尝试将新服务器添加到我们的域,但它拒绝加入,错误是
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "Ragonz.domain":
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.Ragonz.domain
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
110.168.19.24
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
现在我知道域名没有问题,因为我刚刚将另一台服务器加入其中,没有任何问题,但这个盒子拒绝加入。IP 配置/全部如下
Windows IP Configuration
Host Name . . . . . . . . . . . . : Australia179
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Ragonz.domain
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : Ragonz.domain
Description . . . . . . . . . . . : Intel(R) I350 Gigabit Network Connection
#3
Physical Address. . . . . . . . . : 00-25-90-5F-2A-F8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 119.253.189.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 119.253.189.254
DNS Servers . . . . . . . . . . . : 110.168.19.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Ping - 一切顺利
Reply from 110.168.19.24: bytes=32 time=304ms TTL=115
Reply from 110.168.19.24: bytes=32 time=304ms TTL=115
Ping statistics for 110.168.19.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 304ms, Maximum = 304ms, Average = 304ms
NSLookup
C:\Users\Administrator>nslookup Ragonz.domain
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 110.168.19.24
仅供参考 - 我必须更改上面的 IP/域以保护隐私,因此它们不是真实的,但是正如提到的,只有这台机器有问题,所有其他机器都可以毫无问题地加入域。
有任何想法吗?
答案1
答案是提供商阻止了将该机器加入域所需的端口。正如我在问题/回复中多次提到的那样,这不是 DNS 错误。
答案2
就我的情况(AWS 基础设施)而言,问题在于 DC 服务器安全组未添加客户端服务器 IP 源,因此无法与 DC 服务器进行通信/解析 DNS。
通过允许客户端服务器子网 CIDR 在 DC 服务器安全组中添加入站规则后,能够解析 DNS 并将客户端服务器加入域中。
答案3
确保工作 PC 的 DNS 设置与超时的 PC 相同,这似乎是 DNS 问题。
正如您在日志中看到的:
此计算机用于名称解析的 DNS 服务器没有响应。此计算机配置为使用具有以下 IP 地址的 DNS 服务器...