背景故事……
我最近将 MS Server 从 03 升级到了 2012。该服务器需要成为域控制器,并且为了简单起见我将其命名为 foo.com,而不是将其命名为与活跃在线域名不同的名称。因此,我将本地域名命名为与我的网络域名相同的名称,并且在尝试访问电子邮件帐户时,我遇到了各种错误。我决定将域名重命名为foo.local。
当前的问题
我最近在域中添加新机器,一切进展顺利。然而,当我安装 Outlook 2010 并添加邮箱时,我开始遇到与之前相同的问题,当时域控制器名称和 Web 域具有相同的名称。
出于不再需要处理该问题的病态希望并认为这是 DNS 问题我从 DNS 管理器中删除了一些 DNS 条目。
现在,当我尝试再次将机器添加到 foo.local 域时,我遇到了错误。
当我尝试将一台机器添加到域时出现此错误:
Note: This information is intended for a network administrator.
If you are not your network's administrator, notify the administrator that you
received this information, which has been
recorded in the file C:\Windows\debug\dcdiag.txt.
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "foo.local":
The query was for the SRV record for _ldap._tcp.dc._msdcs.foo.local
The following domain controllers were identified by the query:
fooserver01.foo.com
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
运行dcdiag /test:dns我得到这个结果:
C:\Program Files>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = fooServer01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FOOSERVER01
Starting test: Connectivity
The host 01e7fc30-b4aa-4c8e-a036-c08a45b0ffb5._msdcs.foo.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... FOOSERVER01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FOOSERVER01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... FOOSERVER01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : foo
Running enterprise tests on : foo.local
Starting test: DNS
Test results for domain controllers:
DC: fooServer01.foobar.com
Domain: foo.local
TEST: Basic (Basc)
Error: No LDAP connectivity
No host records (A or AAAA) were found for this DC
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: foo.local
fooServer01 PASS FAIL PASS PASS PASS FAIL n/a
......................... foo.local failed test DNS
如果我是正确的,经过几个小时无望的谷歌搜索才找到结果,我需要恢复/修复我从 DNS 管理器中遗憾删除的 DNS 条目。
如果还有任何有帮助的信息请告诉我!
以下是ifconfig /allfooServer01 的打印输出
C:\Program Files>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : fooServer01
Primary Dns Suffix . . . . . . . : foobar.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : foobar.com
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #44
Physical Address. . . . . . . . . : 00-1E-C9-EA-86-30
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5ba:d38:e1e8:d716%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.8
DHCPv6 IAID . . . . . . . . . . . : 301997769
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-66-05-A8-00-1E-C9-EA-86-30
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B0DD6412-73DF-4EEB-B3B5-53FDC632B011}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Program Files>
DNS 管理器树
fooServer01
|- Forward Lookup Zones
| |- _msdcs.foobar.com
| | |- local
| | | |- foo Host(A) 192.168.0.1 static
| | |- (same as parent folder) Start of Authority (SOA) [7],fooserver01.foobar.com,hostmaster.foobar.com static
| | |- (same as parent folder) Name Server (NS) fooserver01.foobar.com static
| | |- fooserver01 Alias (CNAME) fooserver01.foobar.com static
| |- foo.local
| | |- _msdcs
| | | |- _dc
| | | | |- _sites
| | | | | |- Default-First-Name-Site
| | | | | | |- _tcp
| | | | | | | |- _kerberos Service Location (SRV) [0][100][89] fooserver01.foobar.com. Timestamp
| | | | | | | |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
| | | | |- _tcp
| | | | | |- _kerberos Service Location (SRV) [0][100][88] fooserver01.foobar.com. Timestamp
| | | | | |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com Timestamp
| | | |- domains
| | | | |- {long string of letters & numbers }
| | | | | |- _tcp
| | | | | | |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
| | | |- gc
| | | | |- _sites
| | | | | |- Default-First-Site-Name
| | | | | | |- _tcp
| | | | | | | |- _ldap Service Location (SRV) [0][100][3268] fooserver01.foobar.com. Timestamp
| | | | |- _tcp
| | | | | |- _ldap Service Location (SRV) [0][100][3268] fooserver01.foobar.com. Timestamp
| | | |- pdc
| | | | |- _tcp
| | | | | |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
| | |- _sites
| | | |- Default-First-Site-Name
| | | | |- _tcp
| | |- _tcp
| | |- _udp
| | |- DomainDnsZones
| | | |- _sites
| | | | |- Default-First-Site-Name
| | | | | |- _tcp
| | | |- _tcp
| | |- ForestDnsZones
| | | |- _sites
| | | | |- Default-First-Site-Name
| | | | | |- _tcp
| | | |- _tcp
| | |- (same as parent folder) Start of Authority (SOA) [1611], fooserver01.foobar.com, hostmaster.foobar.com static
| | |- (same as parent folder) Name Server (NS) fooserver01.foobar.com static
| | |- (same as parent folder) Host (A) 192.168.0.1 Timestamp
| | |- LIST OF MACHINES STARTS
| | |- THERE'S ABOUT 15 OF THEM
| | |- fooserver Alias (CNAME) FooServer01.foobar.com
| |- _ldap.foobar.com
| | |- (same as parent folder) Start of Authority (SOA) [1], fooserver01.foobar.com, hostmaster.foobar.com. static
| | |- (same as parent folder) Name Server (NS) fooserver01.foobar.com. static
|- Reverse Lookup Zones
|- Trust Points
|- Conditional Forwarders
|- Global logs
这有帮助吗?我应该继续吗?
答案1
奇怪的是,你不是第一个这样做的人。
戴尔甚至有一个指导如何将您的 DC 重新注册到 DNS。
不过,你确实应该检查所有内容,域控制器是基础设施的关键部分,需要保持一致性和可靠性。
重命名 DC 是我过去不惜一切代价避免的事情,并且不情愿地执行了,犯了很多错误/问题,我希望我永远不必解决这些问题。
在执行每个操作之前进行系统状态备份,并广泛验证每个操作。不要开始随意删除东西!
答案2
鉴于我删除了 DNS 管理器中的一些条目,我认为这是一个完美的起点。我可能缺少条目,但我输入的条目足以让我的工作站正确加入域。这些是我添加的条目。
- 添加了一个名为的新区域foobar.com回到正向查找区域。
- 在我添加的新区域内其他新纪录并选择服务地点 (SRV)。
- 左边领域默认值,输入_ldap对于服务,_tcp对于协议,0优先考虑100对于体重,389对于端口号,对于提供此服务的主机,为提供服务的主机的 ip。
- 然后使用添加另一条新记录服务地点 (SRV)
- 在此对话框中我再次离开领域作为默认值,_GC对于服务,_tcp对于该协议,0优先考虑100重量,以及3268端口号。
然后我回到工作站进行测试,发现加入域成功了。
我将其用作临时解决方案,因为我认为一旦压力消失,我将重新安装 Windows Server 2012 并从头开始,所以对此持保留态度。