none
Долго длится этап "Подготовка сетевых подключений" при старте одного из контроллеров домена. RRS feed

  • Общие обсуждения

  • Ситуация следующая: в одной подсети имеются два контроллера домена, оба выполняют роль глобального каталога, на обоих установлена роль DNS (интегрирован в AD). При старте одного котроллера домена, этап "Подготовка сетевых подключений" длится более 5 минут. Когда же к уже запущенному контроллеру домена запускаешь второй контроллер, то все проходит быстро (секунд 20-30).

    Понимаю, что проблема скорей всего связана с DNS сервером. Настройки DNS выглядят следующим образом: каждый из контроллеров домена для себя является первичным DNS сервером, вторичным же указан второй из контроллеров.

    Результат dcdiag при одном запущенном контроллере:

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\INFINITY
          Starting test: Connectivity
             ......................... INFINITY passed test Connectivity

    Doing primary tests
      
       Testing server: Default-First-Site-Name\INFINITY
          Starting test: Replications
             [Replications Check,INFINITY] A recent replication attempt failed:
                From ETERNITY to INFINITY
                Naming Context: DC=ForestDnsZones,DC=adm,DC=trg
                The replication generated an error (8524):
                ЋЇҐа жЁп DSA ­Ґ ᬮЈ«  Ўлвм ўлЇ®«­Ґ­ , в.Є. Їа®Ё§®и«  ®иЁЎЄ  Ї®ЁбЄ  ў DNS.
                The failure occurred at 2008-07-24 22:23:07.
                The last success occurred at 2008-07-24 21:22:26.
                1 failures have occurred since the last success.
                The guid-based DNS name 253d7e7e-e358-4c4b-ba78-ed06bffbaba1._msdcs.adm.trg
                is not registered on one or more DNS servers.
             [ETERNITY] DsBindWithSpnEx() failed with error 1722,
             ‘ҐаўҐа RPC ­Ґ¤®бвгЇҐ­..
             [Replications Check,INFINITY] A recent replication attempt failed:
                From ETERNITY to INFINITY
                Naming Context: DC=DomainDnsZones,DC=adm,DC=trg
                The replication generated an error (8524):
                ЋЇҐа жЁп DSA ­Ґ ᬮЈ«  Ўлвм ўлЇ®«­Ґ­ , в.Є. Їа®Ё§®и«  ®иЁЎЄ  Ї®ЁбЄ  ў DNS.
                The failure occurred at 2008-07-24 22:22:00.
                The last success occurred at 2008-07-24 21:22:29.
                1 failures have occurred since the last success.
                The guid-based DNS name 253d7e7e-e358-4c4b-ba78-ed06bffbaba1._msdcs.adm.trg
                is not registered on one or more DNS servers.
             [Replications Check,INFINITY] A recent replication attempt failed:
                From ETERNITY to INFINITY
                Naming Context: CN=Schema,CN=Configuration,DC=adm,DC=trg
                The replication generated an error (8524):
                ЋЇҐа жЁп DSA ­Ґ ᬮЈ«  Ўлвм ўлЇ®«­Ґ­ , в.Є. Їа®Ё§®и«  ®иЁЎЄ  Ї®ЁбЄ  ў DNS.
                The failure occurred at 2008-07-24 22:20:54.
                The last success occurred at 2008-07-24 17:47:30.
                6 failures have occurred since the last success.
                The guid-based DNS name 253d7e7e-e358-4c4b-ba78-ed06bffbaba1._msdcs.adm.trg
                is not registered on one or more DNS servers.
             [Replications Check,INFINITY] A recent replication attempt failed:
                From ETERNITY to INFINITY
                Naming Context: CN=Configuration,DC=adm,DC=trg
                The replication generated an error (8524):
                ЋЇҐа жЁп DSA ­Ґ ᬮЈ«  Ўлвм ўлЇ®«­Ґ­ , в.Є. Їа®Ё§®и«  ®иЁЎЄ  Ї®ЁбЄ  ў DNS.
                The failure occurred at 2008-07-24 22:19:47.
                The last success occurred at 2008-07-24 21:22:20.
                1 failures have occurred since the last success.
                The guid-based DNS name 253d7e7e-e358-4c4b-ba78-ed06bffbaba1._msdcs.adm.trg
                is not registered on one or more DNS servers.
             [Replications Check,INFINITY] A recent replication attempt failed:
                From ETERNITY to INFINITY
                Naming Context: DC=adm,DC=trg
                The replication generated an error (8524):
                ЋЇҐа жЁп DSA ­Ґ ᬮЈ«  Ўлвм ўлЇ®«­Ґ­ , в.Є. Їа®Ё§®и«  ®иЁЎЄ  Ї®ЁбЄ  ў DNS.
                The failure occurred at 2008-07-24 22:18:44.
                The last success occurred at 2008-07-24 21:22:23.
                1 failures have occurred since the last success.
                The guid-based DNS name 253d7e7e-e358-4c4b-ba78-ed06bffbaba1._msdcs.adm.trg
                is not registered on one or more DNS servers.
             ......................... INFINITY passed test Replications
          Starting test: NCSecDesc
             ......................... INFINITY passed test NCSecDesc
          Starting test: NetLogons
             ......................... INFINITY passed test NetLogons
          Starting test: Advertising
             Warning: INFINITY is not advertising as a time server.
             ......................... INFINITY failed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: ETERNITY is the Schema Owner, but is not responding to DS RPC Bind.
             [ETERNITY] LDAP search failed with error 58,
             “Є § ­­л© бҐаўҐа ­Ґ ¬®¦Ґв ўлЇ®«­Ёвм вॡ㥬го ®ЇҐа жЁо..
             Warning: ETERNITY is the Schema Owner, but is not responding to LDAP Bind.
             Warning: ETERNITY is the Domain Owner, but is not responding to DS RPC Bind.
             Warning: ETERNITY is the Domain Owner, but is not responding to LDAP Bind.
             Warning: ETERNITY is the PDC Owner, but is not responding to DS RPC Bind.
             Warning: ETERNITY is the PDC Owner, but is not responding to LDAP Bind.
             Warning: ETERNITY is the Rid Owner, but is not responding to DS RPC Bind.
             Warning: ETERNITY is the Rid Owner, but is not responding to LDAP Bind.
             Warning: ETERNITY is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
             Warning: ETERNITY is the Infrastructure Update Owner, but is not responding to LDAP Bind.
             ......................... INFINITY failed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... INFINITY failed test RidManager
          Starting test: MachineAccount
             ......................... INFINITY passed test MachineAccount
          Starting test: Services
             ......................... INFINITY passed test Services
          Starting test: ObjectsReplicated
             ......................... INFINITY passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... INFINITY passed test frssysvol
          Starting test: frsevent
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             ......................... INFINITY failed test frsevent
          Starting test: kccevent
             An Error Event occured.  EventID: 0xC0250827
                Time Generated: 07/24/2008   22:18:44
                (Event String could not be retrieved)
             ......................... INFINITY failed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 07/24/2008   22:17:58
                (Event String could not be retrieved)
             ......................... INFINITY failed test systemlog
          Starting test: VerifyReferences
             ......................... INFINITY passed test VerifyReferences
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : adm
          Starting test: CrossRefValidation
             ......................... adm passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... adm passed test CheckSDRefDom
      
       Running enterprise tests on : adm.trg
          Starting test: Intersite
             ......................... adm.trg passed test Intersite
          Starting test: FsmoCheck
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
             A Good Time Server could not be located.
             ......................... adm.trg failed test FsmoCheck
    24 июля 2008 г. 16:38

Все ответы


  • Ну всё будет хорошо если сервера будут перегружаться по очереди.
    25 июля 2008 г. 4:46
  •  Александр Мельников написано:

    Ну всё будет хорошо если сервера будут перегружаться по очереди.


    То есть ситуация с долго стартующим первым контроллером домена является нормальной?
    25 июля 2008 г. 4:58



  • Если второй в дауне то, да.
    25 июля 2008 г. 5:13
  •  

    Можно попробовать вылечить только путем вынесения роли DNS на отдельный сервер, который будет доступен в момент старта первого контролле.

    А так получается, что для старта контроллера нужен DNS, а для старта DNS нужен контроллер (AD), поскольку зона интегрированная.

    В принципе, кроме долго старта первого из кнтроллеров, этоничем не грозит, только раздражает слегка.

    25 июля 2008 г. 7:32
  • В подобной ситуации обычно назначают в качестве первичного DNS другой сервер, а в качестве вторичного - локалхост. Загрузка будет немного быстрее (экономится время на опрос локальной незапущенной службы DNS), но это при одновременном выключении контроллеров ситуация будет прежней.

    25 июля 2008 г. 7:56