我最初尝试将计算机重新加入网络,结果出现了“无法找到域”的错误。用户名/密码框甚至没有出现。
我运行了一些测试:
我可以 ping 服务器名称。
我无法 ping 服务器的 FQD。
我无法 ping 域名domain1.local。nslookup
找不到域。
因此我转到 DNS 并运行 netdiag.exe,并出现此错误:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'stmartinsrv.stmartin.local.'. [RCODE_SERVER_FAILURE]
The name 'srv.domain1.local.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '68.94.156.1'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '68.94.157.1'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B}
The browser is bound to 1 NetBt transport.
然后运行 dcdiag,
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SRV
Starting test: Connectivity
The host 1c99f63c-49ec-40db-b3d3-6265c00fbd3e._msdcs.domain1.local cou
ld not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(1c99f63c-49ec-40db-b3d3-6265c00fbd3e._msdcs.domain1.local) couldn't
be resolved, the server name (srv.domain1.local) resolved to
the IP address (192.168.1.21) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... SRV failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SRV
Skipping all tests, because server SRV is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain1
Starting test: CrossRefValidation
......................... domain1 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain1 passed test CheckSDRefDom
Running enterprise tests on : domain1.local
Starting test: Intersite
......................... domain1.local passed test Intersite
Starting test: FsmoCheck
......................... domain1.local passed test FsmoCheck
从以前的帖子中,我尝试将域后缀添加到客户端计算机和域控制器服务器的 NIC IP 属性中,但没有帮助。
注意:服务器上只有一个网卡。
有任何想法吗?
更新:我通过从本地 NIC 卡中删除 ISP DNS IP 地址并将 SRV 服务器 IP 地址 (192.168.xx) 添加到 NIC 卡 IP 属性的 DNS 选项卡,部分解决了该问题。现在,当我在 SRV 上运行 nslookup 时,它会在本地解析为域名。当我在 上运行 nslookup 时,它会在服务器上本地将域解析为服务器 IP 地址。但是,当我尝试在客户端计算机上执行相同操作时,当我尝试运行FQDNdomain1.local时,我仍然会收到未知主机响应。nslookup domain1.local
更新2:我还在客户端的 NIC IP 设置中的 DNS 选项卡上手动设置了 DNS IP 地址,但也没有用。但我仍然可以 ping 域控制器/DNS 服务器
当我在客户端运行 ipconfig 和 nslookup 时:
C:\Documents and Settings\Administrator>ping domain1.local
Ping request could not find host domain1.local. Please check the name and try a
gain.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : CLIENT02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain1.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain1.local
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Con
nection
Physical Address. . . . . . . . . : 00-1A-A0-8B-94-87
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.107
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.21
192.168.0.1
Lease Obtained. . . . . . . . . . : Sunday, April 11, 2010 8:45:15 PM
Lease Expires . . . . . . . . . . : Sunday, April 18, 2010 7:24:15 PM
C:\Documents and Settings\Administrator>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.1.21: Timed out
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.21
> server 192.168.1.21
DNS request timed out.
timeout was 2 seconds.
Default Server: [192.168.1.21]
Address: 192.168.1.21
>
C:\Documents and Settings\Administrator>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.1.21: Timed out
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.21
> ls domain1.local
ls: connect: No error
*** Can't list domain domain1.local: Unspecified error
>
然后我运行 netdiag /d:domain1.local
...................................
Computer Name: CLIENT02
DNS Host Name: CLIENT02
System info : Windows 2000 Professional (Build 2600)
Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel
List of installed hotfixes :
KB835221WXP
KB888111WXPSP2
KB893803v2
Q147222
Netcard queries test . . . . . . . : Passed
GetStats failed for 'Intel(R) 82562V-2 10/100 Network Connection - AGN Filter Interface'. [ERROR_GEN_FAILURE]
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : CLIENT02.domain1.local
IP Address . . . . . . . . : 192.168.1.107
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.21
192.168.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 001aa08b9487
Frame type . . . . . . : 802.2
Adapter : IPX Internal Interface
Netcard queries test . . . : Passed
Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II
Adapter : IpxLoopbackAdapter
Netcard queries test . . . : Passed
Ipx configration
Network Number . . . . : 1234cdef
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2
Adapter : NDISWANIPX
Netcard queries test . . . : Passed
Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : f6f220524153
Frame type . . . . . . : Ethernet II
Global results:
Domain membership test . . . . . . : Passed
Dns domain name is not specified.
Dns forest name is not specified.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{3DF46308-913D-4B62-8F6A-AC1E076E3864}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Failed
This computer cannot be joined to the [domain1.local] domain because of one of the
following reasons.
1. The DNS SRV record for [domain1.local] is not registered in DNS; or
2. A zone from the following list of DNS zones does not include delegation
to its child zone.
Such zones can include [_ldap._tcp.dc._msdcs.domain1.local], and root zone.
Ask your network/DNS administrator to perform the following actions: To
find out why the SRV record for [domain1.local, local] is not registered in the DNS,
run the dcdiag command prompt tool with the command RegisterInDNS on the
domain controller that did not perform the registration.
[FATAL] Cannot find DC in domain 'domain1.local'. [ERROR_NO_SUCH_DOMAIN]
DC list test . . . . . . . . . . . : Failed
'domain1.local': Cannot find DC to get DC list from [test skipped].
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified domain either does not exist or could not be contacted.
This computer cannot be joined to the [domain1.local] domain because of one of the
following reasons.
1. The DNS SRV record for [domain1.local] is not registered in DNS; or
2. A zone from the following list of DNS zones does not include delegation
to its child zone.
Such zones can include [_ldap._tcp.dc._msdcs.domain1.local], and root zone.
Ask your network/DNS administrator to perform the following actions: To
find out why the SRV record for [domain1.local, local] is not registered in the DNS,
run the dcdiag command prompt tool with the command RegisterInDNS on the
domain controller that did not perform the registration.
[WARNING] Cannot find DC in domain 'domain1.local'. [ERROR_NO_SUCH_DOMAIN]
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
在服务器 SRV 上
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : srv
Primary Dns Suffix . . . . . . . : domain1.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain1.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-21-70-16-F5-6E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.21
C:\Documents and Settings\Administrator>nslookup domain1.local
Server: srv.domain1.local
Address: 192.168.1.21
Name: domain1.local
Address: 192.168.1.21
C:\Documents and Settings\Administrator>nslookup
Default Server: srv.domain1.local
Address: 192.168.1.21
> server 192.168.1.21
Default Server: srv.domain1.local
Address: 192.168.1.21
> ls domain1.local
[srv.domain1.local]
*** Can't list domain domain1.local: Query refused
The DNS server refused to transfer the zone domain1.local to your computer. If
this
is incorrect, check the zone transfer security settings for domain1.local on th
e DNS
server at IP address 192.168.1.21.
> ^C
C:\Documents and Settings\Administrator>ping domain1.local
Pinging domain1.local [192.168.1.21] with 32 bytes of data:
Reply from 192.168.1.21: bytes=32 time<1ms TTL=128
Reply from 192.168.1.21: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.21:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\Administrator>
然后运行 dcdiag.exe:
域控制器诊断
执行初始设置:完成收集初始信息。
进行初步必需的测试
测试服务器:Default-First-Site-Name\SRV 开始测试:连接性.............................. SRV 已通过测试连接性
进行主要测试
Testing server: Default-First-Site-Name\SRV
Starting test: Replications
......................... SRV passed test Replications
Starting test: NCSecDesc
......................... SRV passed test NCSecDesc
Starting test: NetLogons
......................... SRV passed test NetLogons
Starting test: Advertising
......................... SRV passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRV passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRV passed test RidManager
Starting test: MachineAccount
......................... SRV passed test MachineAccount
Starting test: Services
......................... SRV passed test Services
Starting test: ObjectsReplicated
......................... SRV passed test ObjectsReplicated
Starting test: frssysvol
......................... SRV passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... SRV failed test frsevent
Starting test: kccevent
......................... SRV passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002715
Time Generated: 04/12/2010 13:35:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B7A
Time Generated: 04/12/2010 13:45:27
(Event String could not be retrieved)
......................... SRV failed test systemlog
Starting test: VerifyReferences
......................... SRV passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : stmartin
Starting test: CrossRefValidation
......................... stmartin passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... stmartin passed test CheckSDRefDom
Running enterprise tests on : domain1.local
Starting test: Intersite
......................... domain1.local passed test Intersite
Starting test: FsmoCheck
......................... domain1.local passed test FsmoCheck
然后执行 netdiag /d:domain1.local:
....................................
Computer Name: SRV
DNS Host Name: SRV.domain1.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 127 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB923561
KB924667-v2
KB925398_WMP64
KB925902-v2
KB927891
KB929123
KB930178
KB932168
KB933854
KB938127
KB941569
KB943055
KB943460
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB950762
KB950974
KB951066
KB951748
KB952004
KB952069
KB952954
KB953298
KB954155
KB954550-v5
KB955069
KB955759
KB956572
KB956802
KB956803
KB956844
KB957097
KB958469
KB958644
KB958687
KB958869
KB959426
KB960225
KB960803
KB960859
KB961063
KB961118
KB961501
KB967715
KB967723
KB968389
KB968816
KB969059
KB969947
KB970238
KB970430
KB971032
KB971486
KB971557
KB971633
KB971657
KB971737
KB971961
KB972270
KB973037
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973904
KB974112
KB974318
KB974392
KB974571
KB975025
KB975467
KB976098-v2
KB976325
KB978207
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SRV
IP Address . . . . . . . . : 192.168.1.21
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.21
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.21' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{04BB0F6B-06AE-4D60-80C8-2A7A24C1D87B}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
答案1
我想你会发现关键可能就在这里:
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '68.94.156.1'. Please wait for 30 minutes for DNS server replication.
这是您的公共 ISP DNS 服务器吗?如果是,则这是错误的 DNS 服务器。
- 您的 AD 中应该有一个 DNS 服务器(如果您只有一个域控制器,它通常位于您的域控制器上)
- 域控制器的 DNS 应指向其自身
- 客户端计算机的 DNS 应指向内部 DNS 服务器(例如域控制器)的 IP 地址
您的 ISP 的 DNS 服务器将不会在正常的 AD 网络内使用。
编辑:我刚刚看到你的更新。你一定是在我写答案的时候发的。确保第 3 步也已实施。
答案2
您说“重新加入”机器。系统的旧 DNS 记录是否仍在区域中?当前域控制器是否只列出了其 DNS 服务器的 IP?在尝试重新加入之前,您是否删除了旧计算机帐户?服务器的名称是否与您退出之前的名称相同?如果是这样,则 AD 中可能有一些过时的信息。检查 DNS 中的所有 SRV 记录,确保它们解析为它们应该解析的内容。如果您在任何这些记录的 ACL 上看到任何“未知帐户”,请删除它们并从应该保存它们的机器运行“ipconfig /registerdns”。
答案3
搞清楚了。网卡上的防火墙不知为何打开了。禁用后,一切正常。搞清楚了。