Jump to content
Sign in to follow this  
satan

DNS ermittelt kritischen Fehler in AD!

Recommended Posts

System gestern neu aufgesetzt, AD aufgesetzt auf windows 2003 std. server!

 

Symtome:

 

- keiner kann Domäne in Netzwerkumgebung auflisten!

- keiner kann sein Paswort ändern, Fehlermeldung: Kann keine Verbindung mit Domäne herstellen!

- Fehlermeldung in DNS log: Kritischer Fehler in AD gefunden.....

 

DNS abfragen nach NS und verschiedenen Clients funktionieren einwandfrei über nslookup!

 

 

Jemand einen Rat?

Share this post


Link to post
Share on other sites

Moin,

 

im DNS ist die Forward Lookup Zone AD-integriert gespeichert und lässt "Nur sichere" Updates zu?

 

- keiner kann Domäne in Netzwerkumgebung auflisten!

 

Die Netzwerkumgebung basiert auf NetBIOS - Namensauflösungen und fällt unter den Begriff des "Browsing". Diese baut sich über den Computersuchdienst sowie NetBIOS-Broadcasts auf. Das DNS spielt dabei keine Rolle.

 

Es wäre empfehlenswert auch heute noch, einen WINS in der Domäne zu haben.

 

- keiner kann sein Paswort ändern, Fehlermeldung: Kann keine Verbindung mit Domäne herstellen!

 

Das deutet auf ein klares DNS Problem.

Denn der Client ist auf folgende vier Einträge, die er beim anmelden erhält, angewiesen:

 

- _gc

- _kerberos

-_kpasswd

-_ldap

 

Installiere dir die Windows Support Tools und führe auf dem DC ein DCDIAG /v aus.

 

- Fehlermeldung in DNS log: Kritischer Fehler in AD gefunden.....

 

Yepp, im DNS liegt hier der Hase im Pfeffer begraben.

Share this post


Link to post
Share on other sites

Installiere dir die Windows Support Tools und führe auf dem DC ein DCDIAG /v aus.

 

C:\Programme\Support Tools>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
  * Verifying that the local machine server-psgz, is a DC.
  * Connecting to directory service on server server-psgz.
  * Collecting site info.
  * Identifying all servers.
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.

Doing initial required tests

  Testing server: Standardname-des-ersten-Standorts\SERVER-PSGZ
     Starting test: Connectivity
        * Active Directory LDAP Services Check
        * Active Directory RPC Services Check
        ......................... SERVER-PSGZ passed test Connectivity

Doing primary tests

  Testing server: Standardname-des-ersten-Standorts\SERVER-PSGZ
     Starting test: Replications
        * Replications Check
        * Replication Latency Check
        * Replication Site Latency Check
        ......................... SERVER-PSGZ passed test Replications
     Test omitted by user request: Topology
     Test omitted by user request: CutoffServers
     Starting test: NCSecDesc
        * Security Permissions Check for
          DC=ForestDnsZones,DC=psgz,DC=local
           (NDNC,Version 2)
        * Security Permissions Check for
          DC=DomainDnsZones,DC=psgz,DC=local
           (NDNC,Version 2)
        * Security Permissions Check for
          CN=Schema,CN=Configuration,DC=psgz,DC=local
           (Schema,Version 2)
        * Security Permissions Check for
          CN=Configuration,DC=psgz,DC=local
           (Configuration,Version 2)
        * Security Permissions Check for
          DC=psgz,DC=local
           (Domain,Version 2)
        ......................... SERVER-PSGZ passed test NCSecDesc
     Starting test: NetLogons
        * Network Logons Privileges Check
        ......................... SERVER-PSGZ passed test NetLogons
     Starting test: Advertising
        The DC SERVER-PSGZ is advertising itself as a DC and having a DS.
        The DC SERVER-PSGZ is advertising as an LDAP server
        The DC SERVER-PSGZ is advertising as having a writeable directory
        The DC SERVER-PSGZ is advertising as a Key Distribution Center
        The DC SERVER-PSGZ is advertising as a time server
        The DS SERVER-PSGZ is advertising as a GC.
        ......................... SERVER-PSGZ passed test Advertising
     Starting test: KnowsOfRoleHolders
        Role Schema Owner = CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=ps
gz,DC=local
        Role Domain Owner = CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=ps
gz,DC=local
        Role PDC Owner = CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=psgz,
DC=local
        Role Rid Owner = CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=psgz,
DC=local
        Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Conf
iguration,DC=psgz,DC=local

Share this post


Link to post
Share on other sites
......................... SERVER-PSGZ passed test KnowsOfRoleHolders
     Starting test: RidManager
        * Available RID Pool for the Domain is 1603 to 1073741823
        * server-psgz.psgz.local is the RID Master
        * DsBind with RID Master was successful
        * rIDAllocationPool is 1103 to 1602
        * rIDPreviousAllocationPool is 1103 to 1602
        * rIDNextRID: 1151
        ......................... SERVER-PSGZ passed test RidManager
     Starting test: MachineAccount
        * SPN found :LDAP/server-psgz.psgz.local/psgz.local
        * SPN found :LDAP/server-psgz.psgz.local
        * SPN found :LDAP/SERVER-PSGZ
        * SPN found :LDAP/server-psgz.psgz.local/PSGZ
        * SPN found :LDAP/4885e560-da86-4007-a646-18914032b458._msdcs.psgz.local
        * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/4885e560-da86-4007-a646-18914032b458/psgz.local
        * SPN found :HOST/server-psgz.psgz.local/psgz.local
        * SPN found :HOST/server-psgz.psgz.local
        * SPN found :HOST/SERVER-PSGZ
        * SPN found :HOST/server-psgz.psgz.local/PSGZ
        * SPN found :GC/server-psgz.psgz.local/psgz.local
        ......................... SERVER-PSGZ passed test MachineAccount
     Starting test: Services
        * Checking Service: Dnscache
        * Checking Service: NtFrs
        * Checking Service: IsmServ
        * Checking Service: kdc
        * Checking Service: SamSs
        * Checking Service: LanmanServer
        * Checking Service: LanmanWorkstation
        * Checking Service: RpcSs
        * Checking Service: w32time
        * Checking Service: NETLOGON
        ......................... SERVER-PSGZ passed test Services
     Test omitted by user request: OutboundSecureChannels
     Starting test: ObjectsReplicated
        SERVER-PSGZ is in domain DC=psgz,DC=local
        Checking for CN=SERVER-PSGZ,OU=Domain Controllers,DC=psgz,DC=local in domain DC=psgz,DC=local on 1 servers
           Object is up-to-date on all servers.
        Checking for CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=psgz,DC=l
ocal in domain CN=Configuration,DC=psgz,DC=local on 1 servers
           Object is up-to-date on all servers.
        ......................... SERVER-PSGZ passed test ObjectsReplicated
     Starting test: frssysvol
        * The File Replication Service SYSVOL ready test
        File Replication Service's SYSVOL is ready
        ......................... SERVER-PSGZ passed test frssysvol
     Starting test: frsevent
        * The File Replication Service Event log test
        ......................... SERVER-PSGZ passed test frsevent
     Starting test: kccevent
        * The KCC Event log test
        Found no KCC errors in Directory Service Event log in the last 15 minutes.
        ......................... SERVER-PSGZ passed test kccevent
     Starting test: systemlog
        * The System Event log test
        Found no errors in System Event log in the last 60 minutes.
        ......................... SERVER-PSGZ passed test systemlog
     Test omitted by user request: VerifyReplicas
     Starting test: VerifyReferences
        The system object reference (serverReference) CN=SERVER-PSGZ,OU=Domain

Share this post


Link to post
Share on other sites
Controllers,DC=psgz,DC=local and backlink on
        CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=psgz,DC=local are correct.
        The system object reference (frsComputerReferenceBL)
        CN=SERVER-PSGZ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=psgz,DC=local and backlink on
        CN=SERVER-PSGZ,OU=Domain Controllers,DC=psgz,DC=local are correct.
        The system object reference (serverReferenceBL)
        CN=SERVER-PSGZ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=psgz,DC=local and backlink on
        CN=NTDS Settings,CN=SERVER-PSGZ,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=psgz,DC=local are
        correct.
        ......................... SERVER-PSGZ passed test VerifyReferences
     Test omitted by user request: VerifyEnterpriseReferences

  Running partition tests on : ForestDnsZones
     Starting test: CrossRefValidation
        ......................... ForestDnsZones passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... ForestDnsZones passed test CheckSDRefDom

  Running partition tests on : DomainDnsZones
     Starting test: CrossRefValidation
        ......................... DomainDnsZones passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... DomainDnsZones passed test CheckSDRefDom

  Running partition tests on : Schema
     Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom

  Running partition tests on : Configuration
     Starting test: CrossRefValidation
        ......................... Configuration passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... Configuration passed test CheckSDRefDom

  Running partition tests on : psgz
     Starting test: CrossRefValidation
        ......................... psgz passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... psgz passed test CheckSDRefDom

  Running enterprise tests on : psgz.local
     Starting test: Intersite
        Skipping site Standardname-des-ersten-Standorts, this site is outside the scope provided by the command line arguments provided.
        ......................... psgz.local passed test Intersite
     Starting test: FsmoCheck
        GC Name: \\server-psgz.psgz.local
        Locator Flags: 0xe00003fd
        PDC Name: \\server-psgz.psgz.local
        Locator Flags: 0xe00003fd
        Time Server Name: \\server-psgz.psgz.local
        Locator Flags: 0xe00003fd
        Preferred Time Server Name: \\server-psgz.psgz.local
        Locator Flags: 0xe00003fd
        KDC Name: \\server-psgz.psgz.local
        Locator Flags: 0xe00003fd
        ......................... psgz.local passed test FsmoCheck

Share this post


Link to post
Share on other sites

Sauberer kann die Ausgabe von DCDIAG garnicht sein. DCDIAG meldet keinen Fehler.

Dann erkläre bitte doch mal, wie deine Umgebung aus sieht (wieviele DCs?).

Wurde dieser Server gerade erst zum DC gestuft?

 

Schau mal im DNS, in deiner Forward Lookup Zone, ob die SRV-Records existieren.

Share this post


Link to post
Share on other sites
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte überlege Dir, ob es nicht sinnvoller ist ein neues Thema zu erstellen.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

Werbepartner:



×
×
  • Create New...