由于某种原因,我一直在解决本地域名问题。 我整个networking的简短描述是:我们有两个办公室。 每个办公室都有自己的DC和自己的防火墙,但两个办公室都是相互复制的。 现在,其中一个办公室networking工作得很好,我遇到的问题是我目前正在使用的那个。
作为一个例子,我可以访问\\ server1 \ myshare,但是我无法访问当前networking上的\\ mydomain.net \ myshare。 在另一个networking上,一切正常。 现在,当我在服务器1上的RDP时,我可以访问域,但有时我不能。 我相信我已经追查到了罪魁祸首,但我甚至不知道如何开始解决这个问题。 这是dcdiag输出:
C:\Users\Administrator>dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = BGS-HQ-VRDSVR01 * Identified AD Forest. Ldap search capabality attribute search failed on server BGS-CP-VRDSVR01, return value = 81 Got error while checking if the DC is using FRS or DFSR. Error: Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. Done gathering initial info. Doing initial required tests Testing server: BGS-HQ\BGS-HQ-VRDSVR01 Starting test: Connectivity The host 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings. ......................... BGS-HQ-VRDSVR01 failed test Connectivity Doing primary tests Testing server: BGS-HQ\BGS-HQ-VRDSVR01 Skipping all tests, because server BGS-HQ-VRDSVR01 is not responding to 现在..关于这个有趣的部分是,我跑了以下几点:
C:\Users\Administrator>nslookup 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.bill sgs.net Server: bgs-hq-vrdsvr01.billsgs.net Address: 192.168.40.13 Name: bgs-hq-vrdsvr01.billsgs.net Address: 192.168.40.13 Aliases: 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net
任何build议,将不胜感激。 我是一个程序员,而不是networkingpipe理员,所以我当然不知道很多debugging技术,特别是Windows服务器。
此外,作为一个方面说明,我们暂时禁用了复制服务器,因为由于某些原因,它实际上使用了服务器上所有12GB的RAM。 我不确定这是否是相关的,但现在它是在旁边。
编辑:我很抱歉,我们正在运行的Windows Server 2008 R2和以下是从服务器的ipconfig /所有。
C:\Users\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : BGS-HQ-VRDSVR01 Primary Dns Suffix . . . . . . . : billsgs.net Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : billsgs.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-03-BA-38 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.40.13(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.40.254 DNS Servers . . . . . . . . . . . : 192.168.40.13 192.168.40.254 Primary WINS Server . . . . . . . : 192.168.40.13 Secondary WINS Server . . . . . . : 192.168.41.17 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{ADEC15A8-2603-40EB-964C-489CCBD11E08}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
编辑:这是我跑的DNStesting的输出。
C:\Users\Administrator>dcdiag /test:DNS Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = BGS-HQ-VRDSVR01 * Identified AD Forest. Ldap search capabality attribute search failed on server BGS-CP-VRDSVR01, return value = 81 Got error while checking if the DC is using FRS or DFSR. Error: Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. Done gathering initial info. Doing initial required tests Testing server: BGS-HQ\BGS-HQ-VRDSVR01 Starting test: Connectivity The host 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings. ......................... BGS-HQ-VRDSVR01 failed test Connectivity Doing primary tests Testing server: BGS-HQ\BGS-HQ-VRDSVR01 Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... ......................... BGS-HQ-VRDSVR01 passed test DNS Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : billsgs Running enterprise tests on : billsgs.net Starting test: DNS Test results for domain controllers: DC: BGS-HQ-VRDSVR01.billsgs.net Domain: billsgs.net TEST: Basic (Basc) Error: No LDAP connectivity Warning: adapter [00000007] Intel(R) PRO/1000 MT Network Connection has invalid DNS server: 192.168.40.254 (<name unavailable>) No host records (A or AAAA) were found for this DC TEST: Forwarders/Root hints (Forw) Error: All forwarders in the forwarder list are invalid. Error: Both root hints and forwarders are not configured or broken. Please make sure at least one of them works. TEST: Delegations (Del) Error: DNS server: bgs-cp-vrdsvr01.billsgs.net. IP:192.168.41.17 [Broken delegated domain _msdcs.billsgs.net.] Error: DNS server: bgs-cp-vrdsvr01.billsgs.net. IP:192.168.41.17 [Broken delegated domain cp.billsgs.net.] TEST: Dynamic update (Dyn) Warning: Failed to add the test record dcdiag-test-record in zone billsgs.net TEST: Records registration (RReg) Network Adapter [00000007] Intel(R) PRO/1000 MT Network Connection: Warning: Missing CNAME record at DNS server 192.168.40.254: 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.22017278-29d1-493a-b72d-e44b31411a70.domains._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kerberos._tcp.dc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.dc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kerberos._tcp.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kerberos._udp.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kpasswd._tcp.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.BGS-HQ._sites.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kerberos._tcp.BGS-HQ._sites.dc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.BGS-HQ._sites.dc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _kerberos._tcp.BGS-HQ._sites.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.gc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _gc._tcp.BGS-HQ._sites.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.BGS-HQ._sites.gc._msdcs.billsgs.net Error: Missing SRV record at DNS server 192.168.40.254: _ldap._tcp.pdc._msdcs.billsgs.net Error: Record registrations cannot be found for all the network adapters Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.41.17 (bgs-cp-vrdsvr01.billsgs.net.) 2 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.41.17 DNS server: 128.63.2.53 (h.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53 DNS server: 128.8.10.90 (d.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90 DNS server: 192.112.36.4 (g.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4 DNS server: 192.168.40.254 (<name unavailable>) 1 test failure on this DNS server Name resolution is not functional. _ldap._tcp.billsgs.net. failed on the DNS server 192.168.40.254 DNS server: 192.203.230.10 (e.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10 DNS server: 192.228.79.201 (b.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201 DNS server: 192.33.4.12 (c.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12 DNS server: 192.36.148.17 (i.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17 DNS server: 192.5.5.241 (f.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241 DNS server: 192.58.128.30 (j.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30 DNS server: 193.0.14.129 (k.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129 DNS server: 198.41.0.4 (a.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4 DNS server: 199.7.83.42 (l.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42 DNS server: 202.12.27.33 (m.root-servers.net.) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33 DNS server: 209.253.113.10 (<name unavailable>) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.253.113.10 DNS server: 209.253.113.2 (<name unavailable>) 1 test failure on this DNS server PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.253.113.2 Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: billsgs.net BGS-HQ-VRDSVR01 PASS FAIL FAIL FAIL WARN FAIL n/a ......................... billsgs.net failed test DNS
和..“repadmin /绑定BGS-VRDSVR01”输出..
C:\Users\Administrator.BILLSGS>repadmin /bind BGS-HQ-VRDSVR01 Bind to BGS-HQ-VRDSVR01 succeeded. NTDSAPI V1 BindState, printing extended members. bindAddr: BGS-HQ-VRDSVR01 Extensions supported (cb=48): BASE : Yes ASYNCREPL : Yes REMOVEAPI : Yes MOVEREQ_V2 : Yes GETCHG_COMPRESS : Yes DCINFO_V1 : Yes RESTORE_USN_OPTIMIZATION : Yes KCC_EXECUTE : Yes ADDENTRY_V2 : Yes LINKED_VALUE_REPLICATION : Yes DCINFO_V2 : Yes INSTANCE_TYPE_NOT_REQ_ON_MOD : Yes CRYPTO_BIND : Yes GET_REPL_INFO : Yes STRONG_ENCRYPTION : Yes DCINFO_VFFFFFFFF : Yes TRANSITIVE_MEMBERSHIP : Yes ADD_SID_HISTORY : Yes POST_BETA3 : Yes GET_MEMBERSHIPS2 : Yes GETCHGREQ_V6 (WINDOWS XP PREVIEW): Yes NONDOMAIN_NCS : Yes GETCHGREQ_V8 (WINDOWS XP BETA 1) : Yes GETCHGREPLY_V5 (WINDOWS XP BETA 2): Yes GETCHGREPLY_V6 (WINDOWS XP BETA 2): Yes ADDENTRYREPLY_V3 (WINDOWS XP BETA 3): Yes GETCHGREPLY_V7 (WINDOWS XP BETA 3) : Yes VERIFY_OBJECT (WINDOWS XP BETA 3): Yes XPRESS_COMPRESSION : Yes DRS_EXT_ADAM : No GETCHGREQ_V10 : Yes RECYCLE BIN FEATURE : No Site GUID: afe99967-2bae-4850-b6c8-a84fc37cbd87 Repl epoch: 0 Forest GUID: 1c4eb6fd-77b5-46de-a4b0-c9c51087eb7d Security information on the binding is as follows: SPN Requested: LDAP/BGS-HQ-VRDSVR01 Authn Service: 9 Authn Level: 6 Authz Service: 0
另外,这里是一个处理列表…
要查看这是否是基于主机的防火墙相关,暂时closures域,公共和私人configuration文件。 您是否有多个接口,如Windows Server 2008中最严格的configuration文件生效。 从提升的命令提示符运行此
内存使用情况可能会引起误解。 通常使用,但必要时释放。 查看资源耗尽检测器操作事件日志(打开eventvwr并转至应用程序和服务/ microsoft / windows /资源耗尽检测器/操作)以确定是否内存不足。
使用Process Explorer来查看内存使用情况并查看可用的内容。 如果可用性很低,请查看Syinternals的RAMMap以了解使用情况。 请参阅http://blogs.technet.com/b/askperf/archive/2010/08/13/introduction-to-the-new-sysinternals-tool-rammap.aspx中解释的RAMmap,因为我已经有了metafile是“消耗“它。 但是这是预期的行为。
DCDiag中的错误81意味着LDAP服务器无法访问。 DC上是否有任何第三方产品提供捆绑的防病毒+防火墙行为? 如果你可以在DC上本地访问LDAP,但是不能在远程访问,如果你确定没有使用基于主机的防火墙,我会检查是否有任何中间networking设备正在过滤/丢弃数据包。
如果您在任何适配器上都有公用networking,请确保主DNS服务器是为我解决问题的“公共IP”。