我在 DNS 事件日志中收到这两个错误(问题末尾的错误)。我已确认我确实有重复的区域。我想知道要删除哪些。DomainDNSZone 包含我们所有的 DNS 记录,但它没有 _msdcs 区域......该区域位于 ForestDNSZone 中,其中包含未使用的重复项。
3 个问题。我了解在 ForestDNSZone 中拥有 DNS 的优势。
所以...
为什么 DNS 使用 DomainDNSZone,考虑到 _msdcs... 位于 ForestDNSZone,这是否可以接受?
如果是,我是否应该从 ForestDNSZone 中删除 DC=1.168.192.in-addr.arpa 和 DC=supernova.local?或者我应该尝试让它们成为正在使用的?这些步骤是什么?我知道如何删除。这很简单,但如果我必须移动区域,那么一些信息将不胜感激。
只是为了确认一下。根据我的理解。我可以删除 ForestDNSZone 中的两个重复项,并保留 _msdcs.supernova.local,因为这是那里所需的。这将解决我看到的错误。
仅供参考,当我从 ForestDNSZone 查看这些文件夹时,它们分别只有 2 个和 1 个条目。因此与其他相比显然没有使用。我非常确定我了解完成此操作的步骤。但如果您愿意提供该信息,则加分!
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 1/4/2011
Time: 2:14:18 PM
User: N/A
Computer: STANLEY
Description:
The zone 1.168.192.in-addr.arpa was previously loaded from the directory partition DomainDnsZones.supernova.local but another copy of the zone has been found in directory partition ForestDnsZones.supernova.local. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.
If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 %..
和
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 1/4/2011
Time: 2:14:18 PM
User: N/A
Computer: STANLEY
Description:
The zone supernova.local was previously loaded from the directory partition DomainDnsZones.supernova.local but another copy of the zone has been found in directory partition ForestDnsZones.supernova.local. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.
If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 %..
更新:如果您能提出改进该问题的建议以便我得到答复,我将不胜感激。
更新2:
我们的 AD 由 3 个 DC 组成
192.168.1.100 上的服务器是我们的 Exchange 和 DC(不幸的是)它也是我们的文件服务器。操作系统:Server 2003 R2
服务器 Stanley.DOMAIN.LOCAL 是我们的 GC,保存着 shcemas,但我很快就会将它们移到 DNS 服务器。OS Server 2003 R2
192.168.1.103 处的 DNS 服务器是我们新的 2008 R2 Box。它现在托管 DNS 和 DHCP,并且是 GC,一旦我转移架构,它将成为 PDC。
我想首先解决这个 DNS 问题。
我尝试从所有其他服务器中删除 DNS,它只在新的 2008 R2 机器上运行。自 11 日以来,我再也没有看到我们的 2008 R2 服务器 (Stanley) DNS 日志产生事件错误。Stanley 曾经是 DNS,但现在已关闭。这可能是我从那时起就没有看到错误的原因吗?这是网络诊断。它在 Exchange 服务器上运行,因为它仍然是 2003 R2。NETDIAG:
....................................
Computer Name: SERVERNAME
DNS Host Name: SERVERNAME.DOMAINNAME.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
List of installed hotfixes :
KB2079403
KB2115168
KB2160329
KB2183461-IE8
KB2229593
KB2286198
KB923561
KB924667-v2
KB925398_WMP64
KB925876
KB925902-v2
KB926122
KB926139-v2
KB927891
KB929123
KB930178
KB932168
KB933854
KB936357
KB938127
KB941569
KB942830
KB942831
KB943055
KB943460
KB943729
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB950760
KB950762
KB950974
KB951066
KB951748
KB952004
KB952069
KB952954
KB953298
KB954155
KB954550-v5
KB955069
KB955759
KB956572
KB956744
KB956802
KB956803
KB956844
KB958469
KB958644
KB958869
KB959426
KB960225
KB960803
KB960859
KB961063
KB961118
KB961501
KB967715
KB967723
KB968389
KB968816
KB969059
KB969883
KB969947
KB970238
KB970430
KB970483
KB971032
KB971468
KB971513
KB971657
KB971737
KB971961
KB971961-IE8
KB972270
KB973037
KB973354
KB973507
KB973540
KB973687
KB973815
KB973825
KB973869
KB973904
KB973917-v2
KB974112
KB974318
KB974392
KB974571
KB975025
KB975254
KB975467
KB975560
KB975562
KB975713
KB976323
KB976662-IE8
KB977165-v2
KB977290
KB977816
KB977914
KB978037
KB978251
KB978262
KB978338
KB978542
KB978601
KB978695
KB978706
KB979306
KB979309
KB979482
KB979559
KB979683
KB979907
KB980182
KB980182-IE8
KB980195
KB980218
KB980232
KB980302-IE8
KB980436
KB981332-IE8
KB982214
KB982381-IE8
KB982666
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVERNAME
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.103
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{9052E7E6-EBB2-43F2-857A-8CF43C9718B3}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.103' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{9052E7E6-EBB2-43F2-857A-8CF43C9718B3}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{9052E7E6-EBB2-43F2-857A-8CF43C9718B3}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'SUPERNOVA' is to '\\stanley.DOMAINNAME.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfullylution.
我也刚刚在 Weir 上运行了 DC Diag。这是 2008 R2 盒子,它没有通过这个测试。不过,我稍微研究了一下,意识到如果我没有执行 adprep /rodcprep,就会出现这种情况。考虑到我没有计划使用 RODCMS 表示这可以忽略。
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=DOMAINAME,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=DOMAINAME,DC=local
......................... WEIR failed test NCSecDesc
答案1
有时在更改 2003 DNS 管理单元中的复制范围时会发生这种情况。我想解决此问题的方法是:
- 停止除 2008 服务器之外的所有服务器上的 DNS 服务器。(您已将其删除,这样同样好)
- 在其中,关闭出现 EventID 4515 的所有正向或反向区域的 AD 集成。
在一台服务器上重新启动 DNS 服务器服务。
检查 DNS 日志 - EventID 4515 的所有出现都应该消失。如果没有,请确保 AD 集成已关闭,然后重新启动服务,直到它启动时没有任何 4515 警告。
启用 AD 集成。记得设置复制范围并打开安全更新。**
强制将 AD 复制到所有运行 DNS 的 DC。
- 在其他 DNS 服务器上启动 DNS 服务器服务。复制完成后,4515 警告将消失。
** 注意如果其他 DNS 服务器上还有其他区域未复制到您在步骤 1 中选择的服务器,请停止您正在使用的计算机上的 DNS 服务器服务,然后对承载其余冲突区域的 DNS 服务器上的区域重复步骤 1 到 5。
答案2
这个域是否已从 Windows 2000 升级到 2003,但可能没有正确完成/完成?有关如何执行此类升级的非常详细的说明,包括如何清理 _msdcs 子域,可在此处找到:
http://support.microsoft.com/kb/817470
为了帮助改进这个问题,我可能会提供以下内容:
1) AD/DNS 基础架构的描述。2) 命名服务 (如 netdiag) 的诊断日志,用于确认 (1) 中的所有内容均按预期进行名称/资源解析。