MSELZ' is broken. [ERROR_ACCESS_DENIED]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] The default SPN registration for 'HOST/SERVERXP.mselz.local' is mi
ssing on DC 'HPServer.mselz.local'.
[WARNING] The default SPN registration for 'HOST/SERVERXP' is missing on DC
'HPServer.mselz.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
В Win 2000/2003 нет основных и резервных DC, все равноправны.
Режим работы леса и домена?
Кто GC?
netdom query fsmo - сюда.
1. на SERVERXP - net stop kdc
2. Восстановить учетку DC - на HPSERVER -adrestore -r SERVERXP
3. net start kdc
4. Изменить в свойствах TCP/IP на SERVERXP - примари ДНС -192.168.1.1, альтернативный - 192.168.1.2
5. Перезапустить netlogon на SERVERXP - net stop netlogon, net start netlogon.
6. на SERVERXP - netdiag /fix
7. подождать 5 мин - потом repadmin /showrepl - сюда.
8. dcdiag - сюда (псотить надо только ошибки, я читать научился уже давно, году этак в 77-78 )
На HPSERVER сколько интерфейсов?
Зачем вот это -
cooler3d » 09 авг 2006, 12:54 