hello,
I have one Domain Controller on windows server 2012
and many problems with them.
the main problem: that I can open ADSI Edit console only, all others AD consoles don’t work
DCDIAG/FIX
| Directory Server Diagnosis |
| Performing initial setup: |
| Trying to find home server… |
| Home Server = dc01 |
| * Identified AD Forest. |
| Done gathering initial info. |
| Doing initial required tests |
| Testing server: Default-First-Site-NameDC01 |
| Starting test: Connectivity |
| ……………………. DC01 passed test Connectivity |
| Doing primary tests |
| Testing server: Default-First-Site-NameDC01 |
| Starting test: Advertising |
| Fatal Error:DsGetDcName (DC01) call failed, error 1355 |
| The Locator could not find the server. |
| ……………………. DC01 failed test Advertising |
| Starting test: FrsEvent |
| ……………………. DC01 passed test FrsEvent |
| Starting test: DFSREvent |
| ……………………. DC01 passed test DFSREvent |
| Starting test: SysVolCheck |
| ……………………. DC01 passed test SysVolCheck |
| Starting test: KccEvent |
| An error event occurred. EventID: 0xC0000466 |
| Time Generated: 06/11/2013 15:41:08 |
| Event String: |
| Active Directory Domain Services was unable to establish a connectio |
| n with the global catalog. |
| ……………………. DC01 failed test KccEvent |
| Starting test: KnowsOfRoleHolders |
| ……………………. DC01 passed test KnowsOfRoleHolders |
| Starting test: MachineAccount |
| ……………………. DC01 passed test MachineAccount |
| Starting test: NCSecDesc |
| ……………………. DC01 passed test NCSecDesc |
| Starting test: NetLogons |
| Unable to connect to the NETLOGON share! (\DC01netlogon) |
| [DC01] An net use or LsaPolicy operation failed with error 67, |
| The network name cannot be found.. |
| ……………………. DC01 failed test NetLogons |
| Starting test: ObjectsReplicated |
| ……………………. DC01 passed test ObjectsReplicated |
| Starting test: Replications |
| ……………………. DC01 passed test Replications |
| Starting test: RidManager |
| ……………………. DC01 passed test RidManager |
| Starting test: Services |
| ……………………. DC01 passed test Services |
| Starting test: SystemLog |
| An error event occurred. EventID: 0x0000271A |
| Time Generated: 06/11/2013 15:24:45 |
| Event String: |
| The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register w |
| ith DCOM within the required timeout. |
| A warning event occurred. EventID: 0x000727A5 |
| Time Generated: 06/11/2013 15:24:46 |
| Event String: |
| The WinRM service is not listening for WS-Management requests. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x000003F6 |
| Time Generated: 06/11/2013 15:26:05 |
| Event String: |
| Name resolution for the name _ldap._tcp.dc._msdcs.domain.local. t |
| imed out after none of the configured DNS servers responded. |
| A warning event occurred. EventID: 0x800009CF |
| Time Generated: 06/11/2013 15:26:08 |
| Event String: |
| The server service was unable to recreate the share backup because t |
| he directory C:backup no longer exists. Please run «net share backup /delete» |
| to delete the share, or recreate the directory C:backup. |
| A warning event occurred. EventID: 0x00000081 |
| Time Generated: 06/11/2013 15:27:15 |
| Event String: |
| NtpClient was unable to set a domain peer to use as a time source be |
| cause of discovery error. NtpClient will try again in 15 minutes and double the |
| reattempt interval thereafter. The error was: An existing connection was forcibl |
| y closed by the remote host. (0x80072746) |
| A warning event occurred. EventID: 0x000727AA |
| Time Generated: 06/11/2013 15:27:21 |
| Event String: |
| The WinRM service failed to create the following SPNs: WSMAN/dc01.ex |
| pertpro.local; WSMAN/dc01. |
| A warning event occurred. EventID: 0x0000000C |
| Time Generated: 06/11/2013 15:27:21 |
| Event String: |
| Time Provider NtpClient: This machine is configured to use the domai |
| n hierarchy to determine its time source, but it is the AD PDC emulator for the |
| domain at the root of the forest, so there is no machine above it in the domain |
| hierarchy to use as a time source. It is recommended that you either configure a |
| reliable time service in the root domain, or manually configure the AD PDC to s |
| ynchronize with an external time source. Otherwise, this machine will function a |
| s the authoritative time source in the domain hierarchy. If an external time sou |
| rce is not configured or used for this computer, you may choose to disable the N |
| tpClient. |
| A warning event occurred. EventID: 0x00000090 |
| Time Generated: 06/11/2013 15:27:37 |
| Event String: |
| The time service has stopped advertising as a good time source. |
| A warning event occurred. EventID: 0xC000042B |
| Time Generated: 06/11/2013 15:29:36 |
| Event String: |
| The RD Session Host server cannot register ‘TERMSRV’ Service Princip |
| al Name to be used for server authentication. The following error occured: The s |
| pecified domain either does not exist or could not be contacted. |
| An error event occurred. EventID: 0x00000469 |
| Time Generated: 06/11/2013 15:31:09 |
| Event String: |
| The processing of Group Policy failed because of lack of network con |
| nectivity to a domain controller. This may be a transient condition. A success m |
| essage would be generated once the machine gets connected to the domain controll |
| er and Group Policy has successfully processed. If you do not see a success mess |
| age for several hours, then contact your administrator. |
| An error event occurred. EventID: 0x00000469 |
| Time Generated: 06/11/2013 15:31:46 |
| Event String: |
| The processing of Group Policy failed because of lack of network con |
| nectivity to a domain controller. This may be a transient condition. A success m |
| essage would be generated once the machine gets connected to the domain controll |
| er and Group Policy has successfully processed. If you do not see a success mess |
| age for several hours, then contact your administrator. |
| ……………………. DC01 failed test SystemLog |
| Starting test: VerifyReferences |
| ……………………. DC01 passed test VerifyReferences |
| Running partition tests on : ForestDnsZones |
| Starting test: CheckSDRefDom |
| ……………………. ForestDnsZones passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| ……………………. ForestDnsZones passed test |
| CrossRefValidation |
| Running partition tests on : DomainDnsZones |
| Starting test: CheckSDRefDom |
| ……………………. DomainDnsZones passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| ……………………. DomainDnsZones passed test |
| CrossRefValidation |
| Running partition tests on : Schema |
| Starting test: CheckSDRefDom |
| ……………………. Schema passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| ……………………. Schema passed test CrossRefValidation |
| Running partition tests on : Configuration |
| Starting test: CheckSDRefDom |
| ……………………. Configuration passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| ……………………. Configuration passed test CrossRefValidation |
| Running partition tests on : domain |
| Starting test: CheckSDRefDom |
| ……………………. domain passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| ……………………. domain passed test CrossRefValidation |
| Running enterprise tests on : domain.local |
| Starting test: LocatorCheck |
| Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 |
| A Global Catalog Server could not be located — All GC’s are down. |
| Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 |
| A Time Server could not be located. |
| The server holding the PDC role is down. |
| Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error |
| 1355 |
| A Good Time Server could not be located. |
| Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 |
| A KDC could not be located — All the KDCs are down. |
| ……………………. domain.local failed test LocatorCheck |
| Starting test: Intersite |
| ……………………. domain.local passed test Intersite |
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc01
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-BF-45-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5507:3ae8:676e:4ab9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.191.215(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 251663709
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-27-DB-13-00-15-5D-BF-45-05
DNS Servers . . . . . . . . . . . : 172.16.191.215
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{1581C831-AF29-44A7-B2A4-C6B94AF3C967}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Directory Service Event ID 1126
Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200e24
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-ActiveDirectory_DomainService» Guid=»{0e8478c5-3605-4e8c-8497-1e730c959516}» EventSourceName=»NTDS General» />
<EventID Qualifiers=»49152″>1126</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=»2013-06-11T10:41:08.072581900Z» />
<EventRecordID>313</EventRecordID>
<Correlation />
<Execution ProcessID=»548″ ThreadID=»680″ />
<Channel>Directory Service</Channel>
<Computer>dc01.domain.local</Computer>
<Security UserID=»S-1-5-7″ />
</System>
<EventData>
<Data>3200e24</Data>
<Data>1355</Data>
<Data>The specified domain either does not exist or could not be contacted.</Data>
</EventData>
</Event>
SYSTEM Event ID 1129
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully
processed. If you do not see a success message for several hours, then contact your administrator.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-GroupPolicy» Guid=»{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}» />
<EventID>1129</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=»2013-06-11T10:31:09.972110300Z» />
<EventRecordID>5093</EventRecordID>
<Correlation ActivityID=»{785FA1A7-8FE6-4FCF-8180-4BBB9CA729FB}» />
<Execution ProcessID=»916″ ThreadID=»1192″ />
<Channel>System</Channel>
<Computer>dc01.domain.local</Computer>
<Security UserID=»S-1-5-18″ />
</System>
<EventData>
<Data Name=»SupportInfo1″>1</Data>
<Data Name=»SupportInfo2″>1532</Data>
<Data Name=»ProcessingMode»>1</Data>
<Data Name=»ProcessingTimeInMilliseconds»>16</Data>
<Data Name=»ErrorCode»>1222</Data>
<Data Name=»ErrorDescription»>The network is not present or not started. </Data>
</EventData>
</Event>
SYSTEM Event ID 10010
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-DistributedCOM» Guid=»{1B562E86-B7AA-4131-BADC-B6F3A001407E}» EventSourceName=»DCOM» />
<EventID Qualifiers=»0″>10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=»2013-06-11T10:24:45.658290000Z» />
<EventRecordID>4944</EventRecordID>
<Correlation />
<Execution ProcessID=»772″ ThreadID=»1956″ />
<Channel>System</Channel>
<Computer>dc01.domain.local</Computer>
<Security UserID=»S-1-5-21-74712226-1288518128-2718553363-500″ />
</System>
<EventData>
<Data Name=»param1″>{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
</EventData>
</Event>
Port Query :
Port Local IP State Remote IP:Port
TCP 53 127.0.0.1 LISTENING 0.0.0.0:0
TCP 53 172.16.191.215 LISTENING 0.0.0.0:0
UDP 53 127.0.0.1 *:*
UDP 53 172.16.191.215 *:*
TCP 88 0.0.0.0 LISTENING 0.0.0.0:0
UDP 88 172.16.191.215 *:*
UDP 123 0.0.0.0 *:*
TCP 135 0.0.0.0 LISTENING 0.0.0.0:0
TCP 135 127.0.0.1 ESTABLISHED 127.0.0.1:58949
TCP 135 172.16.191.215 ESTABLISHED 172.16.191.215:58952
UDP 137 172.16.191.215 *:*
UDP 138 172.16.191.215 *:*
TCP 139 172.16.191.215 LISTENING 0.0.0.0:0
TCP 389 0.0.0.0 LISTENING 0.0.0.0:0
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49159
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49160
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49161
TCP 389 172.16.191.215 ESTABLISHED 172.16.191.215:49175
TCP 389 172.16.191.215 ESTABLISHED 172.16.191.215:49180
UDP 389 0.0.0.0 *:*
TCP 445 0.0.0.0 LISTENING 0.0.0.0:0
TCP 464 0.0.0.0 LISTENING 0.0.0.0:0
UDP 464 172.16.191.215 *:*
TCP 593 0.0.0.0 LISTENING 0.0.0.0:0
TCP 636 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3268 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3269 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3389 0.0.0.0 LISTENING 0.0.0.0:0
UDP 3389 0.0.0.0 *:*
UDP 5355 0.0.0.0 *:*
TCP 5985 0.0.0.0 LISTENING 0.0.0.0:0
TCP 9389 0.0.0.0 LISTENING 0.0.0.0:0
TCP 47001 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49152 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49153 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49154 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49155 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49156 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49156 127.0.0.1 ESTABLISHED 127.0.0.1:58950
TCP 49156 172.16.191.215 ESTABLISHED 172.16.191.215:49177
TCP 49158 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49159 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49160 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49161 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49170 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49171 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49175 172.16.191.215 ESTABLISHED 172.16.191.215:389
TCP 49177 172.16.191.215 ESTABLISHED 172.16.191.215:49156
TCP 49180 172.16.191.215 ESTABLISHED 172.16.191.215:389
TCP 49182 0.0.0.0 LISTENING 0.0.0.0:0
UDP 49783 127.0.0.1 *:*
TCP 49804 172.16.191.215 ESTABLISHED 172.16.191.69:445
UDP 57560 127.0.0.1 *:*
TCP 58949 127.0.0.1 ESTABLISHED 127.0.0.1:135
TCP 58950 127.0.0.1 ESTABLISHED 127.0.0.1:49156
TCP 58952 172.16.191.215 ESTABLISHED 172.16.191.215:135
also :
NETLOGON share is missing
that’s all.
Help please
Dsgetdcname failed with error 1355
Вопрос
I have one Domain Controller on windows server 2012
and many problems with them.
the main problem: that I can open ADSI Edit console only, all others AD consoles don’t work
DCDIAG/FIX
| Directory Server Diagnosis |
| Performing initial setup: |
| Trying to find home server. |
| Home Server = dc01 |
| * Identified AD Forest. |
| Done gathering initial info. |
| Doing initial required tests |
| Testing server: Default-First-Site-NameDC01 |
| Starting test: Connectivity |
| . DC01 passed test Connectivity |
| Doing primary tests |
| Testing server: Default-First-Site-NameDC01 |
| Starting test: Advertising |
| Fatal Error:DsGetDcName (DC01) call failed, error 1355 |
| The Locator could not find the server. |
| . DC01 failed test Advertising |
| Starting test: FrsEvent |
| . DC01 passed test FrsEvent |
| Starting test: DFSREvent |
| . DC01 passed test DFSREvent |
| Starting test: SysVolCheck |
| . DC01 passed test SysVolCheck |
| Starting test: KccEvent |
| An error event occurred. EventID: 0xC0000466 |
| Time Generated: 06/11/2013 15:41:08 |
| Event String: |
| Active Directory Domain Services was unable to establish a connectio |
| n with the global catalog. |
| . DC01 failed test KccEvent |
| Starting test: KnowsOfRoleHolders |
| . DC01 passed test KnowsOfRoleHolders |
| Starting test: MachineAccount |
| . DC01 passed test MachineAccount |
| Starting test: NCSecDesc |
| . DC01 passed test NCSecDesc |
| Starting test: NetLogons |
| Unable to connect to the NETLOGON share! (\DC01netlogon) |
| [DC01] An net use or LsaPolicy operation failed with error 67, |
| The network name cannot be found.. |
| . DC01 failed test NetLogons |
| Starting test: ObjectsReplicated |
| . DC01 passed test ObjectsReplicated |
| Starting test: Replications |
| . DC01 passed test Replications |
| Starting test: RidManager |
| . DC01 passed test RidManager |
| Starting test: Services |
| . DC01 passed test Services |
| Starting test: SystemLog |
| An error event occurred. EventID: 0x0000271A |
| Time Generated: 06/11/2013 15:24:45 |
| Event String: |
| The server <9BA05972-F6A8-11CF-A442-00A0C90A8F39>did not register w |
| ith DCOM within the required timeout. |
| A warning event occurred. EventID: 0x000727A5 |
| Time Generated: 06/11/2013 15:24:46 |
| Event String: |
| The WinRM service is not listening for WS-Management requests. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x80040022 |
| Time Generated: 06/11/2013 15:25:39 |
| Event String: |
| The driver disabled the write cache on device DeviceHarddisk0DR0. |
| A warning event occurred. EventID: 0x000003F6 |
| Time Generated: 06/11/2013 15:26:05 |
| Event String: |
| Name resolution for the name _ldap._tcp.dc._msdcs.domain.local. t |
| imed out after none of the configured DNS servers responded. |
| A warning event occurred. EventID: 0x800009CF |
| Time Generated: 06/11/2013 15:26:08 |
| Event String: |
| The server service was unable to recreate the share backup because t |
| he directory C:backup no longer exists. Please run «net share backup /delete» |
| to delete the share, or recreate the directory C:backup. |
| A warning event occurred. EventID: 0x00000081 |
| Time Generated: 06/11/2013 15:27:15 |
| Event String: |
| NtpClient was unable to set a domain peer to use as a time source be |
| cause of discovery error. NtpClient will try again in 15 minutes and double the |
| reattempt interval thereafter. The error was: An existing connection was forcibl |
| y closed by the remote host. (0x80072746) |
| A warning event occurred. EventID: 0x000727AA |
| Time Generated: 06/11/2013 15:27:21 |
| Event String: |
| The WinRM service failed to create the following SPNs: WSMAN/dc01.ex |
| pertpro.local; WSMAN/dc01. |
| A warning event occurred. EventID: 0x0000000C |
| Time Generated: 06/11/2013 15:27:21 |
| Event String: |
| Time Provider NtpClient: This machine is configured to use the domai |
| n hierarchy to determine its time source, but it is the AD PDC emulator for the |
| domain at the root of the forest, so there is no machine above it in the domain |
| hierarchy to use as a time source. It is recommended that you either configure a |
| reliable time service in the root domain, or manually configure the AD PDC to s |
| ynchronize with an external time source. Otherwise, this machine will function a |
| s the authoritative time source in the domain hierarchy. If an external time sou |
| rce is not configured or used for this computer, you may choose to disable the N |
| tpClient. |
| A warning event occurred. EventID: 0x00000090 |
| Time Generated: 06/11/2013 15:27:37 |
| Event String: |
| The time service has stopped advertising as a good time source. |
| A warning event occurred. EventID: 0xC000042B |
| Time Generated: 06/11/2013 15:29:36 |
| Event String: |
| The RD Session Host server cannot register ‘TERMSRV’ Service Princip |
| al Name to be used for server authentication. The following error occured: The s |
| pecified domain either does not exist or could not be contacted. |
| An error event occurred. EventID: 0x00000469 |
| Time Generated: 06/11/2013 15:31:09 |
| Event String: |
| The processing of Group Policy failed because of lack of network con |
| nectivity to a domain controller. This may be a transient condition. A success m |
| essage would be generated once the machine gets connected to the domain controll |
| er and Group Policy has successfully processed. If you do not see a success mess |
| age for several hours, then contact your administrator. |
| An error event occurred. EventID: 0x00000469 |
| Time Generated: 06/11/2013 15:31:46 |
| Event String: |
| The processing of Group Policy failed because of lack of network con |
| nectivity to a domain controller. This may be a transient condition. A success m |
| essage would be generated once the machine gets connected to the domain controll |
| er and Group Policy has successfully processed. If you do not see a success mess |
| age for several hours, then contact your administrator. |
| . DC01 failed test SystemLog |
| Starting test: VerifyReferences |
| . DC01 passed test VerifyReferences |
| Running partition tests on : ForestDnsZones |
| Starting test: CheckSDRefDom |
| . ForestDnsZones passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| . ForestDnsZones passed test |
| CrossRefValidation |
| Running partition tests on : DomainDnsZones |
| Starting test: CheckSDRefDom |
| . DomainDnsZones passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| . DomainDnsZones passed test |
| CrossRefValidation |
| Running partition tests on : Schema |
| Starting test: CheckSDRefDom |
| . Schema passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| . Schema passed test CrossRefValidation |
| Running partition tests on : Configuration |
| Starting test: CheckSDRefDom |
| . Configuration passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| . Configuration passed test CrossRefValidation |
| Running partition tests on : domain |
| Starting test: CheckSDRefDom |
| . domain passed test CheckSDRefDom |
| Starting test: CrossRefValidation |
| . domain passed test CrossRefValidation |
| Running enterprise tests on : domain.local |
| Starting test: LocatorCheck |
| Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 |
| A Global Catalog Server could not be located — All GC’s are down. |
| Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 |
| A Time Server could not be located. |
| The server holding the PDC role is down. |
| Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error |
| 1355 |
| A Good Time Server could not be located. |
| Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 |
| A KDC could not be located — All the KDCs are down. |
| . domain.local failed test LocatorCheck |
| Starting test: Intersite |
| . domain.local passed test Intersite |
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc01
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-BF-45-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5507:3ae8:676e:4ab9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.191.215(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 251663709
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-27-DB-13-00-15-5D-BF-45-05
DNS Servers . . . . . . . . . . . : 172.16.191.215
NetBIOS over Tcpip. . . . . . . . : Enabled
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Directory Service Event ID 1126
Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200e24
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Event Xml:
1126
0
2
18
0
0x8080000000000000
313
Directory Service
dc01.domain.local
3200e24
1355
The specified domain either does not exist or could not be contacted.
SYSTEM Event ID 1129
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Event Xml:
1129
0
2
0
0
0x8000000000000000
5093
System
dc01.domain.local
1
1532
1
16
1222
The network is not present or not started.
SYSTEM Event ID 10010
The server <9BA05972-F6A8-11CF-A442-00A0C90A8F39>did not register with DCOM within the required timeout.
Event Xml:
Port Query :
Port Local IP State Remote IP:Port
TCP 53 127.0.0.1 LISTENING 0.0.0.0:0
TCP 53 172.16.191.215 LISTENING 0.0.0.0:0
UDP 53 127.0.0.1 *:*
UDP 53 172.16.191.215 *:*
TCP 88 0.0.0.0 LISTENING 0.0.0.0:0
UDP 88 172.16.191.215 *:*
UDP 123 0.0.0.0 *:*
TCP 135 0.0.0.0 LISTENING 0.0.0.0:0
TCP 135 127.0.0.1 ESTABLISHED 127.0.0.1:58949
TCP 135 172.16.191.215 ESTABLISHED 172.16.191.215:58952
UDP 137 172.16.191.215 *:*
UDP 138 172.16.191.215 *:*
TCP 139 172.16.191.215 LISTENING 0.0.0.0:0
TCP 389 0.0.0.0 LISTENING 0.0.0.0:0
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49159
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49160
TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:49161
TCP 389 172.16.191.215 ESTABLISHED 172.16.191.215:49175
TCP 389 172.16.191.215 ESTABLISHED 172.16.191.215:49180
UDP 389 0.0.0.0 *:*
TCP 445 0.0.0.0 LISTENING 0.0.0.0:0
TCP 464 0.0.0.0 LISTENING 0.0.0.0:0
UDP 464 172.16.191.215 *:*
TCP 593 0.0.0.0 LISTENING 0.0.0.0:0
TCP 636 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3268 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3269 0.0.0.0 LISTENING 0.0.0.0:0
TCP 3389 0.0.0.0 LISTENING 0.0.0.0:0
UDP 3389 0.0.0.0 *:*
UDP 5355 0.0.0.0 *:*
TCP 5985 0.0.0.0 LISTENING 0.0.0.0:0
TCP 9389 0.0.0.0 LISTENING 0.0.0.0:0
TCP 47001 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49152 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49153 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49154 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49155 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49156 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49156 127.0.0.1 ESTABLISHED 127.0.0.1:58950
TCP 49156 172.16.191.215 ESTABLISHED 172.16.191.215:49177
TCP 49158 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49159 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49160 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49161 127.0.0.1 ESTABLISHED 127.0.0.1:389
TCP 49170 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49171 0.0.0.0 LISTENING 0.0.0.0:0
TCP 49175 172.16.191.215 ESTABLISHED 172.16.191.215:389
TCP 49177 172.16.191.215 ESTABLISHED 172.16.191.215:49156
TCP 49180 172.16.191.215 ESTABLISHED 172.16.191.215:389
TCP 49182 0.0.0.0 LISTENING 0.0.0.0:0
UDP 49783 127.0.0.1 *:*
TCP 49804 172.16.191.215 ESTABLISHED 172.16.191.69:445
UDP 57560 127.0.0.1 *:*
TCP 58949 127.0.0.1 ESTABLISHED 127.0.0.1:135
TCP 58950 127.0.0.1 ESTABLISHED 127.0.0.1:49156
TCP 58952 172.16.191.215 ESTABLISHED 172.16.191.215:135
Источник
EDIT: This problem was resolved by following the information found at this link:
https://support.microsoft.com/en-us/help/947022/the-netlogon-share-is-not-present-after-you-install-active-directory-d
Essentially, NETLOGON/SYSVOL were not being shared, by following the directions above the issue was resolved.
Thanks joeqwerty for your replies.
I’m two days into this problem on a 2012 Server install. Previous server had crashed, 2012 software reinstalled, all patches applied. Active Directory is non-functional after promoting to DC (this is the sole DC in a new Forest). DNS seems to be functioning correct.
I believe this entire problem relates to the following error message received while installing AD:
«The DNS Server was unable to create the built-in directory partition
ForestDnsZones.CLINIC.LAN. The error was 9906.»
But it may just be another symptom.
DCDIAG information is below, but the first failure, error 1355, has me stuck.
nltest /DsGetDc:clinic.lan
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
This domain is now named «CLINIC» whereas before it was named «MEDICAL». This was done intentionally to avoid a conflict when workstations were added. Also, the Windows install was done from a Dell «Recover» operation, where it essentially stuck all the old stuff in a directory «Windows.old» and just created a new version of Windows beside it.
I’ve been through this process twice with no difference in the outcome.
Getting pretty desperate as users are down.
I will greatly appreciate any suggestions that might lead me to an approach to solving this problem. Have read just about everything I can find online to no avail.
NSLOOKUP CLINIC.LAN returns:
Server: UnKnown
Address: 10.1.10.200
Name: clinic.lan
Address: 10.1.10.200
This is the correct IP Address but I don’t know what to make of the reply.
Thanks, again for any help anyone can provide. The entire DCDIAG is listed below.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = WINSERV
- Identified AD Forest. Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameWINSERV Starting test: Connectivity ......................... WINSERV passed test ConnectivityDoing primary tests
Testing server: Default-First-Site-NameWINSERV Starting test: Advertising Fatal Error:DsGetDcName (WINSERV) call failed, error 1355 The Locator could not find the server. ......................... WINSERV failed test Advertising Starting test: FrsEvent ......................... WINSERV passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... WINSERV failed test DFSREvent Starting test: SysVolCheck ......................... WINSERV passed test SysVolCheck Starting test: KccEvent ......................... WINSERV passed test KccEvent Starting test: KnowsOfRoleHolders ......................... WINSERV passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... WINSERV passed test MachineAccount Starting test: NCSecDesc ......................... WINSERV passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\WINSERVnetlogon) [WINSERV] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... WINSERV failed test NetLogons Starting test: ObjectsReplicated ......................... WINSERV passed test ObjectsReplicated Starting test: Replications ......................... WINSERV passed test Replications Starting test: RidManager ......................... WINSERV passed test RidManager Starting test: Services ......................... WINSERV passed test Services Starting test: SystemLog A warning event occurred. EventID: 0x00001695 Time Generated: 09/09/2019 10:24:34 Event String: Dynamic registration or deletion of one or more DNS records associated with DNS domain 'MEDICAL.LAN.' failed. Theserecords are used by other computers to locate this server as a domain
controller (if the specified domain is an Active Directory domain) or
as an LDAP server (if the specified domain is an application
partition).An error event occurred. EventID: 0xC00038D6 Time Generated: 09/09/2019 10:49:13 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it willperiodically retry the operation. The return code is in the record
data.......................... WINSERV failed test SystemLog Starting test: VerifyReferences ......................... WINSERV passed test VerifyReferences Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : CLINIC Starting test: CheckSDRefDom ......................... CLINIC passed test CheckSDRefDom Starting test: CrossRefValidation ......................... CLINIC passed test CrossRefValidation Running enterprise tests on : CLINIC.LAN Starting test: LocatorCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... CLINIC.LAN failed test LocatorCheck Starting test: Intersite ......................... CLINIC.LAN passed test Intersite
I am in the process of migrating our ADDS to a test environment.
The steps were as such:
- Install Win2008R2; dcpromo.exe to DC
- Isolate DC (separate network)
- Create DNS server with A records & Update rights for domain + domaincontroller
- Ran ipconfig /flushdns + ipconfig /registerdns
- Confirmed _msdcs entries in DNS server
- Reseize FMSO roles on DC
- Performed metadata cleanup
Environment:
- Windows 2008 R2 with ADDS Roles
- DNS Server (separate machine)
Symptoms:
-
Best Practices Analyzer fails with 23 warnings, all related to:
«This domain controller must register its correct IP addresses with the DNS server» - Event ID: 1126 — Active Directory Domain Services was unable to establish a connection with the global catalog
-
nltest /dsgetdc:domainname
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN -
nltest /server:lefdc /sc_query:domainname
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE - dcdiag /test:dns reports — OK
-
dcdiag /fix — reports:
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located — All GC’s are down.
Full logs provided below:
servername : LEFDC1
Text
PS C:Windowssystem32> nslookup
Default Server: testdns.my.domain.name
Address: 10.140.1.10
> set type=all
> _ldap._tcp.dc._msdcs.my.domain.name
Server: testdns.my.domain.name
Address: 10.140.1.10
_ldap._tcp.dc._msdcs.my.domain.name SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = lefdc1.my.domain.name
my.domain.name nameserver = testdns.my.domain.name
lefdc1.my.domain.name internet address = 10.140.1.15
testdns.my.domain.name internet address = 10.140.1.10
PS C:Windowssystem32> nltest /server:lefdc /sc_query:my.domain.name
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
PS C:Windowssystem32> dcdiag /test:dns /v /e /f:c:dcdiag.log
PS C:Windowssystem32> nltest /dsgetdc:my.domain.name
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
PS C:Windowssystem32> ntdsutil
C:Windowssystem32ntdsutil.exe: roles
fsmo maintenance: connection
server connections: connect to server lefdc1.my.domain.name
Binding to lefdc1.my.domain.name ...
Connected to lefdc1.my.domain.name using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize pdc
Attempting safe transfer of PDC FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "lefdc1.my.domain.name" knows about 5 roles
Schema - CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,DC=
edu
Naming Master - CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,DC=simm
ons,dc=name
PDC - CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
RID - CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
Infrastructure - CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,DC=sim
mons,dc=name
fsmo maintenance:
PS C:Windowssystem32> dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = lefdc1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameLEFDC1
Starting test: Connectivity
......................... LEFDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameLEFDC1
Starting test: Advertising
Fatal Error:DsGetDcName (LEFDC1) call failed, error 1355
The Locator could not find the server.
......................... LEFDC1 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... LEFDC1 passed test FrsEvent
Starting test: DFSREvent
......................... LEFDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... LEFDC1 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 10/07/2013 09:14:11
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL
(Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds,
configuring the server to reject them will improve the security of this server.
......................... LEFDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... LEFDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... LEFDC1 passed test MachineAccount
Starting test: NCSecDesc
......................... LEFDC1 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\LEFDC1netlogon)
[LEFDC1] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... LEFDC1 failed test NetLogons
Starting test: ObjectsReplicated
......................... LEFDC1 passed test ObjectsReplicated
Starting test: Replications
......................... LEFDC1 passed test Replications
Starting test: RidManager
......................... LEFDC1 passed test RidManager
Starting test: Services
......................... LEFDC1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x0000A001
Time Generated: 10/07/2013 08:47:14
Event String:
The Security System could not establish a secured connection with the server ldap/my.domain.name/ad.simmons.
edu@my.domain.name. No authentication protocol was available.
An error event occurred. EventID: 0xC00038D6
Time Generated: 10/07/2013 08:50:24
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but
it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x000016AA
Time Generated: 10/07/2013 08:59:19
Event String:
None of the IP addresses (10.140.1.15) of this Domain Controller map to the configured site 'Default-First-S
ite-Name'. While this may be a temporary situation due to IP address changes, it is generally recommended that the IP ad
dress of the Domain Controller (accessible to machines in its domain) maps to the Site which it services. If the above l
ist of IP addresses is stable, consider moving this server to a site (or create one if it does not already exist) such t
hat the above IP address maps to the selected site. This may require the creation of a new subnet object (whose range in
cludes the above IP address) which maps to the selected site object.
A warning event occurred. EventID: 0x000003F6
Time Generated: 10/07/2013 09:08:02
Event String:
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC0002719
Time Generated: 10/07/2013 09:08:23
Event String:
DCOM was unable to communicate with the computer 10.140.1.10 using any of the configured protocols.
A warning event occurred. EventID: 0x8000001D
Time Generated: 10/07/2013 09:14:27
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KD
C certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000016AA
Time Generated: 10/07/2013 09:14:31
Event String:
None of the IP addresses (10.140.1.15) of this Domain Controller map to the configured site 'Default-First-S
ite-Name'. While this may be a temporary situation due to IP address changes, it is generally recommended that the IP ad
dress of the Domain Controller (accessible to machines in its domain) maps to the Site which it services. If the above l
ist of IP addresses is stable, consider moving this server to a site (or create one if it does not already exist) such t
hat the above IP address maps to the selected site. This may require the creation of a new subnet object (whose range in
cludes the above IP address) which maps to the selected site object.
......................... LEFDC1 failed test SystemLog
Starting test: VerifyReferences
......................... LEFDC1 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ad
Starting test: CheckSDRefDom
......................... ad passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ad passed test CrossRefValidation
Running enterprise tests on : my.domain.name
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... my.domain.name failed test LocatorCheck
Starting test: Intersite
......................... my.domain.name passed test Intersite
PS C:Windowssystem32>
PS C:Windowssystem32> ntdsutil
C:Windowssystem32ntdsutil.exe: metadata cleanup
metadata cleanup: connections
server connections: connect to server lefdc1
Binding to lefdc1 ...
Connected to lefdc1 using credentials of locally logged on user.
server connections: q
metadata cleanup: select operation target
select operation target: list domains
Found 1 domain(s)
0 - dc=my,dc=domain,dc=name
select operation target: select domain 0
No current site
Domain - dc=my,dc=domain,dc=name
No current server
No current Naming Context
select operation target: list sites
Found 2 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
1 - CN=SchoolofManagement,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
select operation target: select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
Domain - dc=my,dc=domain,dc=name
No current server
No current Naming Context
Output from dcdiag /testdns:
Text
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine lefdc1, is a Directory Server.
Home Server = lefdc1
* Connecting to directory service on server lefdc1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SchoolofManagement,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=LEFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,dc=my,dc=domain,dc=name
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameLEFDC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... LEFDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameLEFDC1
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... LEFDC1 passed test DNS
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : ad
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : my.domain.name
Starting test: DNS
Test results for domain controllers:
DC: lefdc1.my.domain.name
Domain: my.domain.name
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is not a DNS server
Network adapters information:
Adapter [00000007] Broadcom NetXtreme 57xx Gigabit Controller:
MAC address is 00:19:B9:30:85:DF
IP address: 10.140.1.15
DNS servers:
10.140.1.10 (<name unavailable>) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom NetXtreme 57xx Gigabit Controller:
Matching CNAME record found at DNS server 10.140.1.10:
228de4e0-d8f0-447c-aad3-9c07ca7dd6c8._msdcs.my.domain.name
Matching A record found at DNS server 10.140.1.10:
lefdc1.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.a7ed6b46-86fe-471c-9a41-9fddd53d2e4c.domains._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kerberos._tcp.dc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.dc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kerberos._tcp.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kerberos._udp.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kpasswd._tcp.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.Default-First-Site-Name._sites.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_kerberos._tcp.Default-First-Site-Name._sites.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.gc._msdcs.my.domain.name
Matching A record found at DNS server 10.140.1.10:
gc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_gc._tcp.Default-First-Site-Name._sites.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.my.domain.name
Matching SRV record found at DNS server 10.140.1.10:
_ldap._tcp.pdc._msdcs.my.domain.name
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 10.140.1.10 (<name unavailable>)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: my.domain.name
lefdc1 PASS PASS n/a n/a n/a PASS n/a
......................... my.domain.name passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
Output from dcdiag /q
Text
Fatal Error:DsGetDcName (LEFDC1) call failed, error 1355
The Locator could not find the server.
......................... LEFDC1 failed test Advertising
Unable to connect to the NETLOGON share! (\LEFDC1netlogon)
[LEFDC1] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... LEFDC1 failed test NetLogons
An error event occurred. EventID: 0xC00038D6
Time Generated: 10/07/2013 08:50:24
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC0002719
Time Generated: 10/07/2013 09:08:23
Event String:
DCOM was unable to communicate with the computer 10.140.1.10 using any of the configured protocols.
......................... LEFDC1 failed test SystemLog
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... my.domain.name failed test LocatorCheck
Read these next…
Snap! — No-Password Logins, Solar Powered Water Filter, Glitch in the Matrix?
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: February 9, 1996: Introduction of the Bandai Pippin (Read more HERE.)
Bonus Flashback: February 9, 1990: Galileo Probe does a Venus Flyby (Read more HERE.)
You nee…
Roku TV being used as Wallboard Issues
Hardware
Helping someone out at their shop. They have 4 large Roku screens and 2 laptops with dual HDMI ports for video. They are viewing static website business dashboards and PowerPoint. At first all 4 screens connected to wireless, worked for a while but with a…
Charging for SSO
Security
We have SSO set up with around 5 or 6 solution providers via our M365. Not one of them charges for this, they just sent us the documentation.I identified another online service in use by one of our departments which would benefit from using SSO for staff …
Spark! Pro series — 9th February 2023
Spiceworks Originals
Today in History: America meets the Beatles on “The Ed Sullivan Show”
At approximately 8:12 p.m. Eastern time, Sunday, February 9, 1964, The Ed Sullivan Show returned from a commercial (for Anacin pain reliever), and there was Ed Sullivan standing …
Green Brand Rep Wrap-Up: January 2023
Spiceworks Originals
Source Opens a new window Opens a new windowHi, y’all — Chad here. A while back, we used to feature the top posts from our brand reps (aka “Green Gals/Guys/et. al.) in a weekly or monthly wrap-up post. I can’t specifically recall which, as that was ap…
Внезапно лёг active directory. При открытии оснасток выдаёт ошибку (naming information cannot be located because the specified domain either does not exist or could not be contacted) и ошибку 1355. Запустил dcdiag. вот что выдал:
Кликните здесь для просмотра всего текста
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-SiteMFG
Starting test: Connectivity
……………………. MFG passed test Connectivity
Doing primary tests
Testing server: Default-First-SiteMFG
Starting test: Replications
[Replications Check,MFG] A recent replication attempt failed:
From MFGRESERVE to MFG
Naming Context: CN=Schema,CN=Configuration,DC=skbt,DC=local
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2021-05-19 21:55:50.
The last success occurred at 2018-03-07 03:56:28.
26943 failures have occurred since the last success.
The guid-based DNS name 6632f3a8-a941-472a-a330-492c1e4441e9._msdcs.
skbt.local
is not registered on one or more DNS servers.
[MFGRESERVE] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
[Replications Check,MFG] A recent replication attempt failed:
From MFGRESERVE to MFG
Naming Context: CN=Configuration,DC=skbt,DC=local
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2021-05-19 21:55:50.
The last success occurred at 2018-03-07 04:16:57.
26945 failures have occurred since the last success.
The guid-based DNS name 6632f3a8-a941-472a-a330-492c1e4441e9._msdcs.
skbt.local
is not registered on one or more DNS servers.
[Replications Check,MFG] A recent replication attempt failed:
From MFGRESERVE to MFG
Naming Context: DC=skbt,DC=local
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2021-05-19 21:55:50.
The last success occurred at 2018-03-07 04:44:54.
26946 failures have occurred since the last success.
The guid-based DNS name 6632f3a8-a941-472a-a330-492c1e4441e9._msdcs.
skbt.local
is not registered on one or more DNS servers.
REPLICATION-RECEIVED LATENCY WARNING
MFG: Current time is 2021-05-19 22:22:37.
CN=Schema,CN=Configuration,DC=skbt,DC=local
Last replication recieved from MFGRESERVE at 2018-03-07 03:56:28.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=skbt,DC=local
Last replication recieved from MFGRESERVE at 2018-03-07 04:16:57.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=skbt,DC=local
Last replication recieved from MFGRESERVE at 2018-03-07 04:44:54.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
……………………. MFG passed test Replications
Starting test: NCSecDesc
……………………. MFG passed test NCSecDesc
Starting test: NetLogons
……………………. MFG passed test NetLogons
Starting test: Advertising
Fatal Error: DsGetDcName (MFG) call failed, error 1355
The Locator could not find the server.
……………………. MFG failed test Advertising
Starting test: KnowsOfRoleHolders
……………………. MFG passed test KnowsOfRoleHolders
Starting test: RidManager
……………………. MFG passed test RidManager
Starting test: MachineAccount
……………………. MFG passed test MachineAccount
Starting test: Services
……………………. MFG passed test Services
Starting test: ObjectsReplicated
……………………. MFG passed test ObjectsReplicated
Starting test: frssysvol
……………………. MFG passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. MFG failed test frsevent
Starting test: kccevent
……………………. MFG passed test kccevent
Starting test: VerifyReferences
……………………. MFG passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Running partition tests on : skbt
Starting test: CrossRefValidation
……………………. skbt passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. skbt passed test CheckSDRefDom
Running enterprise tests on : skbt.local
Starting test: Intersite
……………………. skbt.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located — All GC’s are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located — All the KDCs are down.
……………………. skbt.local failed test FsmoCheck
Подскажите как можно поправить?
| Комментарий модератора | ||
|
__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь