none
windows 2012 child dc event id 4015 RRS feed

  • Discussione generale

  • Hi all, I create a child domain with two 2012 dc.

    On both this dc periodically appears error event id 4015

    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

    I have to reboot this dc in order to perform a correct replica to master dc (that is windows 2008 r2)

    Anyone can help me ?

    Best regards,

    Manuel

    • Tipo modificato Anca Popa domenica 9 febbraio 2014 19:11 discussione in corso
    lunedì 3 febbraio 2014 08:41

Tutte le risposte

  • Ciao, questo forum è in lingua italiana.

    L'errore indica che Active Directory non ha risposto alla richiesta del DNS. Nel registro eventi è presente qualche altro errore?

    Potresti inserire l'output del comando dcdiag?

    lunedì 3 febbraio 2014 09:54
    Moderatore
  • Nel registro eventi non ci sono altri errori,

    quando riavvio il server tutto riprende a funzionare correttamente per un pò poi riappare questo errore:

    ecco l'output del comando dcdiag eseguito da uno dei 2 dc ( che sono dc di un child domain) che hanno il problema:

    dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SolThess-DC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Connectivity
             ......................... SOLTHESS-DC passed test Connectivity

    Doing primary tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Advertising
             ......................... SOLTHESS-DC passed test Advertising
          Starting test: FrsEvent
             ......................... SOLTHESS-DC passed test FrsEvent
          Starting test: DFSREvent
             ......................... SOLTHESS-DC passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SOLTHESS-DC passed test SysVolCheck
          Starting test: KccEvent
             ......................... SOLTHESS-DC passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SOLTHESS-DC passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SOLTHESS-DC passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SOLTHESS-DC passed test NCSecDesc
          Starting test: NetLogons
             ......................... SOLTHESS-DC passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SOLTHESS-DC passed test ObjectsReplicated
          Starting test: Replications
             ......................... SOLTHESS-DC passed test Replications
          Starting test: RidManager
             ......................... SOLTHESS-DC passed test RidManager
          Starting test: Services
             ......................... SOLTHESS-DC passed test Services
          Starting test: SystemLog
             ......................... SOLTHESS-DC passed test SystemLog
          Starting test: VerifyReferences
             ......................... SOLTHESS-DC passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : solhellas-gr
          Starting test: CheckSDRefDom
             ......................... solhellas-gr passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... solhellas-gr passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running enterprise tests on : solworld.com
          Starting test: LocatorCheck
             ......................... solworld.com passed test LocatorCheck
          Starting test: Intersite
             ......................... solworld.com passed test Intersite

    Ciao e grazie,

    Manuel

    lunedì 3 febbraio 2014 13:56
  • Per caso hai disabilitato IPv6 in uno dei DC problematici?

    Potresti inserire inoltre un "ipconfig /all" di un server problematico?

    lunedì 3 febbraio 2014 14:37
    Moderatore
  • si ipv6 disabilitato ora è riapparso l'errore e il dcdiag si presenta così:


    C:\Users\administrator.SOLHELLAS-GR>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SolThess-DC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Connectivity
             ......................... SOLTHESS-DC passed test Connectivity

    Doing primary tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Advertising
             ......................... SOLTHESS-DC passed test Advertising
          Starting test: FrsEvent
             ......................... SOLTHESS-DC passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... SOLTHESS-DC passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SOLTHESS-DC passed test SysVolCheck
          Starting test: KccEvent
             ......................... SOLTHESS-DC passed test KccEvent
          Starting test: KnowsOfRoleHolders
             [SRVDCENT02] DsBindWithSpnEx() failed with error 1727,
             The remote procedure call failed and did not execute..
             Warning: SRVDCENT02 is the Schema Owner, but is not responding to DS
             RPC Bind.
             [SRVDCENT02] LDAP bind failed with error 55,
             The specified network resource or device is no longer available..
             Warning: SRVDCENT02 is the Schema Owner, but is not responding to LDAP
             Bind.
             Warning: SRVDCENT02 is the Domain Owner, but is not responding to DS
             RPC Bind.
             Warning: SRVDCENT02 is the Domain Owner, but is not responding to LDAP
             Bind.
             ......................... SOLTHESS-DC failed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SOLTHESS-DC passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SOLTHESS-DC passed test NCSecDesc
          Starting test: NetLogons
             ......................... SOLTHESS-DC passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SOLTHESS-DC passed test ObjectsReplicated
          Starting test: Replications
             ......................... SOLTHESS-DC passed test Replications
          Starting test: RidManager
             ......................... SOLTHESS-DC passed test RidManager
          Starting test: Services
             ......................... SOLTHESS-DC passed test Services
          Starting test: SystemLog
             ......................... SOLTHESS-DC passed test SystemLog
          Starting test: VerifyReferences
             ......................... SOLTHESS-DC passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : solhellas-gr
          Starting test: CheckSDRefDom
             ......................... solhellas-gr passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... solhellas-gr passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running enterprise tests on : solworld.com
          Starting test: LocatorCheck
             ......................... solworld.com passed test LocatorCheck
          Starting test: Intersite
             ......................... solworld.com passed test Intersite

    C:\Users\administrator.SOLHELLAS-GR>

    invece ipconfig -all

    Microsoft Windows [Version 6.2.9200]
    (c) 2012 Microsoft Corporation. All rights reserved.

    C:\Users\administrator.SOLHELLAS-GR>ipconfig -all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SolThess-DC
       Primary Dns Suffix  . . . . . . . : solhellas-gr.solworld.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : solhellas-gr.solworld.com
                                           solworld.com

    Ethernet adapter Ethernet 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
     VBD Client) #38
       Physical Address. . . . . . . . . : D4-AE-52-CB-C3-97
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.182.0.248(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.182.0.254
       DNS Servers . . . . . . . . . . . : 10.181.0.250
                                           127.0.0.1
                                           10.171.1.54
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{3B48207E-0C8F-4D85-8B5B-CE5D554D8940}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Users\administrator.SOLHELLAS-GR>

    raggiungo comunque srvdcent02 sulla porta 3389, a questo punto ho paura sia un problema di latenza della vpn, può essere ?

    martedì 4 febbraio 2014 07:53
  • ipv6 disabilitato su entrambi i server questo l'ipconfig -all

    Microsoft Windows [Version 6.2.9200]
    (c) 2012 Microsoft Corporation. All rights reserved.

    C:\Users\administrator.SOLHELLAS-GR>ipconfig -all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SolThess-DC
       Primary Dns Suffix  . . . . . . . : solhellas-gr.solworld.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : solhellas-gr.solworld.com
                                           solworld.com

    Ethernet adapter Ethernet 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
     VBD Client) #38
       Physical Address. . . . . . . . . : D4-AE-52-CB-C3-97
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.182.0.248(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.182.0.254
       DNS Servers . . . . . . . . . . . : 10.181.0.250
                                           127.0.0.1
                                           10.171.1.54
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{3B48207E-0C8F-4D85-8B5B-CE5D554D8940}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Users\administrator.SOLHELLAS-GR>

    sta notte abbiamo avuto un problema alla sede centrale con la vpn e si è presentato il problema su entrambi i child dc che hanno windows 2012 (non con i windows 2008r2 o i windows 2003).

    il dcdiag di questi server dava l'errore che non riuscivano a contattare il server centrale srvdcent02 anche quando la vpn era tornata su e ho dovuto riavviare entrambi i dc windows 2012 per far ripartire il tutto.

    sembra che con windows 2012 quando questi per qualche motivo non riescano a comunicare con il server centrale non riparta il giro delle repliche anche dopo che la linea torna attiva

    Ciao,

    Manuel

    martedì 4 febbraio 2014 08:27
  • Per prima cosa ti consiglio di riabilitare IPv6: in Windows Server 2012 la disabilitazione può causare dei problemi.

    Prova inoltre ad eseguire una verifica dello stato della replica con dfsrdiag.

    Cosa sono 10.181.0.250 e 10.171.1.54? Uno è l'altro DC+DNS per lo stesso child domain e uno è il DC+DNS a livello superiore? In tal caso ti consiglio di spostare l'indirizzo di loopback come terza voce nella configurazione DNS ed, eventualmente, utilizzare direttamente l'indirizzo IP del server stesso.


    martedì 4 febbraio 2014 09:40
    Moderatore
  • ok ti aggiorno.

    Grazie,

    Manuel

    martedì 4 febbraio 2014 10:23
  • Per ora dopo le modifiche di ieri non si è ancora verificato il problema, nei prossimi giorni ti riaggiorno.

    Ciao e grazie,

    Manuel

    mercoledì 5 febbraio 2014 08:28
  • il problema si è ripresentato:

    questo il dcdiag del server problematico al momento:


    C:\Users\administrator.SOLHELLAS-GR>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SolThess-DC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Connectivity
             ......................... SOLTHESS-DC passed test Connectivity

    Doing primary tests

       Testing server: GR-SolHellas-Thessaloniki\SOLTHESS-DC
          Starting test: Advertising
             ......................... SOLTHESS-DC passed test Advertising
          Starting test: FrsEvent
             ......................... SOLTHESS-DC passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... SOLTHESS-DC passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SOLTHESS-DC passed test SysVolCheck
          Starting test: KccEvent
             ......................... SOLTHESS-DC passed test KccEvent
          Starting test: KnowsOfRoleHolders
             [SRVDCENT02] DsBindWithSpnEx() failed with error 1727,
             The remote procedure call failed and did not execute..
             Warning: SRVDCENT02 is the Schema Owner, but is not responding to DS
             RPC Bind.
             [SRVDCENT02] LDAP bind failed with error 55,
             The specified network resource or device is no longer available..
             Warning: SRVDCENT02 is the Schema Owner, but is not responding to LDAP
             Bind.
             Warning: SRVDCENT02 is the Domain Owner, but is not responding to DS
             RPC Bind.
             Warning: SRVDCENT02 is the Domain Owner, but is not responding to LDAP
             Bind.
             ......................... SOLTHESS-DC failed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SOLTHESS-DC passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SOLTHESS-DC passed test NCSecDesc
          Starting test: NetLogons
             ......................... SOLTHESS-DC passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SOLTHESS-DC passed test ObjectsReplicated
          Starting test: Replications
             ......................... SOLTHESS-DC passed test Replications
          Starting test: RidManager
             ......................... SOLTHESS-DC passed test RidManager
          Starting test: Services
             ......................... SOLTHESS-DC passed test Services
          Starting test: SystemLog
             ......................... SOLTHESS-DC passed test SystemLog
          Starting test: VerifyReferences
             ......................... SOLTHESS-DC passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : solhellas-gr
          Starting test: CheckSDRefDom
             ......................... solhellas-gr passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... solhellas-gr passed test CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running enterprise tests on : solworld.com
          Starting test: LocatorCheck
             ......................... solworld.com passed test LocatorCheck
          Starting test: Intersite
             ......................... solworld.com passed test Intersite

    Da questo dc riesco a comunicare con srvdcent02 quindi non capisco il perchè di questi errori.

    Ciao e grazie,

    Manuel

    venerdì 7 febbraio 2014 08:08
  • SRVDCENT02 si trova dall'altra parte della VPN? Verifica che il tunnel o i firewall rispettino i requisiti di Active Directory che trovi in questa pagina:

    http://support.microsoft.com/kb/832017

    Anche se raggiungi il server tramite ping o RDP non è detto che le comunicazioni Active Directory funzionino correttamente.

    Se sopra ai server sono installati antivirus o firewall software di terze parti verifica anche le impostazioni di quest'ultimi.

    venerdì 7 febbraio 2014 10:49
    Moderatore
  • si srvdcent02 si trova dall'altra parte della vpn, tra i server 2012 e srvdcent02 ci sono delle regole di permit ip (tutto il traffico è permesso),

    per quanto riguarda l'antivirus è installato solo su srvdcent02 e credo sia configurato correttamente perchè non da problemi con gli altri domain controller esteri ma solo con questi che hanno windows 2012 (su questi ultimi non ci sono sw antivirus o firewall di terze parti)

    Ciao,

    Manuel

    lunedì 10 febbraio 2014 16:11
  • Secondo me il problema è nel collegamento VPN, prova ad eseguire nuovamente un controllo delle regole ed esegui un test delle porte con portqry:

    http://support.microsoft.com/kb/310099/it

    Per sicurezza meglio controllare comunque le zone DNS dei due server in questione e a provare ad eseguire dei test di risoluzione con nslookup.

    lunedì 10 febbraio 2014 16:39
    Moderatore
  • con nslookup funziona tutto, non riesco a trovare portqry per windows 2008r2 o per windows 2012.

    io ho letto in altri forum che il problema può dipendere dal fatto che si usi una vpn invece che una linea mpls

    http://community.spiceworks.com/topic/278876-windows-server-2012-dns-error-eventid-4015

    mercoledì 12 febbraio 2014 08:59
  • Se la VPN (in bridge) è configurata correttamente e la banda è sufficiente non dovresti comunque avere problemi. Certo con una VPN MPLS è sicuramente meglio, ma i costi sono più elevati.

    Per quanto riguarda portqry la vecchia versione è compatibile anche con sistemi operativi più recenti.



    mercoledì 12 febbraio 2014 09:13
    Moderatore
  • settimana prossima verrà qui un certificato Microsoft, le porte son tutte aperte
    giovedì 20 febbraio 2014 13:13
  • OK, tienici aggiornati sullo stato del problema.
    giovedì 20 febbraio 2014 13:44
    Moderatore