我似乎遇到了一些与我们的 SBS 相关的问题。我相信这个域名最初是在 SBS 2003 机器上,去年才被转移到这个 SBS 2011 机器上,直到昨天它一直运行良好。但我看不出那时有什么变化。
尽管我很难确定实际原因,但一切似乎都指向 DNS。最令人担心的是当我尝试在 SBS 上打开某些东西(例如 AD 站点和服务)时。
//编辑还不能发布图片 - 错误是
Active Directory 域服务- 无法找到命名信息,因为:指定的域不存在或无法联系。请联系系统管理员以验证您的域是否已正确配置且当前处于在线状态。
这是来自服务器的 IPconfig
Host Name . . . . . . . . . . . . : SBS2012
Primary Dns Suffix . . . . . . . : Contosso.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Contosso.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connecti
on #2
Physical Address. . . . . . . . . : 00-1E-67-39-23-14
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8087:34f0:59f9:6a26%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.35.250(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.35.1
DHCPv6 IAID . . . . . . . . . . . : 301997671
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-39-46-22-00-1E-67-39-23-15
DNS Servers . . . . . . . . . . . : 192.168.35.250
NetBIOS over Tcpip. . . . . . . . : Enabled
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.35.24(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A23E95B8-B5C2-4D88-BDE9-E9F1C2DD3902}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
这是 nltest
nltest /server:sbs2012 /dsgetdc:contosso.local
DC: \\SBS2012.contosso.local
Address: \\192.168.35.250
Dom Guid: c50b6df3-9d22-4c87-b2a7-adadc4fd5ec1
Dom Name: contosso.local
Forest Name: contosso.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
DNS_FOREST CLOSE_SITE FULL_SECRET WS
The command completed successfully
据我所知,到目前为止一切正常(很可能我遗漏了一些东西),但当我运行 DCDIAG 时,它变得混乱
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SBS2012
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SBS2012
Starting test: Connectivity
......................... SBS2012 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SBS2012
Starting test: Advertising
Fatal Error:DsGetDcName (SBS2012) call failed, error 1355
The Locator could not find the server.
......................... SBS2012 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SBS2012 passed test FrsEvent
Starting test: DFSREvent
......................... SBS2012 passed test DFSREvent
Starting test: SysVolCheck
......................... SBS2012 passed test SysVolCheck
Starting test: KccEvent
......................... SBS2012 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SBS2012 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SBS2012 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Contosso,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Contosso,DC=local
......................... SBS2012 failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SBS2012\netlogon)
[SBS2012] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... SBS2012 failed test NetLogons
Starting test: ObjectsReplicated
......................... SBS2012 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SBS2012] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... SBS2012 failed test Replications
Starting test: RidManager
......................... SBS2012 passed test RidManager
Starting test: Services
Could not open NTDS Service on SBS2012, error 0x5
"Access is denied."
......................... SBS2012 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:27:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:32:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:37:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:42:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:47:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:52:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x00000457
Time Generated: 07/12/2013 08:54:09
Event String:
Driver EPSON WorkForce 645 Series required for printer EPSON WorkForce 645 Series is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/12/2013 08:54:10
Event String:
Driver FX DocuCentre-IV C2270 PCL 6 required for printer scanner - 212 Manukau Rd Epsom is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/12/2013 08:54:10
Event String:
Driver HP ePrint required for printer HP ePrint is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/12/2013 08:54:11
Event String:
Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/12/2013 08:54:14
Event String:
Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 08:57:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 09:02:33
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
A warning event occurred. EventID: 0x00002724
Time Generated: 07/12/2013 09:03:32
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An error event occurred. EventID: 0x0000041A
Time Generated: 07/12/2013 09:03:33
Event String:
The DHCP/BINL service on the local machine encountered a network error. The error was: 0x 2.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 09:03:33
Event String:
The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons.
An error event occurred. EventID: 0xC0002720
Time Generated: 07/12/2013 09:03:45
Event String:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0002720
Time Generated: 07/12/2013 09:03:46
Event String:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0002720
Time Generated: 07/12/2013 09:03:46
Event String:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0002720
Time Generated: 07/12/2013 09:03:46
Event String:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0xC0002720
Time Generated: 07/12/2013 09:03:46
Event String:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00000406
Time Generated: 07/12/2013 09:07:33
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 07/12/2013 09:12:34
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0xC00038D6
Time Generated: 07/12/2013 09:16:24
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 09:17:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 07/12/2013 09:22:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... SBS2012 failed test SystemLog
Starting test: VerifyReferences
......................... SBS2012 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Contosso
Starting test: CheckSDRefDom
......................... Contosso passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Contosso passed test CrossRefValidation
Running enterprise tests on : Contosso.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... Contosso.local failed test LocatorCheck
Starting test: Intersite
......................... Contosso.local passed test Intersite
有人有什么想法吗?谢谢
这是 _msdcs.contosso.local 转发器条目
Name,Type,Data,Timestamp
dc,,,
domains,,,
gc,,,
pdc,,,
(same as parent folder),Start of Authority (SOA),[88], sbs2012.Contosso.local., hostmaster.,static
(same as parent folder),Name Server (NS),sbs2012.Contosso.local.,static
c0074617-7e4a-4ed4-937d-67d38780d11c,Alias (CNAME),sbs2012.Contosso.local.,?12/?07/?2013 2:00:00 a.m.
答案1
为了解决这个问题,我最终从备份中恢复了 sysvol 文件夹。我不确定这是否是解决问题的最佳方法,但它确实有效。