服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Windows 2003服务器:无法join域
Intereting Posts
间歇性FTPlogin问题(Microsoft IIS FTP服务) PXE启动linux。 PXE-E51:未收到DHCP或proxyDHCP优惠 静态IP与DHCP保留 安全地分开一个raidctl镜子 你可以在另一个用户下运行一个特定的tomcat Web应用程序吗? ASPNET WMI类不可用 GSM调制解调器为Linux mysqld.sock应该包含什么,为什么我不拥有它? 在地址栏中列出未发现的url更改url 当我禁用SQL备份中的过时参数时,它会改变什么吗? SKIP,统计,Nounload,norewind等 共享主机:如何防止滥用和〜通配符文件夹访问? ex domain.com/~username 虚拟环境中物理机发生故障时会发生什么? Tomcat SSL集成问题 MaraDNS区域转移 如何从SCCM自动删除陈旧的电脑帐户?

Windows 2003服务器:无法join域

我本来试图重新join到一个networking,导致“无法find域”错误的计算机。 用户名/密码框甚至没有出现。

我跑的一些testing:
我可以ping服务器名称。
我无法ping通服务器的FQD.N
我无法ping域名domain1.local
nslookup找不到域名。

所以我去DNS并运行netdiag.exe,并给我这个错误: 

 DNS test . . . . . . . . . . . . . : Failed [WARNING] Cannot find a primary authoritative DNS server for the name 'stmartinsrv.stmartin.local.'. [RCODE_SERVER_FAILURE] The name 'srv.domain1.local.' may not be registered in DNS. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '68.94.156.1'. Please wait for 30 minutes for DNS server replication. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '68.94.157.1'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B} The browser is bound to 1 NetBt transport.

然后运行dcdiag, 

 C:\Program Files\Support Tools>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SRV Starting test: Connectivity The host 1c99f63c-49ec-40db-b3d3-6265c00fbd3e._msdcs.domain1.local cou ld not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (1c99f63c-49ec-40db-b3d3-6265c00fbd3e._msdcs.domain1.local) couldn't be resolved, the server name (srv.domain1.local) resolved to the IP address (192.168.1.21) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... SRV failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SRV Skipping all tests, because server SRV is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : domain1 Starting test: CrossRefValidation ......................... domain1 passed test CrossRefValidation Starting test: CheckSDRefDom ......................... domain1 passed test CheckSDRefDom Running enterprise tests on : domain1.local Starting test: Intersite ......................... domain1.local passed test Intersite Starting test: FsmoCheck ......................... domain1.local passed test FsmoCheck

从以前的post,我已经尝试将域后缀添加到NIC IP属性到客户端计算机和域控制器服务器没有帮助。

注意:服务器上只有一个NIC。

有任何想法吗?

更新 :我通过从本地NIC卡中删除ISP DNS IP地址,并将SRV服务器IP地址(192.168.xx)添加到NIC卡的IP属性的DNS选项卡中,部分解决了问题。 现在,当我在SRV上运行nslookup时,它将在本地parsing为域名。 当我在domain1.local上运行nslookup时,它在服务器上本地parsing到服务器IP地址的域。 但是,当我尝试在客户端计算机上执行相同的操作时,我仍尝试运行nslookup domain1.local和FQDN时收到未知的主机响应。

更新2 :我也手动设置客户端的网卡IP地址设置在DNS选项卡也没有工作。 但我仍然可以ping域控制器/ DNS服务器

在客户端运行ipconfig和nslookup时: 

 C:\Documents and Settings\Administrator>ping domain1.local Ping request could not find host domain1.local. Please check the name and try a gain. C:\Documents and Settings\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : CLIENT02 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain1.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : domain1.local Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Con nection Physical Address. . . . . . . . . : 00-1A-A0-8B-94-87 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.107 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.21 192.168.0.1 Lease Obtained. . . . . . . . . . : Sunday, April 11, 2010 8:45:15 PM Lease Expires . . . . . . . . . . : Sunday, April 18, 2010 7:24:15 PM C:\Documents and Settings\Administrator>nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.1.21: Timed out *** Can't find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.1.21 > server 192.168.1.21 DNS request timed out. timeout was 2 seconds. Default Server: [192.168.1.21] Address: 192.168.1.21 > C:\Documents and Settings\Administrator>nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.1.21: Timed out *** Can't find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.1.21 > ls domain1.local ls: connect: No error *** Can't list domain domain1.local: Unspecified error >

然后我跑了netdiag /d:domain1.local 

 ................................... Computer Name: CLIENT02 DNS Host Name: CLIENT02 System info : Windows 2000 Professional (Build 2600) Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel List of installed hotfixes : KB835221WXP KB888111WXPSP2 KB893803v2 Q147222 Netcard queries test . . . . . . . : Passed GetStats failed for 'Intel(R) 82562V-2 10/100 Network Connection - AGN Filter Interface'. [ERROR_GEN_FAILURE] Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : CLIENT02.domain1.local IP Address . . . . . . . . : 192.168.1.107 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.1.1 Dns Servers. . . . . . . . : 192.168.1.21 192.168.0.1 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Ipx configration Network Number . . . . : 00000000 Node . . . . . . . . . : 001aa08b9487 Frame type . . . . . . : 802.2 Adapter : IPX Internal Interface Netcard queries test . . . : Passed Ipx configration Network Number . . . . : 00000000 Node . . . . . . . . . : 000000000001 Frame type . . . . . . : Ethernet II Adapter : IpxLoopbackAdapter Netcard queries test . . . : Passed Ipx configration Network Number . . . . : 1234cdef Node . . . . . . . . . : 000000000002 Frame type . . . . . . : 802.2 Adapter : NDISWANIPX Netcard queries test . . . : Passed Ipx configration Network Number . . . . : 00000000 Node . . . . . . . . . : f6f220524153 Frame type . . . . . . : Ethernet II Global results: Domain membership test . . . . . . : Passed Dns domain name is not specified. Dns forest name is not specified. NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Failed This computer cannot be joined to the [domain1.local] domain because of one of the following reasons. 1. The DNS SRV record for [domain1.local] is not registered in DNS; or 2. A zone from the following list of DNS zones does not include delegation to its child zone. Such zones can include [_ldap._tcp.dc._msdcs.domain1.local], and root zone. Ask your network/DNS administrator to perform the following actions: To find out why the SRV record for [domain1.local, local] is not registered in the DNS, run the dcdiag command prompt tool with the command RegisterInDNS on the domain controller that did not perform the registration. [FATAL] Cannot find DC in domain 'domain1.local'. [ERROR_NO_SUCH_DOMAIN] DC list test . . . . . . . . . . . : Failed 'domain1.local': Cannot find DC to get DC list from [test skipped]. Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Skipped LDAP test. . . . . . . . . . . . . : Failed Cannot find DC to run LDAP tests on. The error occurred was: The specified domain either does not exist or could not be contacted. This computer cannot be joined to the [domain1.local] domain because of one of the following reasons. 1. The DNS SRV record for [domain1.local] is not registered in DNS; or 2. A zone from the following list of DNS zones does not include delegation to its child zone. Such zones can include [_ldap._tcp.dc._msdcs.domain1.local], and root zone. Ask your network/DNS administrator to perform the following actions: To find out why the SRV record for [domain1.local, local] is not registered in the DNS, run the dcdiag command prompt tool with the command RegisterInDNS on the domain controller that did not perform the registration. [WARNING] Cannot find DC in domain 'domain1.local'. [ERROR_NO_SUCH_DOMAIN] Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed Netware configuration You are not logged in to your preferred server . Netware User Name. . . . . . . : Netware Server Name. . . . . . : Netware Tree Name. . . . . . . : Netware Workstation Context. . : IP Security test . . . . . . . . . : Passed Service status is: Started Service startup is: Automatic IPSec service is available, but no policy is assigned or active Note: run "ipseccmd /?" for more detailed information The command completed successfully

在服务器SRV上 

 C:\Documents and Settings\Administrator>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.1.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 C:\Documents and Settings\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : srv Primary Dns Suffix . . . . . . . : domain1.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain1.local Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-21-70-16-F5-6E DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.21 C:\Documents and Settings\Administrator>nslookup domain1.local Server: srv.domain1.local Address: 192.168.1.21 Name: domain1.local Address: 192.168.1.21 C:\Documents and Settings\Administrator>nslookup Default Server: srv.domain1.local Address: 192.168.1.21 > server 192.168.1.21 Default Server: srv.domain1.local Address: 192.168.1.21 > ls domain1.local [srv.domain1.local] *** Can't list domain domain1.local: Query refused The DNS server refused to transfer the zone domain1.local to your computer. If this is incorrect, check the zone transfer security settings for domain1.local on th e DNS server at IP address 192.168.1.21. > ^C C:\Documents and Settings\Administrator>ping domain1.local Pinging domain1.local [192.168.1.21] with 32 bytes of data: Reply from 192.168.1.21: bytes=32 time<1ms TTL=128 Reply from 192.168.1.21: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.1.21: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Control-C ^C C:\Documents and Settings\Administrator>

然后运行dcdiag.exe:

域控制器诊断

执行初始设置:完成收集初始信息。

做初步的必要的testing

testing服务器:Default-First-Site-Name \ SRV开始testing:连通性……………………. SRV通过testing连通性

做初步testing 

  Testing server: Default-First-Site-Name\SRV Starting test: Replications ......................... SRV passed test Replications Starting test: NCSecDesc ......................... SRV passed test NCSecDesc Starting test: NetLogons ......................... SRV passed test NetLogons Starting test: Advertising ......................... SRV passed test Advertising Starting test: KnowsOfRoleHolders ......................... SRV passed test KnowsOfRoleHolders Starting test: RidManager ......................... SRV passed test RidManager Starting test: MachineAccount ......................... SRV passed test MachineAccount Starting test: Services ......................... SRV passed test Services Starting test: ObjectsReplicated ......................... SRV passed test ObjectsReplicated Starting test: frssysvol ......................... SRV passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... SRV failed test frsevent Starting test: kccevent ......................... SRV passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0xC0002715 Time Generated: 04/12/2010 13:35:18 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0001B7A Time Generated: 04/12/2010 13:45:27 (Event String could not be retrieved) ......................... SRV failed test systemlog Starting test: VerifyReferences ......................... SRV passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : stmartin Starting test: CrossRefValidation ......................... stmartin passed test CrossRefValidation Starting test: CheckSDRefDom ......................... stmartin passed test CheckSDRefDom Running enterprise tests on : domain1.local Starting test: Intersite ......................... domain1.local passed test Intersite Starting test: FsmoCheck ......................... domain1.local passed test FsmoCheck

然后netdiag /d:domain1.local: 

 .................................... Computer Name: SRV DNS Host Name: SRV.domain1.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 127 Stepping 2, AuthenticAMD List of installed hotfixes : KB923561 KB924667-v2 KB925398_WMP64 KB925902-v2 KB927891 KB929123 KB930178 KB932168 KB933854 KB938127 KB941569 KB943055 KB943460 KB944338-v2 KB944653 KB945553 KB946026 KB948496 KB950762 KB950974 KB951066 KB951748 KB952004 KB952069 KB952954 KB953298 KB954155 KB954550-v5 KB955069 KB955759 KB956572 KB956802 KB956803 KB956844 KB957097 KB958469 KB958644 KB958687 KB958869 KB959426 KB960225 KB960803 KB960859 KB961063 KB961118 KB961501 KB967715 KB967723 KB968389 KB968816 KB969059 KB969947 KB970238 KB970430 KB971032 KB971486 KB971557 KB971633 KB971657 KB971737 KB971961 KB972270 KB973037 KB973354 KB973507 KB973525 KB973540 KB973687 KB973815 KB973869 KB973904 KB974112 KB974318 KB974392 KB974571 KB975025 KB975467 KB976098-v2 KB976325 KB978207 Q147222 Netcard queries test . . . . . . . : Passed [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets. Per interface results: Adapter : Local Area Connection 2 Netcard queries test . . . : Passed Host Name. . . . . . . . . : SRV IP Address . . . . . . . . : 192.168.1.21 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.1.1 Dns Servers. . . . . . . . : 192.168.1.21 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '192.168.1.21' and other DCs also have some of the names registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully

我想你会发现钥匙可能在这里:

[WARNING] The DNS entries for this DC are not registered correctly on DNS server '68.94.156.1'. Please wait for 30 minutes for DNS server replication.

这是你的公共ISP DNS服务器? 如果是这样,那么这是使用错误的DNS服务器。

  1. 你的AD应该有一个DNS服务器(如果你只有一个,通常在你的域控制器上)
  2. 域控制器应该有自己的DNS指向自己
  3. 客户端机器的DNS应该指向内部DNS服务器的IP地址(例如您的域控制器)

您的ISP的DNS服务器将不会在正常的ADnetworking中使用。

编辑:我刚看到你的更新。 在写我的答案的时候,你一定已经发布了它。 确保步骤3也已经实施。

你说'重新join'机器。 系统的旧DNSlogging是否仍在该区域中? 目前的域控制器是否只有自己的IP列在其DNS服务器上? 在尝试重新join之前,您是否删除了旧的计算机帐户? 服务器的名称是否与您未join之前的名称相同? 如果是的话,你可能会有一些陈旧的信息。 检查DNS中的所有SRVlogging,确保它们解决了他们应该解决的问题。 如果您在任何这些logging的ACL上看到任何“未知帐户”,请删除它们并从应该保存它们的机器运行“ipconfig / registerdns”。

弄清楚了。 由于某种原因,网卡上的防火墙已经打开。 一旦被禁用,一切正常。 去搞清楚。