none
Клиенты перестали видеть домен. Указанный домен не существует или к нему невозможно подключиться RRS feed

  • Общие обсуждения

  • Производил ввод в сеть 2 новых КД. Изначально имелось: сервер все в одном (hostname: server2). Ввел в сеть 2 новых КД, одному из них (hostname: DC1) дал роль глобального каталога, руками перенес 5 ролей FSMO. С изначально имевшегося сервера "по хорошему" удалить роль КД не получилось, сделал dcpromo /forceremoval. На новых серверах DC1 и DC2 с помощью ntdsutil.exe удалил метаданные о server2. Сеть несколько часов работала нормально. Через несколько часов я начал получать на клиентах это: не удалось войти в систему из-за следующей ошибки:
    Указанный домен не существует или к нему невозможно подключиться. 
    На следующий день DC2 назначил носителем глобального каталога.
    В итоге имеем:
    DC1  - контроллер домена, DNS, носитель глобального каталога, носитель 5-и ролей FSMO
    DC2  - контроллер домена, DNS, носитель глобального каталога
    server2 - файл сервер, NAT

    Domain Controller Diagnosis

     DC1 dcdiag:
     
    C:\Documents and Settings\.SERVERV>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\DC1
          Starting test: Connectivity
             ......................... DC1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\DC1
          Starting test: Replications
             [Replications Check,DC1] A recent replication attempt failed:
                From DC2 to DC1
                Naming Context: DC=DomainDnsZones,DC=ServerV,DC=local
                The replication generated an error (1256):
                  .     
    ,     Windows.
                The failure occurred at 2009-07-19 22:00:01.
                The last success occurred at 2009-07-18 13:26:51.
                37 failures have occurred since the last success.
             [DC2] DsBindWithSpnEx() failed with error 1722,
              RPC ..
             [Replications Check,DC1] A recent replication attempt failed:
                From DC2 to DC1
                Naming Context: DC=ForestDnsZones,DC=ServerV,DC=local
                The replication generated an error (1256):
                  .     
    ,     Windows.
                The failure occurred at 2009-07-19 22:00:01.
                The last success occurred at 2009-07-18 13:25:05.
                35 failures have occurred since the last success.
             [Replications Check,DC1] A recent replication attempt failed:
                From DC2 to DC1
                Naming Context: CN=Schema,CN=Configuration,DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 22:00:44.
                The last success occurred at 2009-07-18 13:25:04.
                35 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC1] A recent replication attempt failed:
                From DC2 to DC1
                Naming Context: CN=Configuration,DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 22:00:23.
                The last success occurred at 2009-07-18 13:25:04.
                46 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC1] A recent replication attempt failed:
                From DC2 to DC1
                Naming Context: DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 22:00:01.
                The last success occurred at 2009-07-18 13:26:57.
                40 failures have occurred since the last success.
                The source remains down. Please check the machine.
             REPLICATION-RECEIVED LATENCY WARNING
             DC1:  Current time is 2009-07-19 22:48:36.
                DC=DomainDnsZones,DC=ServerV,DC=local
                   Last replication recieved from DC2 at 2009-07-18 13:26:51.
                DC=ForestDnsZones,DC=ServerV,DC=local
                   Last replication recieved from DC2 at 2009-07-18 13:25:06.
                CN=Schema,CN=Configuration,DC=ServerV,DC=local
                   Last replication recieved from DC2 at 2009-07-18 13:25:05.
                CN=Configuration,DC=ServerV,DC=local
                   Last replication recieved from DC2 at 2009-07-18 13:25:05.
                DC=ServerV,DC=local
                   Last replication recieved from DC2 at 2009-07-18 13:26:57.
             ......................... DC1 passed test Replications
          Starting test: NCSecDesc
             ......................... DC1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC1 passed test NetLogons
          Starting test: Advertising
             ......................... DC1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... DC1 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... DC1 passed test RidManager
          Starting test: MachineAccount
             ......................... DC1 passed test MachineAccount
          Starting test: Services
             ......................... DC1 passed test Services
          Starting test: ObjectsReplicated
             ......................... DC1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... DC1 passed test frssysvol
          Starting test: frsevent
             ......................... DC1 passed test frsevent
          Starting test: kccevent
             ......................... DC1 passed test kccevent
          Starting test: systemlog
             ......................... DC1 passed test systemlog
          Starting test: VerifyReferences
             ......................... DC1 passed test VerifyReferences

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : ServerV
          Starting test: CrossRefValidation
             ......................... ServerV passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ServerV passed test CheckSDRefDom

       Running enterprise tests on : ServerV.local
          Starting test: Intersite
             ......................... ServerV.local passed test Intersite
          Starting test: FsmoCheck
             ......................... ServerV.local passed test FsmoCheck

    C:\Documents and Settings\.SERVERV>


    DC1 netdiag:


    C:\Documents and Settings\.SERVERV>netdiag

    .....................................

        Computer Name: DC1
        DNS Host Name: dc1.ServerV.local
        System info : Microsoft Windows Server 2003 R2 (Build 3790)
        Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
        List of installed hotfixes :
            KB915800-v9
            KB923561
            KB924667-v2
            KB925398_WMP64
            KB925876
            KB925902-v2
            KB926122
            KB926140-v5
            KB927891
            KB929123
            KB930178
            KB932168
            KB933854
            KB936357
            KB936782
            KB938127
            KB938464-v2
            KB941569
            KB943055
            KB943460
            KB943729
            KB944338-v2
            KB944653
            KB945553
            KB946026
            KB948496
            KB950762
            KB950974
            KB951066
            KB951748
            KB952004
            KB952069
            KB952954
            KB954550-v5
            KB954600
            KB955069
            KB955839
            KB956572
            KB956802
            KB956803
            KB957097
            KB958644
            KB958687
            KB959426
            KB960225
            KB960803
            KB961118
            KB961371
            KB961501
            KB967715
            KB968537
            KB969897
            KB969897-IE8
            KB970238
            KB971633
            KB971930-IE8
            KB973346
            Q147222


    Netcard queries test . . . . . . . : Passed
        [WARNING] The net card ' WAN (IP) - Trend Micro Common Firewall Mini
    port' may not be working because it has not received any packets.
        GetStats failed for ' v '. [ERROR_NOT_SUPPORTED]
        [WARNING] The net card ' WAN (PPTP)' may not be working because it h
    as not received any packets.
        [WARNING] The net card ' WAN (PPPoE)' may not be working because it
    has not received any packets.
        [WARNING] The net card ' WAN (IP)' may not be working because it has
     not received any packets.
        GetStats failed for ' WAN (L2TP)'. [ERROR_NOT_SUPPORTED]

     

    Per interface results:

        Adapter :   

            Netcard queries test . . . : Passed

            Host Name. . . . . . . . . : dc1
            IP Address . . . . . . . . : 192.168.41.4
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.41.2
            Dns Servers. . . . . . . . : 192.168.41.4
                                         192.168.41.5


            AutoConfiguration results. . . . . . : Passed

            Default gateway test . . . : Passed

            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
    r Service', <20> 'WINS' names is missing.

            WINS service test. . . . . : Skipped
                There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
            NetBT_Tcpip_{451AE599-B733-4F55-A1D3-A6F93113BA04}
        1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
    ce', <03> 'Messenger Service', <20> 'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
        PASS - All the DNS entries for DC are registered on DNS server '192.168.41.4
    ' and other DCs also have some of the names registered.
           [WARNING] The DNS entries for this DC cannot be verified right now on DNS
     server 192.168.41.5, ERROR_TIMEOUT.


    Redir and Browser test . . . . . . : Passed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{451AE599-B733-4F55-A1D3-A6F93113BA04}
        The redir is bound to 1 NetBt transport.

        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{451AE599-B733-4F55-A1D3-A6F93113BA04}
        The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Failed
            Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
    FOUND]


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed
        [WARNING] Failed to query SPN registration on DC 'dc2.ServerV.local'.


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
        No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

        Note: run "netsh ipsec dynamic show /?" for more detailed information


    The command completed successfully

    C:\Documents and Settings\.SERVERV>

     
    DC2 dcdiag:
     
    C:\Documents and Settings\.SERVERV>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\DC2
          Starting test: Connectivity
             ......................... DC2 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\DC2
          Starting test: Replications
             [Replications Check,DC2] A recent replication attempt failed:
                From DC1 to DC2
                Naming Context: DC=DomainDnsZones,DC=ServerV,DC=local
                The replication generated an error (1256):
                  .     
    ,     Windows.
                The failure occurred at 2009-07-19 21:49:27.
                The last success occurred at 2009-07-18 19:45:47.
                13 failures have occurred since the last success.
             [DC1] DsBindWithSpnEx() failed with error 1722,
              RPC ..
             [Replications Check,DC2] A recent replication attempt failed:
                From DC1 to DC2
                Naming Context: DC=ForestDnsZones,DC=ServerV,DC=local
                The replication generated an error (1256):
                  .     
    ,     Windows.
                The failure occurred at 2009-07-19 21:49:27.
                The last success occurred at 2009-07-18 19:45:47.
                13 failures have occurred since the last success.
             [Replications Check,DC2] A recent replication attempt failed:
                From DC1 to DC2
                Naming Context: CN=Schema,CN=Configuration,DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 21:50:09.
                The last success occurred at 2009-07-18 19:45:39.
                13 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC2] A recent replication attempt failed:
                From DC1 to DC2
                Naming Context: CN=Configuration,DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 21:49:48.
                The last success occurred at 2009-07-18 19:45:47.
                13 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC2] A recent replication attempt failed:
                From DC1 to DC2
                Naming Context: DC=ServerV,DC=local
                The replication generated an error (1722):
                 RPC .
                The failure occurred at 2009-07-19 21:49:27.
                The last success occurred at 2009-07-18 19:45:47.
                13 failures have occurred since the last success.
                The source remains down. Please check the machine.
             REPLICATION-RECEIVED LATENCY WARNING
             DC2:  Current time is 2009-07-19 22:38:58.
                DC=DomainDnsZones,DC=ServerV,DC=local
                   Last replication recieved from DC1 at 2009-07-18 19:45:47.
                DC=ForestDnsZones,DC=ServerV,DC=local
                   Last replication recieved from DC1 at 2009-07-18 19:45:47.
                CN=Schema,CN=Configuration,DC=ServerV,DC=local
                   Last replication recieved from DC1 at 2009-07-18 19:45:39.
                CN=Configuration,DC=ServerV,DC=local
                   Last replication recieved from DC1 at 2009-07-18 19:45:39.
                DC=ServerV,DC=local
                   Last replication recieved from DC1 at 2009-07-18 19:45:47.
             ......................... DC2 passed test Replications
          Starting test: NCSecDesc
             ......................... DC2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC2 passed test NetLogons
          Starting test: Advertising
             Warning: DC2 is not advertising as a time server.
             ......................... DC2 failed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: DC1 is the Schema Owner, but is not responding to DS RPC Bind.

             [DC1] LDAP search failed with error 58,
                   ..
             Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
             Warning: DC1 is the Domain Owner, but is not responding to DS RPC Bind.

             Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
             Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
             Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
             Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
             Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
             Warning: DC1 is the Infrastructure Update Owner, but is not responding
    to DS RPC Bind.
             Warning: DC1 is the Infrastructure Update Owner, but is not responding
    to LDAP Bind.
             ......................... DC2 failed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... DC2 failed test RidManager
          Starting test: MachineAccount
             ......................... DC2 passed test MachineAccount
          Starting test: Services
             ......................... DC2 passed test Services
          Starting test: ObjectsReplicated
             ......................... DC2 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... DC2 passed test frssysvol
          Starting test: frsevent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... DC2 failed test frsevent
          Starting test: kccevent
             ......................... DC2 passed test kccevent
          Starting test: systemlog
             ......................... DC2 passed test systemlog
          Starting test: VerifyReferences
             ......................... DC2 passed test VerifyReferences

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : ServerV
          Starting test: CrossRefValidation
             ......................... ServerV passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ServerV passed test CheckSDRefDom

       Running enterprise tests on : ServerV.local
          Starting test: Intersite
             ......................... ServerV.local passed test Intersite
          Starting test: FsmoCheck
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
    5
             A Good Time Server could not be located.
             ......................... ServerV.local failed test FsmoCheck

    C:\Documents and Settings\.SERVERV>

    DC2 netdiag:
     
    C:\Documents and Settings\.SERVERV>netdiag

    .....................................

        Computer Name: DC2
        DNS Host Name: dc2.ServerV.local
        System info : Microsoft Windows Server 2003 R2 (Build 3790)
        Processor : x86 Family 6 Model 23 Stepping 7, GenuineIntel
        List of installed hotfixes :
            KB915800-v9
            KB923561
            KB924667-v2
            KB925398_WMP64
            KB925876
            KB925902-v2
            KB926122
            KB926140-v5
            KB927891
            KB929123
            KB930178
            KB932168
            KB933854
            KB936357
            KB936782
            KB938127
            KB938464-v2
            KB941569
            KB943055
            KB943460
            KB943729
            KB944338-v2
            KB944653
            KB945553
            KB946026
            KB948496
            KB950762
            KB950974
            KB951066
            KB951748
            KB952004
            KB952069
            KB952954
            KB954550-v5
            KB954600
            KB955069
            KB955839
            KB956572
            KB956802
            KB956803
            KB957097
            KB958644
            KB958687
            KB959426
            KB960225
            KB960803
            KB961118
            KB961371
            KB961501
            KB967715
            KB968537
            KB969897
            KB969897-IE8
            KB970238
            KB971633
            KB971930-IE8
            KB973346
            Q147222


    Netcard queries test . . . . . . . : Passed
        GetStats failed for ' v '. [ERROR_NOT_SUPPORTED]
        [WARNING] The net card ' WAN (PPTP)' may not be working because it h
    as not received any packets.
        [WARNING] The net card ' WAN (PPPoE)' may not be working because it
    has not received any packets.
        [WARNING] The net card ' WAN (IP)' may not be working because it has
     not received any packets.
        GetStats failed for ' WAN (L2TP)'. [ERROR_NOT_SUPPORTED]

     

    Per interface results:

        Adapter :     2

            Netcard queries test . . . : Passed

            Host Name. . . . . . . . . : dc2
            IP Address . . . . . . . . : 192.168.41.5
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.41.2
            Dns Servers. . . . . . . . : 192.168.41.5
                                         192.168.41.4


            AutoConfiguration results. . . . . . : Passed

            Default gateway test . . . : Passed

            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
    r Service', <20> 'WINS' names is missing.

            WINS service test. . . . . : Skipped
                There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
            NetBT_Tcpip_{2EFE1638-FCA0-4F32-AC05-32F265658648}
        1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
    ce', <03> 'Messenger Service', <20> 'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
        PASS - All the DNS entries for DC are registered on DNS server '192.168.41.5
    ' and other DCs also have some of the names registered.
           [WARNING] The DNS entries for this DC cannot be verified right now on DNS
     server 192.168.41.4, ERROR_TIMEOUT.


    Redir and Browser test . . . . . . : Passed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{2EFE1638-FCA0-4F32-AC05-32F265658648}
        The redir is bound to 1 NetBt transport.

        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{2EFE1638-FCA0-4F32-AC05-32F265658648}
        The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Failed
        [FATAL] Secure channel to domain 'SERVERV' is broken. [ERROR_NO_LOGON_SERVER
    S]


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed
        [WARNING] Failed to query SPN registration on DC 'dc1.ServerV.local'.


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
        No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

        Note: run "netsh ipsec dynamic show /?" for more detailed information


    The command completed successfully

    C:\Documents and Settings\.SERVERV>

    18 июля 2009 г. 20:36

Все ответы

  • >попытался перезагрузить DC2, но после перезагрузки он не встал
    И? Так и не запустили и не собираетесь? Непонятно. Предположим что вы его всё же починили.

    Оба контроллера являются DNS серверами? Тогда укажите в качестве первого DNS сервера противоположенный контроллер.
    Должно быть так:

            Host Name. . . . . . . . . : dc1
            IP Address . . . . . . . . : 192.168.41.4
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.41.2
            Dns Servers. . . . . . . . : 192.168.41.5
                                         192.168.41.4
    И на втором наоборот. Потом подождать репликацию (или запустить вручную), и снова dcdiag.


    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    19 июля 2009 г. 4:40
    Модератор
  • Я там человек приходящий, по этому быстро делать все не получается. Сервер сегодня перезагрузят и я дам знать новые dcdiag и netdiag. Сегодня вычитал у Станека, что в случае нескольких КД  и одного глобального каталога нельзя назначать глобальный каталог и хозяина инфраструктуры на один сервер. Если все КД являются носителями глобального каталога - тогда без разницы

    19 июля 2009 г. 11:54
  • Перезагружать серверы необязательно, достаточно повторно выполнить репликацию.

    > что в случае нескольких КД  и одного глобального каталога нельзя назначать глобальный каталог и хозяина инфраструктуры на один сервер. Если все КД являются носителями глобального каталога - тогда без разницы
    В случае если у вас в лесу только один домен (а я думаю что так и есть :) ) то тоже без разницы. Infrastructure master просто не будет работать, но в однодоменной среде он и не сильно то нужен :) Так что это к вашей проблеме отношения не имеет.


    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    19 июля 2009 г. 13:43
    Модератор
  • Василий, отредактировал первоначальное сообщение, там сейчас больше информации и вставил другую диагностику. С адресами ДНС попробовал сделать, как Вы сказали. Не помогло. Ниже привожу результаты ручной реплики:

    DC1 repadmin /syncall:
     
    C:\Documents and Settings\.SERVERV>repadmin /syncall
    CALLBACK MESSAGE: Error contacting server 73a6aaa1-2182-4a90-892c-52be7d162978._
    msdcs.ServerV.local (network error): 1722 (0x6ba):
         RPC .
    CALLBACK MESSAGE: SyncAll Finished.

    SyncAll reported the following errors:
    Error contacting server 73a6aaa1-2182-4a90-892c-52be7d162978._msdcs.ServerV.loca
    l (network error): 1722 (0x6ba):
         RPC .


    C:\Documents and Settings\.SERVERV>


    DC2 repadmin /syncall
     
    C:\Documents and Settings\.SERVERV>repadmin /syncall
    CALLBACK MESSAGE: Error contacting server d17c3604-622d-4468-b138-45b55d3c4965._
    msdcs.ServerV.local (network error): 1722 (0x6ba):
         RPC .
    CALLBACK MESSAGE: SyncAll Finished.

    SyncAll reported the following errors:
    Error contacting server d17c3604-622d-4468-b138-45b55d3c4965._msdcs.ServerV.loca
    l (network error): 1722 (0x6ba):
         RPC .

    C:\Documents and Settings\.SERVERV>

    Везде проскальзывает сообщение, что сервер RPC не доступен. В службах перевел "Локатор удаленного доступа RPC" на тип запуска авто и запустил в ручную. Не помогло.



    Мне не нравится пункт  Error contacting server d17c3604-622d-4468-b138-45b55d3c4965._msdcs.ServerV.local (network error): 1722 (0x6ba):
    В ДНС есть записи типа CNAME для каждого КД
    • Изменено Nemiroff_84 19 июля 2009 г. 20:03
    19 июля 2009 г. 19:28
  • nslookup d17c3604-622d-4468-b138-45b55d3c4965._msdcs.ServerV.local
    nslookup 73a6aaa1-2182-4a90-892c-52be7d162978._msdcs.ServerV.local
    отрабатывает нормально на обоих серверах?
    Попробуйте перезапустить службу netlogon (хотя если вы уже перезагружали серверы то не нужно)
    Настройки файрволла не менялись?
    Security configuration wizard не применяли?
    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    20 июля 2009 г. 4:25
    Модератор
  • DC1 nslookup
     
    C:\Documents and Settings\Администратор.SERVERV>nslookup d17c3604-622d-4468-b138
    -45b55d3c4965._msdcs.ServerV.local
    Server:  dc1.serverv.local
    Address:  192.168.41.4

    Name:    dc1.ServerV.local
    Address:  192.168.41.4
    Aliases:  d17c3604-622d-4468-b138-45b55d3c4965._msdcs.ServerV.local


    C:\Documents and Settings\Администратор.SERVERV>
    C:\Documents and Settings\Администратор.SERVERV>nslookup 73a6aaa1-2182-4a90-892c
    -52be7d162978._msdcs.ServerV.local
    Server:  dc1.serverv.local
    Address:  192.168.41.4

    *** dc1.serverv.local can't find 73a6aaa1-2182-4a90-892c-52be7d162978._msdcs.Ser
    verV.local: Non-existent domain

    C:\Documents and Settings\Администратор.SERVERV>



    DC2 nslookup:

    C:\Documents and Settings\Администратор.SERVERV>nslookup d17c3604-622d-4468-b138
    -45b55d3c4965._msdcs.ServerV.local
    Server:  dc2.serverv.local
    Address:  192.168.41.5

    Name:    dc1.ServerV.local
    Address:  192.168.41.4
    Aliases:  d17c3604-622d-4468-b138-45b55d3c4965._msdcs.ServerV.local


    C:\Documents and Settings\Администратор.SERVERV>nslookup 73a6aaa1-2182-4a90-892c
    -52be7d162978._msdcs.ServerV.local
    Server:  dc2.serverv.local
    Address:  192.168.41.5

    Name:    dc2.ServerV.local
    Address:  192.168.41.5
    Aliases:  73a6aaa1-2182-4a90-892c-52be7d162978._msdcs.ServerV.local


    C:\Documents and Settings\Администратор.SERVERV>


    Настройки файрволла не менялись.
    Security configuration wizard не применяли.
    Из nslookup c DC1 явно видно, что что-то не так. Что мне это дает?

    20 июля 2009 г. 7:04
  • Из nslookup видно что у вас серверы разрешают имена через самих себя. Вы точно исправили конфигурацию чтобы они ссылались на противоположенные серверы как я указал? Сделайте, проверьте что для разрешения имён используется удалённый сервер.


    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    20 июля 2009 г. 7:10
    Модератор
  • На данный момент они уже ссылаются на самих себя. Я поменя конфигурацию на "другой" сервер. Т.к. результата это не дало  я вернул назад.
    20 июля 2009 г. 7:32
  • Давайте опять вернём вперёд, и будем ждать результата. Врядли это единственная проблема в вашей конфигурации, и соответственно одним изменением порядок не навести. Но начать следует именно с этого, а уже потом лечить остальное.


    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    20 июля 2009 г. 7:35
    Модератор
  • Василий, посыпаю голову пеплом. Вы до этого нашли решение проблемы, а я ее упустил. Настройки файервола МЕНЯЛИСЬ, я включил брэндмауэр на обоих серверах.
    20 июля 2009 г. 12:02
  • Ну в самом факте включения файрволла ничего плохого нет, разве что надо удостоверится что открыты все необходимые порты для взаимодействия с другими контроллерами и клиентами.
    Впрочем у вас сейчас проблема в том что расходятся настройки DNS на серверах, для её исправления необходимо успешно выполнить репликацию, а для этого сначала указать в качестве DNS серверов противоположенные серверы. Может конечно помочь выполнение репликации с DC2 на DC1 но лучше сделать всё правильно.


    AKA Xaegr, MCSE: Security, Messaging; MCITP: Server\Enterprise Administrator; Блог: http://xaegr.wordpress.com
    20 июля 2009 г. 17:59
    Модератор