我有一个每天都“冻结”的Windows DC,必须重新启动(VM)才能login。 通过系统日志,我看到以下几个错误;
The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.usd385.org. 600 IN SRV 0 100 389 AD1.usd385.org.' failed on the following DNS server: DNS server IP address: 199.191.128.106 Returned Response Code (RCODE): 5 Returned Status Code: 9017 For computers and users to locate this domain controller, this record must be registered in DNS. USER ACTION Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Or, you can manually add this record to DNS, but it is not recommended. ADDITIONAL DATA Error Value: DNS bad key. IP地址199.191.128.106parsing为dbru.br.ns.els-gms.att.net,这明显在我们的本地networking之外,属于我们的ISP。 任何人都可以提供一些关于如何排除这个IP地址被DNS注册的提示吗? 我不确定这是否导致“冻结”问题,但似乎是一个好起点。
先谢谢您的帮助。
您的DC的DNS如何configuration?
它试图对服务器进行dynamic更新,认为这是对域的权威性。
如果它指向一个互联网DNSparsing器,这是对的; 该服务器确实在您的域的SOAlogging中被标记为权威:
usd385.org. 7200 IN SOA dbru.br.ns.els-gms.att.net. rm-hostmaster.ems.att.com. 2005110926 83000 10000 604800 86400
现在,虽然这对于面向互联网的版本是正确的,但您可以打赌,您的域控制器认为他们应该是权威性的,而不是您的区域的内部版本。
您的域控制器应该在DNS服务的设置中将外部DNS服务器configuration为转发器,但是在NIC的DNS设置中,它应该只指向自己( 127.0.0.1 )和其他域控制器; 这可能是问题所在。