none
ISA 2006 после сноса блокирует порты RRS feed

  • Общие обсуждения

  • Добрый день.
    Появилась следующая трабла: на сервере когда-то один нехороший человек поставил ISA Server 2006, потом отключил сервисы, но недоснес его. Потом на нем подняли резервный DC, а ISA который в один не очень хороший день поднялся и заблочил на себя практически все пути доступа. С горем пополам удалось его (ISA) снести, однако через пару дней всплыла проблема репликации AD, в результати глюки домена, сам сервак пингуется, но с него ничего не пингуется (ни мир, ни внутрисеть), возможно ли как-то решить этот вопрос, удалив полностью ису? в сервисах её служб нет
    10 марта 2010 г. 8:44

Все ответы

  • Встроенный Firewall включен ?

    Предоставьте DCdiag, netdiag, ipconfig /all   c ваших DC

    Если сообщение было информативным, отметьте его как правильный ответ. Сразу видно ответ на вопрос :-)
    10 марта 2010 г. 8:53
  • ICS выключен
    Ipconfig /all
    Windows IP Configuration

       Host Name . . . . . . . . . . . . : dc-2
       Primary Dns Suffix  . . . . . . . : orgname.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : orgname.local

    Ethernet adapter LAN 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC7782 Gigabit Ser
       Physical Address. . . . . . . . . : 00-17-08-51-60-DF
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.123.21
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.123.254
       DNS Servers . . . . . . . . . . . : 192.168.123.1

    Ethernet adapter LAN 1:

       Connection-specific DNS Suffix  . : orgname.local
       Description . . . . . . . . . . . : HP NC7782 Gigabit Server adapter
       Physical Address. . . . . . . . . : 00-17-08-51-60-E0
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.123.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.123.254
       DNS Servers . . . . . . . . . . . : 192.168.123.2
                                           192.168.123.1

    Активно Ethernet adapter LAN 1, на втором параметры статики остались после танцев с бубном

    netdiag: Установленные апдейты не влезли

    Netcard queries test . . . . . . . : Passed
        [WARNING] The net card 'HP NC7782 Gigabit Server Adapter #2' may not be work
    ing.

     

    Per interface results:

        Adapter : LAN 2

            Netcard queries test . . . : Failed
            NetCard Status:          DISCONNECTED
                Some tests will be skipped on this interface.

            Host Name. . . . . . . . . : dc-2
            IP Address . . . . . . . . : 192.168.123.21
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.123.254
            Dns Servers. . . . . . . . : 192.168.123.1

     

            Ipx configration
                Network Number . . . . : 00000000
                Node . . . . . . . . . : 0017085160df
                Frame type . . . . . . : 802.2

     

        Adapter : LAN 1

            Netcard queries test . . . : Passed

            Host Name. . . . . . . . . : dc-2.orgname.local
            IP Address . . . . . . . . : 192.168.123.2
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 192.168.123.254
            Dns Servers. . . . . . . . : 192.168.123.2
                                         192.168.123.1


            AutoConfiguration results. . . . . . : Passed

            Default gateway test . . . : Failed
                No gateway reachable for this adapter.

            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
    r Service', <20> 'WINS' names is missing.
                No remote names have been found.

            WINS service test. . . . . : Skipped
                There are no WINS servers configured for this interface.

            Ipx configration
                Network Number . . . . : 00000000
                Node . . . . . . . . . : 0017085160e0
                Frame type . . . . . . : 802.2

     

        Adapter : IPX Internal Interface

            Netcard queries test . . . : Passed

            Ipx configration
                Network Number . . . . : 00000000
                Node . . . . . . . . . : 000000000001
                Frame type . . . . . . : Ethernet II

     

        Adapter : IpxLoopbackAdapter

            Netcard queries test . . . : Passed

            Ipx configration
                Network Number . . . . : 1234cdef
                Node . . . . . . . . . : 000000000002
                Frame type . . . . . . : 802.2

     

        Adapter : NDISWANIPX

            Netcard queries test . . . : Passed

            Ipx configration
                Network Number . . . . : 00000000
                Node . . . . . . . . . : fe1320524153
                Frame type . . . . . . : Ethernet II

     


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
        List of NetBt transports currently configured:
            NetBT_Tcpip_{6FDD578C-7582-41BD-A15E-C75F41D25FEB}
            NetBT_Tcpip_{E4B19F82-7D30-4D49-9A61-4774DF998660}
        2 NetBt transports currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Failed

        [FATAL] NO GATEWAYS ARE REACHABLE.
        You have no connectivity to other network segments.
        If you configured the IP protocol manually then
        you need to add at least one valid gateway.


    NetBT name test. . . . . . . . . . : Passed
        [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
    ce', <03> 'Messenger Service', <20> 'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
              [WARNING] Cannot find a primary authoritative DNS server for the name
                'dc-2.orgname.local.'. [ERROR_TIMEOUT]
                The name 'dc-2.orgname.local.' may not be registered in DNS.
           [WARNING] The DNS entries for this DC cannot be verified right now on DNS
     server 192.168.123.1, ERROR_TIMEOUT.
        PASS - All the DNS entries for DC are registered on DNS server '192.168.123.
    2' and other DCs also have some of the names registered.


    Redir and Browser test . . . . . . : Passed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{6FDD578C-7582-41BD-A15E-C75F41D25FEB}
            NetBT_Tcpip_{E4B19F82-7D30-4D49-9A61-4774DF998660}
        The redir is bound to 2 NetBt transports.

        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{6FDD578C-7582-41BD-A15E-C75F41D25FEB}
            NetBT_Tcpip_{E4B19F82-7D30-4D49-9A61-4774DF998660}
        The browser is bound to 2 NetBt transports.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Failed
        Secure channel for domain 'orgname' is to '\\DC-1'.
        [FATAL] Cannot set secure channel for domain 'orgname' to PDC emulator. [E
    RROR_NO_LOGON_SERVERS]


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed
        [WARNING] Failed to query SPN registration on DC 'dc-1.orgname.local'.


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
        No active remote access connections.


    Modem diagnostics test . . . . . . : Passed


    Netware configuration
        You are not logged in to your preferred server .
        Netware User Name. . . . . . . :
        Netware Server Name. . . . . . :
        Netware Tree Name. . . . . . . :
        Netware Workstation Context. . :

    IP Security test . . . . . . . . . : Skipped

        Note: run "netsh ipsec dynamic show /?" for more detailed information


    The command completed successfully

    Dcdiag:



    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Our-Site-Name\DC-2
          Starting test: Connectivity
             ......................... DC-2 passed test Connectivity

    Doing primary tests

       Testing server: Our-Site-Name\DC-2
          Starting test: Replications
             [Replications Check,DC-2] A recent replication attempt failed:
                From DC-1 to DC-2
                Naming Context: DC=DomainDnsZones,DC=orgname,DC=local
                The replication generated an error (1256):
                Win32 Error 1256
                The failure occurred at 2010-03-10 11:48:31.
                The last success occurred at 2010-03-01 16:47:28.
                214 failures have occurred since the last success.
             [DC-1] DsBindWithSpnEx() failed with error 1722,
             Win32 Error 1722.
             [Replications Check,DC-2] A recent replication attempt failed:
                From DC-1 to DC-2
                Naming Context: DC=ForestDnsZones,DC=orgname,DC=local
                The replication generated an error (1256):
                Win32 Error 1256
                The failure occurred at 2010-03-10 11:48:31.
                The last success occurred at 2010-03-01 16:47:28.
                214 failures have occurred since the last success.
             [Replications Check,DC-2] A recent replication attempt failed:
                From DC-1 to DC-2
                Naming Context: CN=Schema,CN=Configuration,DC=orgname,DC=local
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2010-03-10 11:49:14.
                The last success occurred at 2010-03-01 16:47:28.
                214 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC-2] A recent replication attempt failed:
                From DC-1 to DC-2
                Naming Context: CN=Configuration,DC=orgname,DC=local
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2010-03-10 11:57:04.
                The last success occurred at 2010-03-01 16:47:28.
                498 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,DC-2] A recent replication attempt failed:
                From DC-1 to DC-2
                Naming Context: DC=orgname,DC=local
                The replication generated an error (1722):
                Win32 Error 1722
                The failure occurred at 2010-03-10 12:13:52.
                The last success occurred at 2010-03-01 16:47:28.
                3451 failures have occurred since the last success.
                The source remains down. Please check the machine.
             REPLICATION-RECEIVED LATENCY WARNING
             DC-2:  Current time is 2010-03-10 12:14:06.
                DC=DomainDnsZones,DC=orgname,DC=local
                   Last replication recieved from DC-1 at 2010-03-01 16:47:29.
                DC=ForestDnsZones,DC=orgname,DC=local
                   Last replication recieved from DC-1 at 2010-03-01 16:47:29.
                CN=Schema,CN=Configuration,DC=orgname,DC=local
                   Last replication recieved from DC-1 at 2010-03-01 16:47:29.
                CN=Configuration,DC=orgname,DC=local
                   Last replication recieved from DC-1 at 2010-03-01 16:47:29.
                DC=orgname,DC=local
                   Last replication recieved from DC-1 at 2010-03-01 16:47:28.
             ......................... DC-2 passed test Replications
          Starting test: NCSecDesc
             ......................... DC-2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC-2 passed test NetLogons
          Starting test: Advertising
             ......................... DC-2 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: DC-1 is the Schema Owner, but is not responding to DS RPC Bind
    .
             [DC-1] LDAP search failed with error 58,
             Win32 Error 58.
             Warning: DC-1 is the Schema Owner, but is not responding to LDAP Bind.
             Warning: DC-1 is the Domain Owner, but is not responding to DS RPC Bind
    .
             Warning: DC-1 is the Domain Owner, but is not responding to LDAP Bind.
             Warning: CN=NTDS Settings\0ADEL:dbae9cd7-058f-4ac8-a020-78bd0163abf0,CN
    =DC\0ADEL:1be60028-42e2-44c7-a7d1-3e369e68edf2,CN=Servers,CN=Our-Site-Name,C
    N=Sites,CN=Configuration,DC=orgname,DC=local is the PDC Owner, but is deleted.

             Warning: CN=NTDS Settings\0ADEL:dbae9cd7-058f-4ac8-a020-78bd0163abf0,CN
    =DC\0ADEL:1be60028-42e2-44c7-a7d1-3e369e68edf2,CN=Servers,CN=Our-Site-Name,C
    N=Sites,CN=Configuration,DC=orgname,DC=local is the Rid Owner, but is deleted.

             Warning: CN=NTDS Settings\0ADEL:dbae9cd7-058f-4ac8-a020-78bd0163abf0,CN
    =DC\0ADEL:1be60028-42e2-44c7-a7d1-3e369e68edf2,CN=Servers,CN=Our-Site-Name,C
    N=Sites,CN=Configuration,DC=orgname,DC=local is the Infrastructure Update Owne
    r, but is deleted.
             ......................... DC-2 failed test KnowsOfRoleHolders
          Starting test: RidManager
             Warning: FSMO Role Owner is deleted.
             ldap_search_sW of CN=DC\0ADEL:1be60028-42e2-44c7-a7d1-3e369e68edf2,CN=S
    ervers,CN=Our-Site-Name,CN=Sites,CN=Configuration,DC=orgname,DC=local for
    hostname failed with 2: Win32 Error 2
             ......................... DC-2 failed test RidManager
          Starting test: MachineAccount
             ......................... DC-2 passed test MachineAccount
          Starting test: Services
             ......................... DC-2 passed test Services
          Starting test: ObjectsReplicated
             ......................... DC-2 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... DC-2 passed test frssysvol
          Starting test: frsevent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... DC-2 failed test frsevent
          Starting test: kccevent
             ......................... DC-2 passed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 03/10/2010   11:26:38
                (Event String could not be retrieved)
             ......................... DC-2 failed test systemlog
          Starting test: VerifyReferences
             ......................... DC-2 passed test VerifyReferences

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : orgname
          Starting test: CrossRefValidation
             ......................... orgname passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... orgname passed test CheckSDRefDom

       Running enterprise tests on : orgname.local
          Starting test: Intersite
             ......................... orgname.local passed test Intersite
          Starting test: FsmoCheck
             ......................... orgname.local passed test FsmoCheck

    10 марта 2010 г. 9:17
  • ну что, никто ничего не подскажет?
    10 марта 2010 г. 18:11
  • Опишите топологию сети

    Каким образом этот сервер подключен к сети, перед ним есть какие то устройства 3го уровня (маршрутизаторы "умные свичи")?

    Для начала я бы вытер второй шлюз с отключенной сетевой и перезагрузил бы сервер.

    Как вы пингуете по имени или по адресу, может проблема с DNS?

    route print гляньте.

    Ну и вот, что меня смутило:

       Default gateway test . . . : Failed
                No gateway reachable for this adapter.
    11 марта 2010 г. 7:08
  • со шлюзом сейчас проверю. а С НЕГО пинги не идут ни по шлюзу, ни по ИП, на него rdp, smb и sql пускает. а вот репликацию сделать он не может с основным DC. ща попробую второе подключение убрать
    11 марта 2010 г. 10:57
  • Уважаемый Stanislaw W. , как продвигается решение проблемы, вы смогли разобраться со шлюзом?
    16 марта 2010 г. 15:59
    Модератор