AD 集成 DNS 故障:“访问被拒绝”

tag-icon tag-icon active-directory windows-server-2008-r2 dns-server
AD 集成 DNS 故障:“访问被拒绝”

我有一台 Windows 2008 R2 服务器,配置为具有 Active Directory 域服务和 DNS 服务器的域控制器。

DNS 服务器最近被卸载并重新安装,以尝试修复(可能不相关的)问题;事件日志曾是之前出现过大量错误(#4000,“DNS 服务器无法打开 Active Directory...”),重新安装也无法解决。然而,虽然之前至少可以显示和解析本地网络的名称(速度很慢),现在什么也没有显示。

(原始错误开始出现 #4015 错误“DNS 服务器遇到了来自 Active Directory 的严重错误”,后面跟着一长串 #4000 和几个 #4004。这可能是由于最近添加了新的 DNS 名称而导致的,但我不确定时间。

尝试通过以下方式管理 DNSAdministrative Tools > DNS会出现错误:

无法联系服务器 SERVERNAME。
错误为:
访问被拒绝。

无论如何您都想添加它吗?

选择“是”只会将 SERVERNAME 项放入列表中,但所有配置选项都会变灰。

我尝试按照以下方法编辑我的 hosts 文件这个帖子但无济于事。

跑步dcdiag,它正确识别家庭服务器,但立即测试连接失败:

开始测试:连接性
主机 blahblahblahyaddayaddayadda 无法解析为 IP 地址。请检查 DNS 服务器、DHCP、服务器名称等。
检查 LDAP 和 RPC 连接性时出错。请检查您的防火墙设置。.............................. SERVERNAME 测试连接性失败

将 blahblahblahyaddayaddayadda 地址添加到主机(指向 127.0.0.1),连通性测试成功,但似乎并没有解决根本问题(访问被拒绝),所以我再次对其进行了哈希处理。

根据 ,主 DNS 服务器正确指向 127.0.0.1 ipconfig /all。并且 DNS 服务器正确地将请求转发到外部地址(如果速度很慢),但是本地网络名称的解析却失败。

DNS 数据库本身足够小,因此我可以(不情愿地)在需要时重建它,但是 DNS 服务器似乎根本不愿意让我使用它(或绕过它)。

(是的,在您询问之前,没有可用的系统备份)

我接下来要去哪里?

根据要求,我的输出(略微模糊)dcdiag

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = bulgogi

   * Identified AD Forest.
 Done gathering initial info.


Doing initial required tests

       Testing server: Obfuscated\BULGOGI

      Starting test: Connectivity

         The host a-whole-lot-of-numbers._msdcs.obfuscated.address

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... BULGOGI failed test Connectivity



Doing primary tests

       Testing server: Obfuscated\BULGOGI

      Skipping all tests, because server BULGOGI is not responding to directory

      service requests.


       Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

       Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

       Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

       Running partition tests on : obfuscated

      Starting test: CheckSDRefDom

         ......................... obfuscated passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... obfuscated passed test CrossRefValidation

       Running enterprise tests on : obfuscated.address

      Starting test: LocatorCheck

         ......................... obfuscated.address passed test LocatorCheck

      Starting test: Intersite

         ......................... obfuscated.address passed test Intersite

我的hosts文件(为简洁起见,减去虚线):

127.0.0.1       localhost
::1             localhost

并且,为了完整起见,这里选取了我的netstat -a -n输出部分(5000 行以上):

  TCP    0.0.0.0:88             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:464            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:593            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:636            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3268           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3269           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:9389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49164          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49178          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49179          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:50480          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:53           0.0.0.0:0              LISTENING
  TCP    192.168.12.127:53      0.0.0.0:0              LISTENING
  TCP    192.168.12.127:139     0.0.0.0:0              LISTENING
  TCP    192.168.12.127:445     192.168.12.50:51118    ESTABLISHED
  TCP    192.168.12.127:3389    192.168.12.4:33579     ESTABLISHED
  TCP    192.168.12.127:3389    192.168.12.100:1115    ESTABLISHED
  TCP    192.168.12.127:50784   192.168.12.50:49174    ESTABLISHED
  TCP    [::]:88                [::]:0                 LISTENING
  TCP    [::]:135               [::]:0                 LISTENING
  TCP    [::]:389               [::]:0                 LISTENING
  TCP    [::]:445               [::]:0                 LISTENING
  TCP    [::]:464               [::]:0                 LISTENING
  TCP    [::]:593               [::]:0                 LISTENING
  TCP    [::]:636               [::]:0                 LISTENING
  TCP    [::]:3268              [::]:0                 LISTENING
  TCP    [::]:3269              [::]:0                 LISTENING
  TCP    [::]:3389              [::]:0                 LISTENING
  TCP    [::]:9389              [::]:0                 LISTENING
  TCP    [::]:47001             [::]:0                 LISTENING
  TCP    [::]:49152             [::]:0                 LISTENING
  TCP    [::]:49153             [::]:0                 LISTENING
  TCP    [::]:49154             [::]:0                 LISTENING
  TCP    [::]:49155             [::]:0                 LISTENING
  TCP    [::]:49157             [::]:0                 LISTENING
  TCP    [::]:49158             [::]:0                 LISTENING
  TCP    [::]:49164             [::]:0                 LISTENING
  TCP    [::]:49178             [::]:0                 LISTENING
  TCP    [::]:49179             [::]:0                 LISTENING
  TCP    [::]:50480             [::]:0                 LISTENING
  TCP    [::1]:53               [::]:0                 LISTENING
  TCP    [::1]:389              [::1]:49745            ESTABLISHED
  TCP    [::1]:389              [::1]:49746            ESTABLISHED
  TCP    [::1]:389              [::1]:52383            ESTABLISHED
  TCP    [::1]:389              [::1]:52493            ESTABLISHED
  TCP    [::1]:389              [::1]:52494            ESTABLISHED
  TCP    [::1]:389              [::1]:52498            ESTABLISHED
  TCP    [::1]:49745            [::1]:389              ESTABLISHED
  TCP    [::1]:49746            [::1]:389              ESTABLISHED
  TCP    [::1]:52383            [::1]:389              ESTABLISHED
  TCP    [::1]:52493            [::1]:389              ESTABLISHED
  TCP    [::1]:52494            [::1]:389              ESTABLISHED
  TCP    [::1]:52498            [::1]:389              ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:53  [::]:0                 LISTENING
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:135  [fe80::f1da:cb41:d0f5:5c0e%20]:52495  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:445  [fe80::f1da:cb41:d0f5:5c0e%20]:51057  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:445  [fe80::f1da:cb41:d0f5:5c0e%20]:52506  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:49158  [fe80::f1da:cb41:d0f5:5c0e%20]:52501  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:51057  [fe80::f1da:cb41:d0f5:5c0e%20]:445  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:52495  [fe80::f1da:cb41:d0f5:5c0e%20]:135  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:52496  [fe80::f1da:cb41:d0f5:5c0e%20]:49158  TIME_WAIT
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:52500  [fe80::f1da:cb41:d0f5:5c0e%20]:135  TIME_WAIT
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:52501  [fe80::f1da:cb41:d0f5:5c0e%20]:49158  ESTABLISHED
  TCP    [fe80::f1da:cb41:d0f5:5c0e%20]:52506  [fe80::f1da:cb41:d0f5:5c0e%20]:445  ESTABLISHED
  UDP    0.0.0.0:123            *:*                    
  UDP    0.0.0.0:500            *:*                    
  UDP    0.0.0.0:1645           *:*                    
  UDP    0.0.0.0:1645           *:*                    
  UDP    0.0.0.0:1646           *:*                    
  UDP    0.0.0.0:1646           *:*                    
  UDP    0.0.0.0:1812           *:*                    
  UDP    0.0.0.0:1812           *:*                    
  UDP    0.0.0.0:1813           *:*                    
  UDP    0.0.0.0:1813           *:*                    
  UDP    0.0.0.0:4500           *:*                    
  UDP    0.0.0.0:5355           *:*                    
  UDP    0.0.0.0:59638          *:*                    

<snip a few thousand lines>

  UDP    0.0.0.0:62140          *:*                    
  UDP    127.0.0.1:53           *:*                    
  UDP    127.0.0.1:49540        *:*                    
  UDP    127.0.0.1:49541        *:*                    
  UDP    127.0.0.1:53655        *:*                    
  UDP    127.0.0.1:54946        *:*                    
  UDP    127.0.0.1:58345        *:*                    
  UDP    127.0.0.1:63352        *:*                    
  UDP    127.0.0.1:63728        *:*                    
  UDP    127.0.0.1:63729        *:*                    
  UDP    127.0.0.1:64215        *:*                    
  UDP    127.0.0.1:64646        *:*                    
  UDP    192.168.12.127:53      *:*                    
  UDP    192.168.12.127:67      *:*                    
  UDP    192.168.12.127:68      *:*                    
  UDP    192.168.12.127:88      *:*                    
  UDP    192.168.12.127:137     *:*                    
  UDP    192.168.12.127:138     *:*                    
  UDP    192.168.12.127:389     *:*                    
  UDP    192.168.12.127:464     *:*                    
  UDP    192.168.12.127:2535    *:*                
  UDP    [::]:123               *:*                    
  UDP    [::]:500               *:*                    
  UDP    [::]:4500              *:*                    
  UDP    [::]:5355              *:*                    
  UDP    [::]:59639             *:*                    

<snip another few thousand lines>

  UDP    [::]:64645             *:*                    
  UDP    [::1]:53               *:*                    
  UDP    [::1]:54944            *:*                    
  UDP    [::1]:54945            *:*                    
  UDP    [::1]:59637            *:*                    
  UDP    [::ffff:192.168.12.127]:1645  *:*                    
  UDP    [::ffff:192.168.12.127]:1646  *:*                    
  UDP    [::ffff:192.168.12.127]:1812  *:*                    
  UDP    [::ffff:192.168.12.127]:1813  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:53  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:88  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:389  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:464  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:1645  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:1646  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:1812  *:*                    
  UDP    [fe80::f1da:cb41:d0f5:5c0e%20]:1813  *:*

答案1

您是否尝试过使用 AD DS、DNS 角色安装第二个 DC?然后从旧 DC 中获取 FSMO 角色?

此后,您可以降级旧的 DC 并在稍后提升它。

相关内容