Просмотр темы - Критическая ошибка Active Directory

[andrey_k Профиль ICQ]

Помогите пожалуста, не могу разобраться что не так.

DNS постоянно выдает ошибку 4015:
"DNS-серверу обнаружил критическую ошибку Active Directory. Убедитесь, что Active Directory работает правильно. Расширенная информация об ошибке: "0000218D: SvcErr: DSID-031B063D, problem 5002 (UNAVAILABLE), data 0""

Ошибка появилась после передачи всех ролей с 2000 сервера на сервер 2003 SP1 (затем был установлен SP2) и удалением первого сервера из сети. Сейчас в сети осталось два контроллера домена, один под 2003 (на нем и возникают ошибки), другой под 2000.

Есть ещё симптомы неправильной работы AD - _иногда_ не выполняются сценарии входа в систему (подключение сетевых дисков и пр). Именно эту проблемму и надо решить.

Есть ещё подозрения что репликация работает неправильно. Посоветуйте как это лучше проверить

> netdiag
.......
Per interface results:

Adapter : lan
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 192.168.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.24
Dns Servers. . . . . . . . : 127.0.0.1
10.51.11.11

Adapter : rgdp
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 172.25.44.250
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'server-hp.kgdp.mps.'. [ERROR_TIMEOUT]
The name 'server-hp.kgdp.mps.' may not be registered in DNS.
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.51.11.11'. Please wait for 30 minutes for DNS server replication.

В свойствах dns указана пересылка на адресс 10.51.11.11 т.к. это наш "интранет", к-й работает через шлюз 192.168.1.24

..
Надеюсь на помощь

[slz Профиль]

[andrey_k Профиль ICQ]

[slz Профиль]

[andrey_k Профиль ICQ]

netdiag частично приводил выше, вот полностью:

> netdiag
.....................................

Computer Name: SERVER-HP
DNS Host Name: server-hp.kgdp.mps
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
Q147222

Netcard queries test . . . . . . . : Passed
GetStats failed for 'Прямой параллельный порт'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Минипорт WAN (PPTP)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (PPPoE)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (IP)' may not be working because it has not received any packets.
GetStats failed for 'Минипорт WAN (L2TP)'. [ERROR_NOT_SUPPORTED]

Per interface results:

Adapter : lan
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 192.168.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.24
Dns Servers. . . . . . . . : 127.0.0.1

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : rgdp
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 172.25.44.250
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:

Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
2 NetBt transports currently configured.

Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'server-hp.kgdp.mps.'. [ERROR_TIMEOUT]
The name 'server-hp.kgdp.mps.' may not be registered in DNS.
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped

///////////////////////////

> dcdiag
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: rostov\SERVER-HP
Starting test: Connectivity
......................... SERVER-HP passed test Connectivity

Doing primary tests

Testing server: rostov\SERVER-HP
Starting test: Replications
......................... SERVER-HP passed test Replications
Starting test: NCSecDesc
......................... SERVER-HP passed test NCSecDesc
Starting test: NetLogons
......................... SERVER-HP passed test NetLogons
Starting test: Advertising
......................... SERVER-HP passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Schema Owner, but is deleted.
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.
......................... SERVER-HP failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER-HP passed test RidManager
Starting test: MachineAccount
......................... SERVER-HP passed test MachineAccount
Starting test: Services
......................... SERVER-HP passed test Services
Starting test: ObjectsReplicated
......................... SERVER-HP passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER-HP passed test frssysvol
Starting test: frsevent
......................... SERVER-HP passed test frsevent
Starting test: kccevent
......................... SERVER-HP passed test kccevent
Starting test: systemlog
......................... SERVER-HP passed test systemlog
Starting test: VerifyReferences
......................... SERVER-HP passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : kgdp
Starting test: CrossRefValidation
......................... kgdp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... kgdp passed test CheckSDRefDom

Running enterprise tests on : kgdp.mps
Starting test: Intersite
......................... kgdp.mps passed test Intersite
Starting test: FsmoCheck
......................... kgdp.mps passed test FsmoCheck
/////
вот здесь явная ошибка т.к. CELSIUS-сервер к-го сейчас нет:

Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Schema Owner, but is deleted.
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.


Schema Owner это по русски "хозяин инфраструктуры"? им у нас являеться компьютер xeon.kgdp.mps. Как исправить?

[andrey_k Профиль ICQ]

netdiag частично приводил выше, вот полностью:

> netdiag
.....................................

Computer Name: SERVER-HP
DNS Host Name: server-hp.kgdp.mps
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
Q147222

Netcard queries test . . . . . . . : Passed
GetStats failed for 'Прямой параллельный порт'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Минипорт WAN (PPTP)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (PPPoE)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (IP)' may not be working because it has not received any packets.
GetStats failed for 'Минипорт WAN (L2TP)'. [ERROR_NOT_SUPPORTED]

Per interface results:

Adapter : lan
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 192.168.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.24
Dns Servers. . . . . . . . : 127.0.0.1

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : rgdp
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server-hp
IP Address . . . . . . . . : 172.25.44.250
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:

Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
2 NetBt transports currently configured.

Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'server-hp.kgdp.mps.'. [ERROR_TIMEOUT]
The name 'server-hp.kgdp.mps.' may not be registered in DNS.
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F332D96C-FFF1-4954-8B4B-64AEAC497DD2}
NetBT_Tcpip_{D9AD01C7-22E6-4BB6-B6F6-7FD168F9AC4C}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped

///////////////////////////

> dcdiag
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: rostov\SERVER-HP
Starting test: Connectivity
......................... SERVER-HP passed test Connectivity

Doing primary tests

Testing server: rostov\SERVER-HP
Starting test: Replications
......................... SERVER-HP passed test Replications
Starting test: NCSecDesc
......................... SERVER-HP passed test NCSecDesc
Starting test: NetLogons
......................... SERVER-HP passed test NetLogons
Starting test: Advertising
......................... SERVER-HP passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Schema Owner, but is deleted.
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.
......................... SERVER-HP failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER-HP passed test RidManager
Starting test: MachineAccount
......................... SERVER-HP passed test MachineAccount
Starting test: Services
......................... SERVER-HP passed test Services
Starting test: ObjectsReplicated
......................... SERVER-HP passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER-HP passed test frssysvol
Starting test: frsevent
......................... SERVER-HP passed test frsevent
Starting test: kccevent
......................... SERVER-HP passed test kccevent
Starting test: systemlog
......................... SERVER-HP passed test systemlog
Starting test: VerifyReferences
......................... SERVER-HP passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : kgdp
Starting test: CrossRefValidation
......................... kgdp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... kgdp passed test CheckSDRefDom

Running enterprise tests on : kgdp.mps
Starting test: Intersite
......................... kgdp.mps passed test Intersite
Starting test: FsmoCheck
......................... kgdp.mps passed test FsmoCheck
/////
вот здесь явная ошибка т.к. CELSIUS-сервер к-го сейчас нет:

Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Schema Owner, but is deleted.
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.


Schema Owner это по русски "хозяин инфраструктуры"? им у нас являеться компьютер xeon.kgdp.mps. Как исправить?

[andrey_k Профиль ICQ]

Частично разобрался. Захватил роль Schema Owner ntdsutil. В dcdiag осталась одна ошибка, как ее победить не знаю:

>dcdiag
....
Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.

[andrey_k Профиль ICQ]

Частично разобрался. Захватил роль Schema Owner при помощи ntdsutil. В dcdiag осталась одна ошибка, как ее победить не знаю:

>dcdiag
....
Starting test: KnowsOfRoleHolders
Warning: CN=NTDS Settings\0ADEL:0fe14b8c-0030-4e0c-9b19-7af04ccb3418,CN=CELSIUS\0ADEL:3164fcf8-9ff5-4445-bb0d-7581d02d4a83,CN=Servers,CN=rostov,CN=Sites,CN=Configuration,DC=kgdp,DC=mps is the Domain Owner, but is deleted.

[slz Профиль]

[andrey_k Профиль ICQ]

Всё, окончательно разобрался! Поюзал dcdiag, помогло. Спасибо за помощь.

Ошибки лезли из-за того, что когда убирали старый сервер, новому забыли передать две роли - shema master и domain naming master. Захватил их при помощи ntdsutil и все ошибки исчезли.