由于某种原因,我的本地域名解析出现了一些问题。我的整个网络的简要描述如下:我们有两个办公室。每个办公室都有自己的 DC 和防火墙,但两个办公室相互复制。现在,其中一个办公室网络运行正常,我遇到问题的就是我目前所在的网络。
例如,我可以访问 \\server1\myshare,但无法访问当前网络上的 \\mydomain.net\myshare。在另一个网络上,一切正常。现在,当我在 server1 上使用 RDP 时,我可以随机访问域,但其他时候则无法访问。我相信我已经找到了罪魁祸首,但我甚至不确定如何开始修复此问题。以下是 dcdiag 输出:
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BGS-HQ-VRDSVR01
* Identified AD Forest.
Ldap search capabality attribute search failed on server BGS-CP-VRDSVR01,
return value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: BGS-HQ\BGS-HQ-VRDSVR01
Starting test: Connectivity
The host 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... BGS-HQ-VRDSVR01 failed test Connectivity
Doing primary tests
Testing server: BGS-HQ\BGS-HQ-VRDSVR01
Skipping all tests, because server BGS-HQ-VRDSVR01 is not responding to
现在...有趣的部分是,我运行了以下命令:
C:\Users\Administrator>nslookup 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.bill
sgs.net
Server: bgs-hq-vrdsvr01.billsgs.net
Address: 192.168.40.13
Name: bgs-hq-vrdsvr01.billsgs.net
Address: 192.168.40.13
Aliases: 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net
任何关于此的建议都将不胜感激。我是一名程序员,而不是网络管理员,所以我当然不了解很多与此相关的调试技术,尤其是 Windows 服务器。
另外,顺便提一下,我们暂时禁用了复制服务器,因为出于某种原因,它实际上占用了服务器上所有的 12gb RAM。我不确定这是否相关,但目前它被搁置了。
编辑:很抱歉,我们正在运行 Windows Server 2008 R2,下面是来自服务器的 ipconfig /all。
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : BGS-HQ-VRDSVR01
Primary Dns Suffix . . . . . . . : billsgs.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : billsgs.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-03-BA-38
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.40.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.40.254
DNS Servers . . . . . . . . . . . : 192.168.40.13
192.168.40.254
Primary WINS Server . . . . . . . : 192.168.40.13
Secondary WINS Server . . . . . . : 192.168.41.17
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{ADEC15A8-2603-40EB-964C-489CCBD11E08}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
编辑:这是我运行的 DNS 测试的输出。
C:\Users\Administrator>dcdiag /test:DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = BGS-HQ-VRDSVR01
* Identified AD Forest.
Ldap search capabality attribute search failed on server BGS-CP-VRDSVR01, return value = 81
Got error while checking if the DC is using FRS or DFSR. Error: Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: BGS-HQ\BGS-HQ-VRDSVR01
Starting test: Connectivity
The host 6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... BGS-HQ-VRDSVR01 failed test Connectivity
Doing primary tests
Testing server: BGS-HQ\BGS-HQ-VRDSVR01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... BGS-HQ-VRDSVR01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : billsgs
Running enterprise tests on : billsgs.net
Starting test: DNS
Test results for domain controllers:
DC: BGS-HQ-VRDSVR01.billsgs.net
Domain: billsgs.net
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter [00000007] Intel(R) PRO/1000 MT Network Connection has invalid DNS server: 192.168.40.254 (<name unavailable>)
No host records (A or AAAA) were found for this DC
TEST: Forwarders/Root hints (Forw)
Error: All forwarders in the forwarder list are invalid.
Error: Both root hints and forwarders are not configured or broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Error: DNS server: bgs-cp-vrdsvr01.billsgs.net. IP:192.168.41.17 [Broken delegated domain _msdcs.billsgs.net.]
Error: DNS server: bgs-cp-vrdsvr01.billsgs.net. IP:192.168.41.17 [Broken delegated domain cp.billsgs.net.]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone billsgs.net
TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:
Warning:
Missing CNAME record at DNS server 192.168.40.254:
6282bfca-ade1-41c8-84dc-516ce19b49be._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.22017278-29d1-493a-b72d-e44b31411a70.domains._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kerberos._tcp.dc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.dc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kerberos._tcp.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kerberos._udp.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kpasswd._tcp.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.BGS-HQ._sites.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kerberos._tcp.BGS-HQ._sites.dc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.BGS-HQ._sites.dc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_kerberos._tcp.BGS-HQ._sites.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.gc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_gc._tcp.BGS-HQ._sites.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.BGS-HQ._sites.gc._msdcs.billsgs.net
Error:
Missing SRV record at DNS server 192.168.40.254:
_ldap._tcp.pdc._msdcs.billsgs.net
Error: Record registrations cannot be found for all the network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 192.168.41.17 (bgs-cp-vrdsvr01.billsgs.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.41.17
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.168.40.254 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.billsgs.net. failed on the DNS server 192.168.40.254
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 209.253.113.10 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.253.113.10
DNS server: 209.253.113.2 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.253.113.2
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: billsgs.net
BGS-HQ-VRDSVR01 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... billsgs.net failed test DNS
和..“repadmin /bind BGS-VRDSVR01”输出..
C:\Users\Administrator.BILLSGS>repadmin /bind BGS-HQ-VRDSVR01
Bind to BGS-HQ-VRDSVR01 succeeded.
NTDSAPI V1 BindState, printing extended members.
bindAddr: BGS-HQ-VRDSVR01
Extensions supported (cb=48):
BASE : Yes
ASYNCREPL : Yes
REMOVEAPI : Yes
MOVEREQ_V2 : Yes
GETCHG_COMPRESS : Yes
DCINFO_V1 : Yes
RESTORE_USN_OPTIMIZATION : Yes
KCC_EXECUTE : Yes
ADDENTRY_V2 : Yes
LINKED_VALUE_REPLICATION : Yes
DCINFO_V2 : Yes
INSTANCE_TYPE_NOT_REQ_ON_MOD : Yes
CRYPTO_BIND : Yes
GET_REPL_INFO : Yes
STRONG_ENCRYPTION : Yes
DCINFO_VFFFFFFFF : Yes
TRANSITIVE_MEMBERSHIP : Yes
ADD_SID_HISTORY : Yes
POST_BETA3 : Yes
GET_MEMBERSHIPS2 : Yes
GETCHGREQ_V6 (WINDOWS XP PREVIEW): Yes
NONDOMAIN_NCS : Yes
GETCHGREQ_V8 (WINDOWS XP BETA 1) : Yes
GETCHGREPLY_V5 (WINDOWS XP BETA 2): Yes
GETCHGREPLY_V6 (WINDOWS XP BETA 2): Yes
ADDENTRYREPLY_V3 (WINDOWS XP BETA 3): Yes
GETCHGREPLY_V7 (WINDOWS XP BETA 3) : Yes
VERIFY_OBJECT (WINDOWS XP BETA 3): Yes
XPRESS_COMPRESSION : Yes
DRS_EXT_ADAM : No
GETCHGREQ_V10 : Yes
RECYCLE BIN FEATURE : No
Site GUID: afe99967-2bae-4850-b6c8-a84fc37cbd87
Repl epoch: 0
Forest GUID: 1c4eb6fd-77b5-46de-a4b0-c9c51087eb7d
Security information on the binding is as follows:
SPN Requested: LDAP/BGS-HQ-VRDSVR01
Authn Service: 9
Authn Level: 6
Authz Service: 0
另外,这里是处理列表...
答案1
要查看这是否与基于主机的防火墙有关,请暂时关闭域、公共和私有配置文件。您是否有多个接口,因为在 Windows Server 2008 中,最严格的配置文件正在生效。从提升的命令提示符运行此命令
- netsh advfirewall 将公共配置文件状态关闭
- netsh advfirewall 将 privateprofile 状态关闭
- netsh advfirewall 将域配置文件状态关闭
内存使用情况可能会产生误导。通常情况下,内存会被使用,但在必要时会被释放。查看资源耗尽检测器操作事件日志(打开 eventvwr 并转到应用程序和服务/microsoft/windows/资源耗尽检测器/操作)以确定是否内存不足。
使用 Process Explorer 查看内存使用情况并查看可用内存。如果可用内存看起来很少,请使用 Syinternals 的 RAMMap 了解使用情况。请参阅 RAMmap 说明http://blogs.technet.com/b/askperf/archive/2010/08/13/introduction-to-the-new-sysinternals-tool-rammap.aspx因为我曾遇到过图元文件“消耗”它的情况。但这是预期的行为。
DCDiag 中的错误 81 表示 LDAP 服务器无法访问。DC 本身上是否有任何第三方产品提供捆绑的防病毒 + 防火墙行为?如果您可以在 DC 上本地访问 LDAP,但无法远程访问,并且您确定没有使用基于主机的防火墙,我会检查是否有任何中间网络设备正在过滤/丢弃数据包。
答案2
如果任何适配器上都有公共网络,请确保主 DNS 服务器是“其本身的公共 IP”,这为我解决了这个问题。