none
Сеть не работает с новым доменным контроллером. RRS feed

  • Общие обсуждения

  • Доброго времени суток, коллеги.

    Стоял единственный в сети онтроллер домена на Win server 2003 R2. На этой же машине Exchange 2007. Я решил их разнести. Поставил новую машину в сеть с Win server 2003 R2. Сделал её дополнительным контроллером в домене. Поставил DNS. Перевел все роли. Настроил DHCP раздавать всем, что первичный DNS и шлюз по-умолчанию теперь новый контроллер.

    Контроллеры реплицируются, информация переносится, проверял.

    Но как только вырубаю старый контроллер компы перестают друг-друга видеть в сети. При попытке зайти на другой комп в сети, появляется требование в аутентификацие(пароль просит).

    Как считаете, что я пропустил? Или не доделал?

    Спасибо.

Все ответы

  • покажите вывод команды dcdiag с обоих КД

    Отвечающий
  • Новый контроллер вы сделали хозяином глобального каталога?

    Компьютеры получили новые DNS-сервера через DHCP?

  • Спасибо за помощь.

    Да, DHCP все раздал.  Перенес абсолютно все роли(по инструкцие Microsoft).

    Я что-то раньше даже не пользовался dcdiag. И похоже зря.

    Первый контроллер домена(с которого переносил) - dc1
    Второй контроллер домена(только созданный) - dc2

    Вот что вышло при запуске dcdiag на первом контроллере домена:
    -----------------------------------------------------------------------------
    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Connectivity
             ......................... dc1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Replications
             [dc2] DsBindWithSpnEx() failed with error 1722,
             Win32 Error 1722.
             ......................... dc1 passed test Replications
          Starting test: NCSecDesc
             ......................... dc1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... dc1 passed test NetLogons
          Starting test: Advertising
             ......................... dc1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: dc2 is the Schema Owner, but is not responding to DS RPC Bind
    .
             [dc2] LDAP search failed with error 58,
             Win32 Error 58.
             Warning: dc2 is the Schema Owner, but is not responding to LDAP Bind.
             Warning: dc2 is the Domain Owner, but is not responding to DS RPC Bind
    .
             Warning: dc2 is the Domain Owner, but is not responding to LDAP Bind.
             Warning: dc2 is the PDC Owner, but is not responding to DS RPC Bind.
             Warning: dc2 is the PDC Owner, but is not responding to LDAP Bind.
             Warning: dc2 is the Rid Owner, but is not responding to DS RPC Bind.
             Warning: dc2 is the Rid Owner, but is not responding to LDAP Bind.
             Warning: dc2 is the Infrastructure Update Owner, but is not responding
     to DS RPC Bind.
             Warning: dc2 is the Infrastructure Update Owner, but is not responding
     to LDAP Bind.
             ......................... dc1 failed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... dc1 failed test RidManager
          Starting test: MachineAccount
             ......................... dc1 passed test MachineAccount
          Starting test: Services
             ......................... dc1 passed test Services
          Starting test: ObjectsReplicated
             ......................... dc1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... dc1 passed test frssysvol
          Starting test: frsevent
             ......................... dc1 passed test frsevent
          Starting test: kccevent
             ......................... dc1 passed test kccevent
          Starting test: systemlog
             ......................... dc1 passed test systemlog
          Starting test: VerifyReferences
             ......................... dc1 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... localdomain.com passed test FsmoCheck
    -----------------------------------------------------------------------------

    Вот что вышло при запуске dcdiag на втором контроллере домена:
    -----------------------------------------------------------------------------
    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc2
          Starting test: Connectivity
             The host c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com coul
    d not be resolved to an
             IP address.  Check the DNS server, DHCP, server name, etc
             Although the Guid DNS name
             (c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com) couldn't
             be resolved, the server name (dc2.localdomain.com) resolved to the IP
             address (192.168.18.111) and was pingable.  Check that the IP address
             is registered correctly with the DNS server.
             ......................... dc2 failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc2
          Skipping all tests, because server dc2 is
          not responding to directory service requests

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... localdomain.com passed test FsmoCheck

    -----------------------------------------------------------------------------

    Не знаю даже с чего начинать починку всего этого добра?!?!





    • Изменено URV_spb 23 мая 2012 г. 6:56
  • Сделал дополнительно тест dns ( dcdiag /test:dns ) на обоих серверах.

    Вот что вышло при запуске dcdiag /test:dns на первом контроллере домена:
    ----------------------------------------------------------------------------------------------
    C:\WINDOWS\system32>dcdiag /test:dns

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Connectivity
             ......................... dc1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc1

    DNS Tests are running and not hung. Please wait a few minutes...

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : localdomain

       Running enterprise tests on : localdomain.com
          Starting test: DNS
             ......................... localdomain.com passed test DNS

    ----------------------------------------------------------------------------------------------

    Вот что вышло при запуске dcdiag на втором контроллере домена:
    ----------------------------------------------------------------------------------------------
    C:\WINDOWS\system32>dcdiag /test:dns

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc2
          Starting test: Connectivity
             The host c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com coul
    d not be resolved to an
             IP address.  Check the DNS server, DHCP, server name, etc
             Although the Guid DNS name
             (c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com) couldn't
             be resolved, the server name (dc2.localdomain.com) resolved to the IP
             address (192.168.18.111) and was pingable.  Check that the IP address
             is registered correctly with the DNS server.
             ......................... dc2 failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc2

    DNS Tests are running and not hung. Please wait a few minutes...

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : localdomain

       Running enterprise tests on : localdomain.com
          Starting test: DNS
             Test results for domain controllers:

                DC: dc2.localdomain.com
                Domain: localdomain.com


                   TEST: Basic (Basc)
                      Error: No LDAP connectivity

                   TEST: Forwarders/Root hints (Forw)
                      Error: Forwarders list has invalid forwarder: 85.235.193.2 (<n
    ame unavailable>)

                   TEST: Records registration (RReg)
                      Network Adapter [00000001] Realtek RTL8169 Gigabit Ethernet Ad
    apter:
                         Error: Missing CNAME record at DNS server 192.168.18.111 :
                         c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com

                         Warning: Missing DC SRV record at DNS server 192.168.18.111
    :
                         _ldap._tcp.dc._msdcs.localdomain.com
                         (Ignore the error if DNSAvoidRegisterRecord registry key or
     its Group Policy
                         has been configured to prevent registration of this Record.
    )

                         Error: Missing PDC SRV record at DNS server 192.168.18.111 :

                         _ldap._tcp.pdc._msdcs.localdomain.com

                         Error: Missing CNAME record at DNS server 192.168.18.3 :
                         c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com

                         Warning: Missing DC SRV record at DNS server 192.168.18.3 :
                         _ldap._tcp.dc._msdcs.localdomain.com
                         (Ignore the error if DNSAvoidRegisterRecord registry key or
     its Group Policy
                         has been configured to prevent registration of this Record.
    )

                         Error: Missing PDC SRV record at DNS server 192.168.18.3 :
                         _ldap._tcp.pdc._msdcs.localdomain.com

                         Error: Missing CNAME record at DNS server 192.168.18.55 :
                         c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com

                         Warning: Missing DC SRV record at DNS server 192.168.18.55 :

                         _ldap._tcp.dc._msdcs.localdomain.com
                         (Ignore the error if DNSAvoidRegisterRecord registry key or
     its Group Policy
                         has been configured to prevent registration of this Record.
    )

                         Error: Missing PDC SRV record at DNS server 192.168.18.55 :
                         _ldap._tcp.pdc._msdcs.localdomain.com

                   Error: Record registrations cannot be found for all the network a
    dapters

             Summary of test results for DNS servers used by the above domain contro
    llers:

                DNS server: 85.235.193.2 (<name unavailable>)
                   1 test failure on this DNS server
                   This is not a valid DNS server. PTR record query for the 1.0.0.12
    7.in-addr.arpa. failed on the DNS server 85.235.193.2

             Summary of DNS test results:

                                                Auth Basc Forw Del  Dyn  RReg Ext
                   ________________________________________________________________
                Domain: localdomain.com
                   dc2                         PASS FAIL FAIL PASS PASS FAIL n/a

             ......................... localdomain.com failed test DNS
    ----------------------------------------------------------------------------------------------

  • Может есть смысл вернуть все роли на старый доменный контроллер и проверить dcdiag?
  • Покажите ipconfig /all с dc1 и dc2
    Отвечающий
  • Приветствую,

    На любом контроллере домена в командной строке введите:

    netdom query fsmo

  • Вот что вышло при запуске ipconfig /all на первом контроллере домена:

    ----------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : dc1
       Primary Dns Suffix  . . . . . . . : localdomain.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : Yes
       DNS Suffix Search List. . . . . . : localdomain.com

    Ethernet adapter Local Area Connection 5:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : TEAM : Team #0
       Physical Address. . . . . . . . . : 00-15-17-4C-5B-EC
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.18.3
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.18.55
       DNS Servers . . . . . . . . . . . : 192.168.18.111
                                           192.168.18.3
                                           192.168.18.55

    ----------------------------------------------------------------------------------------------

    Вот что вышло при запуске ipconfig /all на втором контроллере домена:

    ----------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : dc2
       Primary Dns Suffix  . . . . . . . : localdomain.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : localdomain.com

    Ethernet adapter LAN:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek RTL8169 Gigabit Ethernet Adapter
       Physical Address. . . . . . . . . : 00-E0-52-C0-1D-9E
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.18.111
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.18.55
       DNS Servers . . . . . . . . . . . : 192.168.18.111
                                           192.168.18.3
                                           192.168.18.55

    ----------------------------------------------------------------------------------------------

    18.111 - это второй сервер

    18.3 - это первый сервер

    18.55 - это прокся (на ней стоит dns(без данных о внутренних компах), чтобы внутренние сервера сами не обращались наружу, а все через неё адреса резолвили).

  • На обоих серверах netdom выходит одинаковый:

    ------------------------------------------------------------------------------

    C:\WINDOWS\system32>netdom query fsmo
    Schema owner                dc1.arkom-org.com

    Domain role owner           dc1.arkom-org.com

    PDC role                    dc1.arkom-org.com

    RID pool manager            dc1.arkom-org.com

    Infrastructure owner        dc1.arkom-org.com

    The command completed successfully.

    ------------------------------------------------------------------------------

  • Вам нужно перенести FSMO роли (http://ru.wikipedia.org/wiki/FSMO) на новый контроллер.

    Инструкция как это сделать:

    http://www.youtube.com/watch?v=hgM5fU46qtM

    Затем попробуйте выключить первый (dc1) контроллер. Если все нормально, включайте его и выводите из домена.

  • Я перенес все роли обратно, чтобы удостовериться, что все нормально до переноса ролей на новый сервер.

    Все перенеслось хорошо:
    -----------------------------------------------------------
    C:\WINDOWS\system32>netdom query fsmo
    Schema owner                dc1.arkom-org.com

    Domain role owner           dc1.arkom-org.com

    PDC role                    dc1.arkom-org.com

    RID pool manager            dc1.arkom-org.com

    Infrastructure owner        dc1.arkom-org.com

    The command completed successfully.
    ------------------------------------------------------------

    Подождал пару часиков, чтобы все прореплицировалось и сделал dcdiag на обоих серверах:

    Вот что вышло при запуске dcdiag на первом контроллере домена(он сейчас хозяин всех ролей):

    ----------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Connectivity
             ......................... dc1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Replications
             [dc2] DsBindWithSpnEx() failed with error 1722,
             Win32 Error 1722.
             ......................... dc1 passed test Replications
          Starting test: NCSecDesc
             ......................... dc1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... dc1 passed test NetLogons
          Starting test: Advertising
             ......................... dc1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... dc1 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... dc1 passed test RidManager
          Starting test: MachineAccount
             ......................... dc1 passed test MachineAccount
          Starting test: Services
             ......................... dc1 passed test Services
          Starting test: ObjectsReplicated
             ......................... dc1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... dc1 passed test frssysvol
          Starting test: frsevent
             ......................... dc1 passed test frsevent
          Starting test: kccevent
             ......................... dc1 passed test kccevent
          Starting test: systemlog
             ......................... dc1 passed test systemlog
          Starting test: VerifyReferences
             ......................... dc1 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... localdomain.com passed test FsmoCheck

    ----------------------------------------------------------------------------------------------

    Вот что вышло при запуске dcdiag на втором, дополнительном, контроллере домена(его надо сделать озяином всех ролей):

    ----------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc2
          Starting test: Connectivity
             The host c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com could not be resolved to an
             IP address.  Check the DNS server, DHCP, server name, etc
             Although the Guid DNS name
             (c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com) couldn't
             be resolved, the server name (dc2.localdomain.com) resolved to the IP
             address (192.168.18.111) and was pingable.  Check that the IP address
             is registered correctly with the DNS server.
             ......................... dc2 failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc2
          Skipping all tests, because server dc2 is
          not responding to directory service requests

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... localdomain.com passed test FsmoCheck

    ----------------------------------------------------------------------------------------------

    Как-то все плохо на этом втором контроллере домена.
    Может просто все плохо прошло при его создании(добавлении)?! Поэтому и роли ему проблемно перешли?!

    Или может просто проблема в DNS?!

  •   Testing server: Default-First-Site-Name\dc2
          Starting test: Connectivity
             The host c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com could not be resolved to an
             IP address.  Check the DNS server, DHCP, server name, etc
             Although the Guid DNS name
             (c8e1a573-4296-4f6c-89ac-8499a0db8946._msdcs.localdomain.com) couldn't
             be resolved, the server name (dc2.localdomain.com) resolved to the IP
             address (192.168.18.111) and was pingable.  Check that the IP address
             is registered correctly with the DNS server.
             ......................... dc2 failed test Connectivity

    Это проблема днс.

    Поставьте на втором сервере основным днс-сервером 192.168.18.3 и попробуйте сделать репликацию

  • Я подключился к удаленному офису. Там стоит дополнительный контроллер домена(домен тот же) dc3.

    Зашел в Active directory sites and services. Запустил вручную репликацию.

    Результат такой - Все контроллеры друг с другом реплицируются без проблем.
    dc1 реплицирует с dc2 и dc3.
    dc3 реплицирует с dc1 и dc2.
    НО dc2 не может реплицироваться ни с одного контроллера.

    т.е. остальные с него(dc2) реплицируются, а он ни с кого не хочет.

    Выскакивает ошибка:
    -------------------------------------------------
    The following error occured during the attempt to contact the domain controller DC2:
    The RPC server is unavailable.

    This condition may be coused by a dns lookup problem.
    ------------------------------------------------

    А на него по идее надо перенести все роли.


    • Изменено URV_spb 23 мая 2012 г. 14:33
  • Ладно, тогда так сделайте на контроллере dc2:

    NSlookup dc1

    NSlookup dc2

  • Да, с DNS явные проблемы, хоть и резолвит адреса:

    C:\WINDOWS\system32>nslookup dc1
    *** Can't find server name for address 192.168.18.111: Non-existent domain
    Server:  UnKnown
    Address:  192.168.18.111

    Name:    dc1.localdomain.com
    Address:  192.168.18.3


    C:\WINDOWS\system32>nslookup dc2
    *** Can't find server name for address 192.168.18.111: Non-existent domain
    Server:  UnKnown
    Address:  192.168.18.111

    Name:    dc2.localdomain.com
    Address:  192.168.18.111


    • Изменено URV_spb 24 мая 2012 г. 5:48
  • А попробуйте эти же команды, но на dc1:

    NSlookup dc1

    NSlookup dc2

  • Я поставил на втором сервере DNS по-умолчанию 192.168.18.3 и сделал nslookup.

    На много лучше получилось. Т.е. dns на dc1 работает хорошо, а вот на dc2 плохо.

    C:\WINDOWS\system32>nslookup dc1
    Server:  dc1.localdomain.com
    Address:  192.168.18.3

    Name:    dc1.localdomain.com
    Address:  192.168.18.3


    C:\WINDOWS\system32>nslookup dc2
    Server:  dc1.localdomain.com
    Address:  192.168.18.3

    Name:    dc2.localdomain.com
    Address:  192.168.18.111

  • пропишите на втором контроллере днс сервером первый контролер, т.е. 192.168.18.3, остальные адреса днс-серверов типа 192.168.18.111 уберите.
  • Я везде сделал одинаково в настройках сети. Все DNS 192.168.18.3.

    Сделал тетс dcdiag на dc1:
    --------------------------------------------------------------------------------

    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Connectivity
             ......................... dc1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc1
          Starting test: Replications
             [dc2] DsBindWithSpnEx() failed with error 1722,
             Win32 Error 1722.
             ......................... dc1 passed test Replications
          Starting test: NCSecDesc
             ......................... dc1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... dc1 passed test NetLogons
          Starting test: Advertising
             ......................... dc1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... dc1 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... dc1 passed test RidManager
          Starting test: MachineAccount
             ......................... dc1 passed test MachineAccount
          Starting test: Services
             ......................... dc1 passed test Services
          Starting test: ObjectsReplicated
             ......................... dc1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... dc1 passed test frssysvol
          Starting test: frsevent
             ......................... dc1 passed test frsevent
          Starting test: kccevent
             ......................... dc1 passed test kccevent
          Starting test: systemlog
             ......................... dc1 passed test systemlog
          Starting test: VerifyReferences
             ......................... dc1 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... localdomain.com passed test FsmoCheck
    --------------------------------------------------------------------------------

    На dc2 я сделал DNS 192.168.18.3, но он все равно не реплицируется ни с кем.

    Может были проблемы при создании второго контроллера домена?!

    Может есть смысл удалить этот контроллер(DC2) через dcpdromo, потом привести в порядок DC2(винду переставить и убедиться,что DNS работает), а потом сделать заного контроллером!?

    Правда не очень радует перспектива так издеваться над доменом. :-(

  • Похоже на вашу ситуацию. Проблема с записями SRV

    http://serverfault.com/questions/207000/the-rpc-server-is-unavailable-when-replicating-domain-controllers

  • Спасибо за статью.

    Я поставил все сервера на один DNS, который старый. Все нормально работает. Роли перенес. Ошибок больше dcdiag не выводит.

    Но моя главная цель была перенести контроллер домена и DNS на другой комп. А DNS получется остался на прежнем.

    Нужны ли какие-то специальные настройки, чтобы всех перенастроить на DNS на новом доменном контроллере?

    При поднятии dc2 до доменного контроллера в существующем домене DNS установился. И вроде как все работает. Внутренние компы сети резолвятся на раз.

    Но, если при попытке nslookup на DC2 какого-нибудь внешнего адреса(который раньше еще не искали), то он находит только с третьей попытки. Сначала выскакивает ошибка по таймауту(2сек). А на DC1 иакого нет, находит моментально.

    • Изменено URV_spb 25 мая 2012 г. 6:10
  • Реплицировать DNS на новый сервер, сделать его сервером "GC" (Глоб. каталог) перенести на него роли FSMO, проверить работоспособность, выключив первый контроллер, если все хорошо - удалить его через DCPROMO.
  • Да вроде как все именно так и сделал. Но когда последний раз отключал первый сервер, компы друг-друга не увидели.
  • В выходные попробовал отключить сервер dc1. Остался только dc2. Компы друг-друга видели. Но dcdiag все равно не все нормально прошел(см. ниже). Вроде как все правильно сделал, но похоже проблема с глобальным каталогом.

    Все данные во время отключенного  DC1, на котором раньше находился единственный глобальный каталог.

    Но сейчас все перенес, и каталог, и роли, и днс.

    C:\WINDOWS\system32>nslookup dc2
    Server:  dc2.localdomain.com
    Address:  192.168.18.111

    Name:    dc2.localdomain.com
    Address:  192.168.18.111

    -----------------------------------------------------------------------

    C:\WINDOWS\system32>netdom query fsmo
    Schema owner                dc2.localdomain.com

    Domain role owner           dc2.localdomain.com

    PDC role                    dc2.localdomain.com

    RID pool manager            dc2.localdomain.com

    Infrastructure owner        dc2.localdomain.com

    The command completed successfully.

    ---------------------------------------------------------------------

    C:\WINDOWS\system32>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\dc2
          Starting test: Connectivity
             ......................... dc2 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\dc2
          Starting test: Replications
             [Replications Check,dc2] A recent replication attempt failed:
                From dc1 to dc2
                Naming Context: DC=ForestDnsZones,DC=localdomain,DC=com
                The replication generated an error (1256):
                Win32 Error 1256
                The failure occurred at 2012-05-26 15:11:09.
                The last success occurred at 2012-05-26 14:40:49.
                2 failures have occurred since the last success.
             [dc1] DsBindWithSpnEx() failed with error 1722,
             Win32 Error 1722.
             [Replications Check,dc2] A recent replication attempt failed:
                From dc1 to dc2
                Naming Context: DC=DomainDnsZones,DC=localdomain,DC=com
                The replication generated an error (1256):
                Win32 Error 1256
                The failure occurred at 2012-05-26 15:11:09.
                The last success occurred at 2012-05-26 14:40:48.
                2 failures have occurred since the last success.
             [Replications Check,dc2] A recent replication attempt failed:
                From dc1 to dc2
                Naming Context: CN=Schema,CN=Configuration,DC=localdomain,DC=com
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2012-05-26 15:11:30.
                The last success occurred at 2012-05-26 14:40:48.
                2 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,dc2] A recent replication attempt failed:
                From dc1 to dc2
                Naming Context: CN=Configuration,DC=localdomain,DC=com
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2012-05-26 15:11:09.
                The last success occurred at 2012-05-26 14:40:48.
                2 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,dc2] A recent replication attempt failed:
                From dc1 to dc2
                Naming Context: DC=localdomain,DC=com
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2012-05-26 15:11:51.
                The last success occurred at 2012-05-26 14:42:40.
                2 failures have occurred since the last success.
                The source remains down. Please check the machine.
             ......................... dc2 passed test Replications
          Starting test: NCSecDesc
             ......................... dc2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... dc2 passed test NetLogons
          Starting test: Advertising
             ......................... dc2 passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... dc2 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... dc2 passed test RidManager
          Starting test: MachineAccount
             ......................... dc2 passed test MachineAccount
          Starting test: Services
             ......................... dc2 passed test Services
          Starting test: ObjectsReplicated
             ......................... dc2 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... dc2 passed test frssysvol
          Starting test: frsevent
             ......................... dc2 passed test frsevent
          Starting test: kccevent
             ......................... dc2 passed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:20:30
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:26:51
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:33:04
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:39:32
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:33
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:34
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:35
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 05/26/2012   14:45:35
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:45:40
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:51:51
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   14:58:20
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   15:04:05
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   15:10:27
                Event String: Your computer was not assigned an address from
             An Error Event occured.  EventID: 0x000003E9
                Time Generated: 05/26/2012   15:16:41
                Event String: Your computer was not assigned an address from
             ......................... dc2 failed test systemlog
          Starting test: VerifyReferences
             ......................... dc2 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : localdomain
          Starting test: CrossRefValidation
             ......................... localdomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... localdomain passed test CheckSDRefDom

       Running enterprise tests on : localdomain.com
          Starting test: Intersite
             ......................... localdomain.com passed test Intersite
          Starting test: FsmoCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             ......................... localdomain.com failed test FsmoCheck

    -----------------------------------------------------------------------------------------------

    1. Есть ли на новом контроллере каталоги Sysvol и Netlogon?
    2. На обоих контроллерах сделайте netdiag /fix

    Мнения, высказанные здесь, являются отражением моих личных взглядов, а не позиции корпорации Microsoft. Вся информация предоставляется "как есть" без каких-либо гарантий
    Follow us on TwitterFollow MSTechnetForum on Twitter

    Посетите Блог Инженеров
    Доклады на Techdays: http://www.techdays.ru/speaker/Vinokurov_YUrij.html

    Модератор
  • Уважаемый пользователь!



    В вашей теме отсутствует активность в течение последних 5 дней. При отсутствии каких-либо действий в течение 2 последующих дней, тема будет переведена в разряд обсуждений. Вы можете возобновить дискуссию, просто оставив сообщение в данной теме


    Мнения, высказанные здесь, являются отражением моих личных взглядов, а не позиции корпорации Microsoft. Вся информация предоставляется "как есть" без каких-либо гарантий
    Follow us on TwitterFollow MSTechnetForum on Twitter

    Посетите Блог Инженеров
    Доклады на Techdays: http://www.techdays.ru/speaker/Vinokurov_YUrij.html

    Модератор
  • Тема переведена в разряд обсуждений по причине отсутствия активности


    Мнения, высказанные здесь, являются отражением моих личных взглядов, а не позиции корпорации Microsoft. Вся информация предоставляется "как есть" без каких-либо гарантий
    Follow us on TwitterFollow MSTechnetForum on Twitter

    Посетите Блог Инженеров
    Доклады на Techdays: http://www.techdays.ru/speaker/Vinokurov_YUrij.html

    Модератор
  • может имя нового ДС должно быть таким же как и имя старого ДС при выводе из эксплуатации старого????
    13 июня 2012 г. 7:46
  • Я несколько дней не видел ответов, а потом в отпуск уезжал.

    Нет, я не планирую выводить старый комп с доменным контроллером из сети. На нем останется Exchange 2007. Просто хочу его разгрузить. Да и на новом компе доменному контроллеру будет вольготнее.

     

  • Да, папочки Netlogon и Sysvol на нем есть.

    Старый сервер я не убираю. Он останется просто как вторичный оменный контроллер. На сегодня я все DHCP настроил на новый контроллер. В DNS все на новый сервер. Некоторый вещи в DNS почему-то не поменялись на новый контроллер. IP на глобальный каталог и еще пара ссылок. Я сменил IP вручную. Но все равно на ISA и в Exchange в списке глобальных каталогов стоит старый. Хотя я перенес роль давно на новый и в DNS поменял на IP нового сервера.

    Результат neddiag/fix:

    На сервере на который перенес доменный контроллер и все роли:

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>netdiag /fix
    ....................................
        Computer Name: dc2
        DNS Host Name: dc2.localdomain.com
        System info : Microsoft Windows Server 2003 R2 (Build 3790)
        Processor : x86 Family 6 Model 42 Stepping 7, GenuineIntel
        List of installed hotfixes :
            KB2079403
            ***********
            KB982381-IE8
            KB982632-IE8
            KB982666
            Q147222

    Netcard queries test . . . . . . . : Passed
        [WARNING] The net card 'Realtek PCIe GBE Family Controller' may not be working.

    Per interface results:

        Adapter : LAN1

            Netcard queries test . . . : Failed
            NetCard Status:          DISCONNECTED
                Some tests will be skipped on this interface.

            Host Name. . . . . . . . . : dc2
            IP Address . . . . . . . . : 0.0.0.0
            Subnet Mask. . . . . . . . : 0.0.0.0
            Default Gateway. . . . . . :
            NetBIOS over Tcpip . . . . : Disabled
            Dns Servers. . . . . . . . :


        Adapter : LAN

            Netcard queries test . . . : Passed

            Host Name. . . . . . . . . : dc2
            IP Address . . . . . . . . : 192.168.18.111
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.18.55
            Dns Servers. . . . . . . . : 192.168.18.111


            AutoConfiguration results. . . . . . : Passed

            Default gateway test . . . : Passed

            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

            WINS service test. . . . . : Skipped
                There are no WINS servers configured for this interface.

    Global results:

    Domain membership test . . . . . . : Passed

    NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
            NetBT_Tcpip_{A1AA753B-459E-421B-954F-468F22AEE942}
        1 NetBt transport currently configured.

    Autonet address test . . . . . . . : Passed

    IP loopback ping test. . . . . . . : Passed

    Default gateway test . . . . . . . : Passed

    NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

    Winsock test . . . . . . . . . . . : Passed

    DNS test . . . . . . . . . . . . . : Passed
        PASS - All the DNS entries for DC are registered on DNS server '192.168.18.11
    1' and other DCs also have some of the names registered.

    Redir and Browser test . . . . . . : Passed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{A1AA753B-459E-421B-954F-468F22AEE942}
        The redir is bound to 1 NetBt transport.

        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{A1AA753B-459E-421B-954F-468F22AEE942}
        The browser is bound to 1 NetBt transport.

    DC discovery test. . . . . . . . . : Passed

    DC list test . . . . . . . . . . . : Passed

    Trust relationship test. . . . . . : Skipped

    Kerberos test. . . . . . . . . . . : Passed

    LDAP test. . . . . . . . . . . . . : Passed

    Bindings test. . . . . . . . . . . : Passed

    WAN configuration test . . . . . . : Skipped
        No active remote access connections.

    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

        Note: run "netsh ipsec dynamic show /?" for more detailed information

    The command completed successfully

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    На сервере с которого переносил управление доменом:

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    C:\WINDOWS\system32>\\dc1\Distr\WinServer_Utilites\netdiag /fix

    .....................................

        Computer Name: dc1
        DNS Host Name: dc1.localdomain.com
        System info : Microsoft Windows Server 2003 (Build 3790)
        Processor : EM64T Family 6 Model 15 Stepping 7, GenuineIntel
        List of installed hotfixes :
            Q147222

    Netcard queries test . . . . . . . : Passed
        [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.

    Per interface results:

        Adapter : Local Area Connection 5

            Netcard queries test . . . : Passed

            Host Name. . . . . . . . . : dc1
            IP Address . . . . . . . . : 192.168.18.3
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.18.55
            Dns Servers. . . . . . . . : 192.168.18.3

            AutoConfiguration results. . . . . . : Passed

            Default gateway test . . . : Passed

            NetBT name test. . . . . . : Passed
                No names have been found.

            WINS service test. . . . . : Skipped
                There are no WINS servers configured for this interface.

    Global results:

    Domain membership test . . . . . . : Passed

    NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
            NetBT_Tcpip_{1ABD9B7E-6564-4EF4-805F-A3F6B75043E7}
        1 NetBt transport currently configured.

    Autonet address test . . . . . . . : Passed

    IP loopback ping test. . . . . . . : Passed

    Default gateway test . . . . . . . : Passed

    NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

    Winsock test . . . . . . . . . . . : Passed

    DNS test . . . . . . . . . . . . . : Failed
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for read
    ing.
        [FATAL] No DNS servers have the DNS records for this DC registered.

    Redir and Browser test . . . . . . : Failed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{1ABD9B7E-6564-4EF4-805F-A3F6B75043E7}
        The redir is bound to 1 NetBt transport.

        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{1ABD9B7E-6564-4EF4-805F-A3F6B75043E7}
        The browser is bound to 1 NetBt transport.
        [FATAL] Cannot send mailslot message to 'localdomain*' via browser. [ERROR_INVALID_FUNCTION]

    DC discovery test. . . . . . . . . : Passed

    DC list test . . . . . . . . . . . : Passed

    Trust relationship test. . . . . . : Passed
        Secure channel for domain 'localdomain' is to '\\dc2.localdomain.com'.

    Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Cannot lookup package Kerberos.
        The error occurred was: (null)

    LDAP test. . . . . . . . . . . . . : Passed

    Bindings test. . . . . . . . . . . : Passed

    WAN configuration test . . . . . . : Skipped
        No active remote access connections.

    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

        Note: run "netsh ipsec dynamic show /?" for more detailed information

    The command completed successfully

    ----------------------------------------------------------------------------------------------------------------------------------------------------------

    Спасибо!