Error al acceder a Usuarios y Equipos de directorio Activo

Todas las respuestas

• 

  

  0

  Inicie sesión para votar

  Pasa un dcdiag y un netdiag a ese dominio y mira qué errores te canta.

  Esos dos programas los puedes instalar desde el Resource Kit de Windows 2000 y 2003, respectivamente.

   

  Pero por los errores que muestras, diría que ha fallado la replicación entre los DCs y que el dominio se ha ido al carajo...

  ---

  Saludos,
  
  Marc
  MCSA/MCSE 2003
  MCITP: Enterprise Administrator (Windows Server 2008)
  MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
  MCC: Microsoft Community Contributor 2011
  Citrix CCA

  lunes, 4 de julio de 2011 16:23

  Responder

  |

  Citar

  Moderador
• 

  

  0

  Inicie sesión para votar

  Tambien me encontre con que en el servidor2 es posible acceder a Usuarios y Equipos.

  Y en ambas consolas DNS muestran al otro con "acceso denegado" "Ud. no tiene permisos

  para acceder a este DNS solo los miembros of the local Administrator and system opera tienen

  suficientes permisos...."

  Ejecute los comando indicados tomando como referencia ls indicaciones en http://support.microsoft.com/kb/265706/es

  no se si sera sufiente para dar una pista y poder tratar de resolver el problema.

  --------------

  >dcdiag /test:registerindns /dnsdomain:richicentral.com.ar
     Starting test: RegisterInDNS
        DNS configuration is sufficient to allow this domain controller to
        dynamically register the domain controller Locator records in DNS.
  
        The DNS configuration is sufficient to allow this computer to dynamically
        register the A record corresponding to its DNS name.
  
        ......................... server1 passed test RegisterInDNS

  >netdiag /test:dsgetdc /d:richicentral /v     * POSTEO SóLO la información que indica FALLA
  
  

  Domain membership test . . . . . . : Failed
      [WARNING] Ths system volume has not been completely replicated to the local
  machine. This machine is not working properly as a DC.
      Machine is a . . . . . . . . . : Primary Domain Controller Emulator
      Netbios Domain name. . . . . . : RICHI_CENTRAL
      Dns domain name. . . . . . . . : richicentral.com.ar
      Dns forest name. . . . . . . . : richicentral.com.ar
      Domain Guid. . . . . . . . . . : {FA1F0BDE-6C11-472E-B886-A1E0745EE2B9}
      Domain Sid . . . . . . . . . . : S-1-5-21-1304719106-1238846308-6498272
      Logon User . . . . . . . . . . : Administrator
      Logon Domain . . . . . . . . . : RICHI_CENTRAL

   

  ---

  Richi Central

  lunes, 4 de julio de 2011 19:58

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Pasa ambos comandos completos (sin parámetros) a ver qué más marcan

  ---

  Saludos,
  
  Marc
  MCSA/MCSE 2003
  MCITP: Enterprise Administrator (Windows Server 2008)
  MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
  MCC: Microsoft Community Contributor 2011
  Citrix CCA

  martes, 5 de julio de 2011 8:36

  Responder

  |

  Citar

  Moderador
• 

  

  0

  Inicie sesión para votar

  DCDIAG.txt

  
  Domain Controller Diagnosis
  
  Performing initial setup:
     Done gathering initial info.
  
  Doing initial required tests
    
     Testing server: Default-First-Site-Name\servidor1
        Starting test: Connectivity
           ......................... servidor1 passed test Connectivity
  
  Doing primary tests
    
     Testing server: Default-First-Site-Name\servidor1
        Starting test: Replications
           [Replications Check,servidor1] A recent replication attempt failed:
              From servidor2 to servidor1
              Naming Context: CN=Configuration,DC=richicentral,DC=com,DC=ar
              The replication generated an error (8453):
              Replication access was denied.
              The failure occurred at 2011-07-05 23:54.07.
              The last success occurred at 2011-07-01 19:52.42.
              55 failures have occurred since the last success.
              The machine account for the destination servidor1.
              is not configured properly.
              Check the userAccountControl field.
              Kerberos Error.
              The machine account is not present, or does not match on the.
              destination, source or KDC servers.
              Verify domain partition of KDC is in sync with rest of enterprise.
              The tool repadmin/syncall can be used for this purpose.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source servidor2
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           [Replications Check,servidor1] A recent replication attempt failed:
              From servidor2 to servidor1
              Naming Context: DC=richicentral,DC=com,DC=ar
              The replication generated an error (8453):
              Replication access was denied.
              The failure occurred at 2011-07-05 23:54.06.
              The last success occurred at 2011-07-01 19:52.42.
              66 failures have occurred since the last success.
              The machine account for the destination servidor1.
              is not configured properly.
              Check the userAccountControl field.
              Kerberos Error.
              The machine account is not present, or does not match on the.
              destination, source or KDC servers.
              Verify domain partition of KDC is in sync with rest of enterprise.
              The tool repadmin/syncall can be used for this purpose.
           REPLICATION LATENCY WARNING
           ERROR: Expected notification link is missing.
           Source servidor2
           Replication of new changes along this path will be delayed.
           This problem should self-correct on the next periodic sync.
           ......................... servidor1 passed test Replications
        Starting test: NCSecDesc
           ......................... servidor1 passed test NCSecDesc
        Starting test: NetLogons
           ......................... servidor1 passed test NetLogons
        Starting test: Advertising
           ......................... servidor1 passed test Advertising
        Starting test: KnowsOfRoleHolders
           ......................... servidor1 passed test KnowsOfRoleHolders
        Starting test: RidManager
           ......................... servidor1 passed test RidManager
        Starting test: MachineAccount
           * servidor1 is not a server trust account
           ......................... servidor1 failed test MachineAccount
        Starting test: Services
           ......................... servidor1 passed test Services
        Starting test: ObjectsReplicated
           ......................... servidor1 passed test ObjectsReplicated
        Starting test: frssysvol
           ......................... servidor1 passed test frssysvol
        Starting test: kccevent
           An Error Event occured.  EventID: 0xC0000583
              Time Generated: 07/06/2011   00:40:49
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC0000583
              Time Generated: 07/06/2011   00:46:37
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC0000583
              Time Generated: 07/06/2011   00:50:35
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC0000583
              Time Generated: 07/06/2011   00:52:50
              (Event String could not be retrieved)
           ......................... servidor1 failed test kccevent
        Starting test: systemlog
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 07/06/2011   00:26:20
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 07/06/2011   00:26:20
              (Event String could not be retrieved)
           ......................... servidor1 failed test systemlog
    
     Running enterprise tests on : richicentral.com.ar
        Starting test: Intersite
           ......................... richicentral.com.ar passed test Intersite
        Starting test: FsmoCheck
           ......................... richicentral.com.ar passed test FsmoCheck

  ---------------------------------------------------------------------------------

  NETDIAG.txt

  
  ......................................
  
      Computer Name: server1
      DNS Host Name: server1.richicentral.com.ar
      System info : Windows 2000 Server (Build 2195)
      Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
      List of installed hotfixes :
          KB329115
          KB822343
          KB823182
          KB823559
          KB824105
          KB825119
          KB826232
          KB828035
          KB828749
          KB832353
          KB832359
          KB841356
          KB842773
          KB885836
          KB893756
          KB893803v2
          KB896358
          KB896422
          KB896423
          KB899587
          KB899589
          KB899591
          KB900725
          KB901017
          KB901214
          KB905414
          KB905495-IE6SP1-20050805.184113
          KB905749
          KB908531
          KB911564
          KB913580
          KB914388
          KB917008
          KB917537
          KB918118
          KB920213
          KB920670
          KB920683
          KB921398
          KB922582
          KB923191
          KB923810
          KB923980
          KB924270
          KB924667
          KB925398_WMP64
          KB925902
          KB926436
          KB927891
          KB928843
          KB935839
          KB937894
          KB938827
          KB942831
          KB943055
          KB943485
          KB944338
          KB950749
          KB950760
          KB950974
          KB951748-V2
          KB952004
          KB952954
          KB953155
          KB954600_WM41
          KB955069
          KB955759
          KB956802
          KB956844
          KB957097
          KB958470
          KB958644
          KB958687
          KB958869-IE6SP1-20090818.120000
          KB959426
          KB960225
          KB960803
          KB960859
          KB961063
          KB961501
          KB967715
          KB969059
          KB969947
          KB970238
          KB970483
          KB971468
          KB971961
          KB972270
          KB973037
          KB973507
          KB973869
          KB973904
          KB974112_WM41
          KB974318
          KB974392
          KB974571
          KB974783
          KB975254
          KB975560_DX9
          KB975562_DX9
          KB976323
          KB977290
          KB977816_WM9
          KB977914
          KB978037
          KB978262
          KB978542-OE6SP1-20100202.120000
          KB978601
          KB979309
          KB979482
          KB979559
          KB979683
          KB980182-IE6SP1-20100305.120000
          KB980195
          KB980218
          KB980232
          KB981350
          KB982381-IE6SP1-20100414.120000
          Q147222
          Q828026
          Update Rollup 1
  
  
  Netcard queries test . . . . . . . : Passed
  
  
  
  Per interface results:
  
      Adapter : Local Area Connection
  
          Netcard queries test . . . : Passed
  
          Host Name. . . . . . . . . : server1
          IP Address . . . . . . . . : 192.168.3.7
          Subnet Mask. . . . . . . . : 255.255.255.0
          Default Gateway. . . . . . : 192.168.3.254
          Dns Servers. . . . . . . . : 192.168.3.10
                                       192.168.3.91
  
  
          AutoConfiguration results. . . . . . : Passed
  
          Default gateway test . . . : Passed
  
          NetBT name test. . . . . . : Passed
  
          WINS service test. . . . . : Skipped
              There are no WINS servers configured for this interface.
  
  
  Global results:
  
  
  Domain membership test . . . . . . : Passed
  
  
  NetBT transports test. . . . . . . : Passed
      List of NetBt transports currently configured:
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      1 NetBt transport currently configured.
  
  
  Autonet address test . . . . . . . : Passed
  
  
  IP loopback ping test. . . . . . . : Passed
  
  
  Default gateway test . . . . . . . : Passed
  
  
  NetBT name test. . . . . . . . . . : Passed
  
  
  Winsock test . . . . . . . . . . . : Passed
  
  
  DNS test . . . . . . . . . . . . . : Passed
                [WARNING]: The DNS registration for 'server1.richicentral.com.ar' is correct only on some DNS servers.
                     Please wait 15 min for replication and run the test again.
      PASS - All the DNS entries for DC are registered on DNS server '192.168.3.10' and other DCs also have some of
  
  the names registered.
      PASS - All the DNS entries for DC are registered on DNS server '192.168.3.91' and other DCs also have some of
  
  the names registered.
  
  
  Redir and Browser test . . . . . . : Passed
      List of NetBt transports currently bound to the Redir
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      The redir is bound to 1 NetBt transport.
  
      List of NetBt transports currently bound to the browser
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      The browser is bound to 1 NetBt transport.
  
  
  DC discovery test. . . . . . . . . : Passed
  
  
  DC list test . . . . . . . . . . . : Passed
  
  
  Trust relationship test. . . . . . : Skipped
  
  
  Kerberos test. . . . . . . . . . . : Passed
  
  
  LDAP test. . . . . . . . . . . . . : Passed
      [WARNING] Failed to query SPN registration on DC 'srv2000.richicentral.com.ar'.
  
  
  Bindings test. . . . . . . . . . . : Passed
  
  
  WAN configuration test . . . . . . : Skipped
      No active remote access connections.
  
  
  Modem diagnostics test . . . . . . : Passed
  
  IP Security test . . . . . . . . . : Passed
      IPSec policy service is active, but no policy is assigned.
  
  
  The command completed successfully

  ---

  Richi Central

  miércoles, 6 de julio de 2011 4:08

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Buf, no me gusta el error de "Replication Access was denied".

  Mira esto http://support.microsoft.com/kb/262795 y el punto 2 de http://support.microsoft.com/kb/329860

  Tampoco me gusta el error del SPN, "Failed to query SPN registration on DC 'srv2000.richicentral.com.ar'."

   

  Se ha tocado algo en los últimos 5 días desde que empezó a aparecer el error de replicación?

  ---

  Saludos,
  
  Marc
  MCSA/MCSE 2003
  MCITP: Enterprise Administrator (Windows Server 2008)
  MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
  MCC: Microsoft Community Contributor 2011
  Citrix CCA

  • Propuesto como respuesta Ismael Borche jueves, 7 de julio de 2011 14:46
  • Marcado como respuesta Ismael Borche viernes, 8 de julio de 2011 23:22

  miércoles, 6 de julio de 2011 7:40

  Responder

  |

  Citar

  Moderador
• 

  

  0

  Inicie sesión para votar

  Empiezo por lo segundo. SRV2000 es un controlador que utiilzabamos para pruebas instalado en una maquina virtual y que ya no deberia existir, dado que el equipo que lo alojaba no esta en funcionamiento,osea que quedo hurfano. Ya estuve leyendo acerca de remover controladores huerfanos.

  Respecto a la solución del kb262795, la cuenta del administrator existe en ambos servidores.

  Para KB329860 seguí los pasos de la ´resolución´, para :Paso 3: Restablecer la contraseña de canal seguro

  luego de la ejecucion del comado ´nltest´ obtuve la resuesta.

  ---

  Flags:0

  Connection Status= 0 0x0 NERR_Success

  The command completed successfully

  ---

  No reinicie el sevidor aún, ya que por el momento funciona para las necesisades urgentes, acceso a carpetas de red y Correo exchange.

  No se que pasara cuando lo reinicie. Aviso ni bien lo haga.

  ---

  Richi Central

  lunes, 11 de julio de 2011 16:32

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Encontre algo más. En el recurso donde estan los scripts de conexión de unidades e impresoras de cada usuario Logon script

  D:\WINNT\SYSVOL\sysvol\richicentral.com.ar antes tenia las carpetas

  -Policies

  -script

  Ahora además tengo una carpeta oculta/readOnly llamanda DO_NOT_REMOVE_NtFrs_Preinstall_Directory

  y además de las antes mencionadas otras dos más

  -Policies_NTFRS_158e0e8f

  -script_NTFRS_158e070d

  ---

  Richi Central

  lunes, 11 de julio de 2011 19:22

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Ok, pero SYSVOL aparece compartido correctamente?

  ---

  Saludos,
  
  Marc
  MCSA/MCSE 2003
  MCITP: Enterprise Administrator (Windows Server 2008)
  MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
  MCC: Microsoft Community Contributor 2011
  Citrix CCA

  martes, 12 de julio de 2011 10:29

  Responder

  |

  Citar

  Moderador
• 

  

  0

  Inicie sesión para votar

  WINNT\SYSVOL\sysvol     compartido ´SYSVOL´, permisos full para Administrators, Authenticated Users, Everyone

   

  WINNT\SYSVOL\sysvol\richicentral.com.ar\scritps compartido NETLOGON permisos full para Administrators, Everyone

  ---

  Richi Central
  

  martes, 12 de julio de 2011 12:09

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Ok, si pasas el netdiag y el dcdiag, salen "limpios"?

  ---

  Saludos,
  
  Marc
  MCSA/MCSE 2003
  MCITP: Enterprise Administrator (Windows Server 2008)
  MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
  MCC: Microsoft Community Contributor 2011
  Citrix CCA

  martes, 12 de julio de 2011 12:12

  Responder

  |

  Citar

  Moderador
• 

  

  0

  Inicie sesión para votar

  Me parece que va queriendo Marc!!! creo que esta 'cosa' empieza a curarse.

  Probe la replicación y ya no informa el error de clave.

  Aunque aún dcdiag y netdiag no estan totalmente limpios.

   

  DCDIAG

  Domain Controller Diagnosis
  
  Performing initial setup:
     Done gathering initial info.
  
  Doing initial required tests
    
     Testing server: Default-First-Site-Name\servidor1
        Starting test: Connectivity
           ......................... servidor1 passed test Connectivity
  
  Doing primary tests
    
     Testing server: Default-First-Site-Name\servidor1
        Starting test: Replications
           ......................... servidor1 passed test Replications
        Starting test: NCSecDesc
           ......................... servidor1 passed test NCSecDesc
        Starting test: NetLogons
           ......................... servidor1 passed test NetLogons
        Starting test: Advertising
           ......................... servidor1 passed test Advertising
        Starting test: KnowsOfRoleHolders
           ......................... servidor1 passed test KnowsOfRoleHolders
        Starting test: RidManager
           ......................... servidor1 passed test RidManager
        Starting test: MachineAccount
           ......................... servidor1 passed test MachineAccount
        Starting test: Services
           ......................... servidor1 passed test Services
        Starting test: ObjectsReplicated
           ......................... servidor1 passed test ObjectsReplicated
        Starting test: frssysvol
           There are errors after the SYSVOL has been shared.
           The SYSVOL can prevent the AD from starting.
           ......................... servidor1 passed test frssysvol
        Starting test: kccevent
           ......................... servidor1 passed test kccevent
        Starting test: systemlog
           ......................... servidor1 passed test systemlog
    
     Running enterprise tests on : richicentral.com.ar
        Starting test: Intersite
           ......................... richicentral.com.ar passed test Intersite
        Starting test: FsmoCheck
           ......................... richicentral.com.ar passed test FsmoCheck

   

   

  NETDIAG

  ......................................
  
      Computer Name: servidor1
      DNS Host Name: servidor1.richicentral.com.ar
      System info : Windows 2000 Server (Build 2195)
      Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
      List of installed hotfixes :
          KB329115
          KB822343
          KB823182
          KB823559
          KB824105
          KB825119
          KB826232
          KB828035
          KB828749
          KB832353
          KB832359
          KB841356
          KB842773
          KB885836
          KB893756
          KB893803v2
          KB896358
          KB896422
          KB896423
          KB899587
          KB899589
          KB899591
          KB900725
          KB901017
          KB901214
          KB905414
          KB905495-IE6SP1-20050805.184113
          KB905749
          KB908531
          KB911564
          KB913580
          KB914388
          KB917008
          KB917537
          KB918118
          KB920213
          KB920670
          KB920683
          KB921398
          KB922582
          KB923191
          KB923810
          KB923980
          KB924270
          KB924667
          KB925398_WMP64
          KB925902
          KB926436
          KB927891
          KB928843
          KB935839
          KB937894
          KB938827
          KB942831
          KB943055
          KB943485
          KB944338
          KB950749
          KB950760
          KB950974
          KB951748-V2
          KB952004
          KB952954
          KB953155
          KB954600_WM41
          KB955069
          KB955759
          KB956802
          KB956844
          KB957097
          KB958470
          KB958644
          KB958687
          KB958869-IE6SP1-20090818.120000
          KB959426
          KB960225
          KB960803
          KB960859
          KB961063
          KB961501
          KB967715
          KB969059
          KB969947
          KB970238
          KB970483
          KB971468
          KB971961
          KB972270
          KB973037
          KB973507
          KB973869
          KB973904
          KB974112_WM41
          KB974318
          KB974392
          KB974571
          KB974783
          KB975254
          KB975560_DX9
          KB975562_DX9
          KB976323
          KB977290
          KB977816_WM9
          KB977914
          KB978037
          KB978262
          KB978542-OE6SP1-20100202.120000
          KB978601
          KB979309
          KB979482
          KB979559
          KB979683
          KB980182-IE6SP1-20100305.120000
          KB980195
          KB980218
          KB980232
          KB981350
          KB982381-IE6SP1-20100414.120000
          Q147222
          Q828026
          Update Rollup 1
  
  
  Netcard queries test . . . . . . . : Passed
  
  
  
  Per interface results:
  
      Adapter : Local Area Connection
  
          Netcard queries test . . . : Passed
  
          Host Name. . . . . . . . . : servidor1
          IP Address . . . . . . . . : 192.168.3.7
          Subnet Mask. . . . . . . . : 255.255.255.0
          Default Gateway. . . . . . : 192.168.3.254
          Dns Servers. . . . . . . . : 192.168.3.10
                                       192.168.3.7
                                       192.168.3.1
  
  
          AutoConfiguration results. . . . . . : Passed
  
          Default gateway test . . . : Passed
  
          NetBT name test. . . . . . : Passed
  
          WINS service test. . . . . : Skipped
              There are no WINS servers configured for this interface.
  
  
  Global results:
  
  
  Domain membership test . . . . . . : Passed
  
  
  NetBT transports test. . . . . . . : Passed
      List of NetBt transports currently configured:
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      1 NetBt transport currently configured.
  
  
  Autonet address test . . . . . . . : Passed
  
  
  IP loopback ping test. . . . . . . : Passed
  
  
  Default gateway test . . . . . . . : Passed
  
  
  NetBT name test. . . . . . . . . . : Passed
  
  
  Winsock test . . . . . . . . . . . : Passed
  
  
  DNS test . . . . . . . . . . . . . : Passed
      PASS - All the DNS entries for DC are registered on DNS server '192.168.3.10' and other DCs also have some of the names registered.
      PASS - All the DNS entries for DC are registered on DNS server '192.168.3.7' and other DCs also have some of the names registered.
      PASS - All the DNS entries for DC are registered on DNS server '192.168.3.1' and other DCs also have some of the names registered.
  
  
  Redir and Browser test . . . . . . : Passed
      List of NetBt transports currently bound to the Redir
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      The redir is bound to 1 NetBt transport.
  
      List of NetBt transports currently bound to the browser
          NetBT_Tcpip_{D49E3E7B-F725-4EC7-934B-1A4D478BBDA6}
      The browser is bound to 1 NetBt transport.
  
  
  DC discovery test. . . . . . . . . : Passed
  
  
  DC list test . . . . . . . . . . . : Passed
  
  
  Trust relationship test. . . . . . : Skipped
  
  
  Kerberos test. . . . . . . . . . . : Passed
  
  
  LDAP test. . . . . . . . . . . . . : Passed
  
  
  Bindings test. . . . . . . . . . . : Passed
  
  
  WAN configuration test . . . . . . : Skipped
      No active remote access connections.
  
  
  Modem diagnostics test . . . . . . : Passed
  
  IP Security test . . . . . . . . . : Passed
      IPSec policy service is active, but no policy is assigned.
  
  
  The command completed successfully
  
  

  ---

  Richi Central

  martes, 12 de julio de 2011 21:35

  Responder

  |

  Citar