Мой сайт

Четверг, 14.08.2025, 11:59

Приветствую Вас Гость

Главная | | Регистрация | Вход | RSS

Меню сайта

Наш опрос

Оцените мой сайт
Результаты | Архив опросов
Всего ответов: 6

Статистика

Онлайн всего: 1
Гостей: 1
Пользователей: 0

Форма входа

Поиск

Календарь

«  Март 2013  »
Пн Вт Ср Чт Пт Сб Вс
    123
45678910
11121314151617
18192021222324
25262728293031

Архив записей

Друзья сайта

  • Официальный блог
  • Сообщество uCoz
  • FAQ по системе
  • Инструкции для uCoz
    		•  Главная » 2013 » Март » 22 » Помогите с днс в ад
    12:07
     

    Помогите с днс в ад

    Отправлено 15 Февраль 2012 - 08:21

    есть два КД один, основной, на реальном сервере, второй на виртуальной машине. всё на win2003. естественно доп. КД на виртуальной машине я запускаю раз в неделю, чтоб делать репликацию и всё. что-то вроде бэкапа. но на основном контроллере домена в логах постоянно сыпятся ошибки:

    Windows не удалось получить доступ к файлу GPT.INI для объекта групповой политики
    CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=firma,DC=com.
    Этот файл должен находиться в <\\firma.com\sysvol\firma.com\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini>.
    (Отказано в доступе. ). Обработка групповой политики прекращена.
    приоритет интерфейсов и служб в свойствах сети выставил. посмотрел в днс, а там с начала идет запись :как папка верхнего уровня:сервер имен:ns
    и следующей строкой тоже только вместо ns mx. mx имя сервера который сейчас является основным КД, а ns доп. КД. соответственно дальше идут две записи типа А с IP дополнительного КД и основного. ну и nslookup firma.com выдает последовательность IP именно в таком порядке: первым идет ip доп КД, вторым IP основного КД. как я понял из-за этого и сыпятся ошибки, что при разрешении имени firma.com windows получает ответ с ip доп. КД который обычно не доступен. и видимо после многократных попыток получает ip основго КД и только тогда груповая политика применяется. можно ли поменять порядок днс серверов? в смысле чтоб при nslookup выдавался сначала ip основного КД, и только потом дополнительного?

    • 0

    Отправлено 06 Март 2012 - 04:44

    с основного контролера:
    ipconfig
    Настройка протокола IP для Windows



    Имя компьютера . . . . . . . . . : mx

    Основной DNS-суффикс . . . . . . : firma.com

    Тип узла. . . . . . . . . . . . . : гибридный

    IP-маршрутизация включена . . . . : нет

    WINS-прокси включен . . . . . . . : нет

    Порядок просмотра суффиксов DNS . : firma.com



    Подключение по локальной сети - Ethernet адаптер:



    DNS-суффикс этого подключения . . :

    Описание . . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

    Физический адрес. . . . . . . . . : 00-22-15-48-1D-C5

    DHCP включен. . . . . . . . . . . : нет

    IP-адрес . . . . . . . . . . . . : 192.168.0.1

    Маска подсети . . . . . . . . . . : 255.255.255.0

    Основной шлюз . . . . . . . . . . : 192.168.0.166

    DNS-серверы . . . . . . . . . . . : 127.0.0.1

    dcdiag:
    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\MX
    Starting test: Connectivity
    ......................... MX passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\MX
    Starting test: Replications
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: DC=ForestDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 09:57:20 (about 22 hours ago).
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: DC=DomainDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 09:57:11 (about 22 hours ago).
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: CN=Schema,CN=Configuration,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 09:55:41 (about 22 hours ago).
    REPLICATION-RECEIVED LATENCY WARNING
    MX: Current time is 2012-03-06 08:29:35.
    DC=ForestDnsZones,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-05 09:57:20.
    DC=DomainDnsZones,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-05 09:57:11.
    CN=Schema,CN=Configuration,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-05 09:55:41.
    ......................... MX passed test Replications
    Starting test: NCSecDesc
    ......................... MX passed test NCSecDesc
    Starting test: NetLogons
    ......................... MX passed test NetLogons
    Starting test: Advertising
    ......................... MX passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... MX passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... MX passed test RidManager
    Starting test: MachineAccount
    ......................... MX passed test MachineAccount
    Starting test: Services
    ......................... MX passed test Services
    Starting test: ObjectsReplicated
    ......................... MX passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... MX passed test frssysvol
    Starting test: frsevent
    ......................... MX passed test frsevent
    Starting test: kccevent
    ......................... MX passed test kccevent
    Starting test: systemlog
    ......................... MX passed test systemlog
    Starting test: VerifyReferences
    ......................... MX passed test VerifyReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    с резервного:
    ipconfig
    Настройка протокола IP для Windows



    Имя компьютера . . . . . . . . . : ns

    Основной DNS-суффикс . . . . . . : firma.com

    Тип узла. . . . . . . . . . . . . : гибридный

    IP-маршрутизация включена . . . . : нет

    WINS-прокси включен . . . . . . . : нет

    Порядок просмотра суффиксов DNS . : firma.com



    Подключение по локальной сети - Ethernet адаптер:



    DNS-суффикс этого подключения . . :

    Описание . . . . . . . . . . . . : Intel® PRO/1000 MT сетевое подключение

    Физический адрес. . . . . . . . . : 00-0C-29-ED-DB-62

    DHCP включен. . . . . . . . . . . : нет

    IP-адрес . . . . . . . . . . . . : 192.168.0.158

    Маска подсети . . . . . . . . . . : 255.255.255.0

    Основной шлюз . . . . . . . . . . : 192.168.0.166

    DNS-серверы . . . . . . . . . . . : 192.168.0.1

    dcdiag:
    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\NS
    Starting test: Connectivity
    ......................... NS passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\NS
    Starting test: Replications
    [Replications Check,NS] No replication recently attempted:
    From MX to NS
    Naming Context: DC=ForestDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 20:48:05 (about 11 hours ago).
    [Replications Check,NS] No replication recently attempted:
    From MX to NS
    Naming Context: DC=DomainDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 20:48:05 (about 11 hours ago).
    [Replications Check,NS] No replication recently attempted:
    From MX to NS
    Naming Context: CN=Schema,CN=Configuration,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 20:48:05 (about 11 hours ago).
    [Replications Check,NS] No replication recently attempted:
    From MX to NS
    Naming Context: CN=Configuration,DC=firma,DC=com
    The last attempt occurred at 2012-03-05 20:48:05 (about 11 hours ago).
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source MX
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    [Replications Check,NS] No replication recently attempted:
    From MX to NS
    Naming Context: DC=firma,DC=com
    The last attempt occurred at 2012-03-05 21:02:29 (about 11 hours ago).
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source MX
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    ......................... NS passed test Replications
    Starting test: NCSecDesc
    ......................... NS passed test NCSecDesc
    Starting test: NetLogons
    ......................... NS passed test NetLogons
    Starting test: Advertising
    ......................... NS passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... NS passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... NS passed test RidManager
    Starting test: MachineAccount
    ......................... NS passed test MachineAccount
    Starting test: Services
    ......................... NS passed test Services
    Starting test: ObjectsReplicated
    ......................... NS passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... NS passed test frssysvol
    Starting test: frsevent
    ......................... NS passed test frsevent
    Starting test: kccevent
    ......................... NS passed test kccevent
    Starting test: systemlog
    ......................... NS passed test systemlog
    Starting test: VerifyReferences
    ......................... NS passed test VerifyReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : firma
    Starting test: CrossRefValidation
    ......................... firma passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... firma passed test CheckSDRefDom

    Running enterprise tests on : firma.com
    Starting test: Intersite
    ......................... firma.com passed test Intersite
    Starting test: FsmoCheck
    ......................... firma.com passed test FsmoCheck

    • 0

    Отправлено 07 Март 2012 - 05:39

    Интересно.. такого ещё не видел. Вроде как всё ОК - только задержка в репликации смущает, а с другой стороны в ОП лишний КД да ещё и по ИП зарегистрированный. Покажите с дополнительного КД:
    nslookup 192.168.0.1
    dcdiag /a
    nltest /dclist:firma.com
    repadmin /showrepl
    и repadmin /replsummary

    собственно вот:

    C:\Documents and Settings\Администратор.firma>nslookup 192.168.0.1
    Server: mx.firma.com
    Address: 192.168.0.1

    Name: mx.firma.com
    Address: 192.168.0.1

    C:\Documents and Settings\Администратор.firma>dcdiag /a

    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\MX
    Starting test: Connectivity
    ......................... MX passed test Connectivity

    Testing server: Default-First-Site-Name\NS
    Starting test: Connectivity
    ......................... NS passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\MX
    Starting test: Replications
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: DC=ForestDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-06 14:34:38 (about 19 hours ago).
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: DC=DomainDnsZones,DC=firma,DC=com
    The last attempt occurred at 2012-03-06 14:34:35 (about 19 hours ago).
    [Replications Check,MX] No replication recently attempted:
    From NS to MX
    Naming Context: CN=Schema,CN=Configuration,DC=firma,DC=com
    The last attempt occurred at 2012-03-06 14:34:30 (about 19 hours ago).
    REPLICATION-RECEIVED LATENCY WARNING
    MX: Current time is 2012-03-07 09:39:51.
    DC=ForestDnsZones,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-06 14:34:38.
    DC=DomainDnsZones,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-06 14:34:35.
    CN=Schema,CN=Configuration,DC=firma,DC=com
    Last replication recieved from NS at 2012-03-06 14:34:30.
    ......................... MX passed test Replications
    Starting test: NCSecDesc
    ......................... MX passed test NCSecDesc
    Starting test: NetLogons
    ......................... MX passed test NetLogons
    Starting test: Advertising
    ......................... MX passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... MX passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... MX passed test RidManager
    Starting test: MachineAccount
    ......................... MX passed test MachineAccount
    Starting test: Services
    ......................... MX passed test Services
    Starting test: ObjectsReplicated
    ......................... MX passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... MX passed test frssysvol
    Starting test: frsevent
    There are warning or error events within the last 24 hours after the

    SYSVOL has been shared. Failing SYSVOL replication problems may cause

    Group Policy problems.
    ......................... MX failed test frsevent
    Starting test: kccevent
    ......................... MX passed test kccevent
    Starting test: systemlog
    ......................... MX passed test systemlog
    Starting test: VerifyReferences
    ......................... MX passed test VerifyReferences

    Testing server: Default-First-Site-Name\NS
    Starting test: Replications
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source MX
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source MX
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    ......................... NS passed test Replications
    Starting test: NCSecDesc
    ......................... NS passed test NCSecDesc
    Starting test: NetLogons
    ......................... NS passed test NetLogons
    Starting test: Advertising
    ......................... NS passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... NS passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... NS passed test RidManager
    Starting test: MachineAccount
    ......................... NS passed test MachineAccount
    Starting test: Services
    ......................... NS passed test Services
    Starting test: ObjectsReplicated
    ......................... NS passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... NS passed test frssysvol
    Starting test: frsevent
    ......................... NS passed test frsevent
    Starting test: kccevent
    ......................... NS passed test kccevent
    Starting test: systemlog
    ......................... NS passed test systemlog
    Starting test: VerifyReferences
    ......................... NS passed test VerifyReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : firma
    Starting test: CrossRefValidation
    ......................... firma passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... firma passed test CheckSDRefDom

    Running enterprise tests on : firma.com
    Starting test: Intersite
    ......................... firma.com passed test Intersite
    Starting test: FsmoCheck
    ......................... firma.com passed test FsmoCheck

    C:\Documents and Settings\Администратор.firma>nltest /dclist:firma.com
    Get list of DCs in domain 'firma.com' from '\\ns.firma.com'.
    ns.firma.com [DS] Site: Default-First-Site-Name
    mx.firma.com [PDC] [DS] Site: Default-First-Site-Name
    192.168.0.1
    The command completed successfully

    C:\Documents and Settings\Администратор.firma>repadmin /showrepl


    repadmin running command /showrepl against server localhost


    Default-First-Site-Name\NS

    DC Options: IS_GC

    Site Options: (none)

    DC object GUID: c8b16207-64e7-4772-84c7-6e99c2bd710c

    DC invocationID: afee9a59-f133-4f98-88fe-159c12c31722


    ==== INBOUND NEIGHBORS ======================================

    DC=firma,DC=com

    Default-First-Site-Name\MX via RPC

    DC object GUID: 794bb949-2fdc-408a-898a-6321cc1c2005

    Last attempt @ 2012-03-07 09:32:38 was successful.


    CN=Configuration,DC=firma,DC=com

    Default-First-Site-Name\MX via RPC

    DC object GUID: 794bb949-2fdc-408a-898a-6321cc1c2005

    Last attempt @ 2012-03-07 09:32:37 was successful.


    CN=Schema,CN=Configuration,DC=firma,DC=com

    Default-First-Site-Name\MX via RPC

    DC object GUID: 794bb949-2fdc-408a-898a-6321cc1c2005

    Last attempt @ 2012-03-07 09:32:37 was successful.


    DC=DomainDnsZones,DC=firma,DC=com

    Default-First-Site-Name\MX via RPC

    DC object GUID: 794bb949-2fdc-408a-898a-6321cc1c2005

    Last attempt @ 2012-03-07 09:32:38 was successful.


    DC=ForestDnsZones,DC=firma,DC=com

    Default-First-Site-Name\MX via RPC

    DC object GUID: 794bb949-2fdc-408a-898a-6321cc1c2005

    Last attempt @ 2012-03-07 09:32:38 was successful.


    C:\Documents and Settings\Администратор.firma>repadmin /replsummary
    Replication Summary Start Time: 2012-03-07 09:39:52



    Beginning data collection for replication summary, this may take awhile:

    .....

    Source DC largest delta fails/total %% error

    MX 07m:15s 0 / 5 0

    NS 19h:05m:22s 0 / 5 0

    Destination DC largest delta fails/total %% error

    MX 19h:05m:22s 0 / 5 0

    NS 07m:15s 0 / 5 0
    • 0

    Отправлено 07 Март 2012 - 07:14

    да вроде всё хорошо. dcdiag вообще ничего не знает о 192.168.0.1 - такое ощущение что объект в ОП Контролеры домена был создан руками.
    А что показывает:
    dsquery * domainroot -filter "(&(objectClass=Computer)(cn=192.168.0.1))" -attr *

    bjectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    objectClass: computer
    cn: 192.168.0.1
    distinguishedName: CN=192.168.0.1,OU=Domain Controllers,DC=firma,DC=com
    instanceType: 4
    whenCreated: 04/22/2004 13:04:09
    whenChanged: 02/04/2012 07:49:03
    displayName: 192.168.0.1$
    uSNCreated: 7585
    uSNChanged: 7585
    name: 192.168.0.1
    objectGUID: {68125754-05F3-4820-9A71-2224E2F2A000}
    userAccountControl: 8192
    codePage: 0
    countryCode: 0
    localPolicyFlags: 0
    pwdLastSet: 127271126497706112
    primaryGroupID: 516
    objectSid: S-1-5-21-117609710-507921405-839522115-1133
    accountExpires: 9223372036854775807
    sAMAccountName: 192.168.0.1$
    sAMAccountType: 805306369
    objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=firma,DC=com
    isCriticalSystemObject: TRUE
    ADsPath: LDAP://mx.firma.com/CN=192.168.0.1,OU=Domain Controllers,DC=firma,DC=com
    ---------------
    значит можно снести эту учётную запись компутера 192.168.0.1?
    может это из-за захватов и передач ролей у меня такое появилось? у меня в конце января основной кд был на win2000. потом на нём умер хард, и я захватил все роли на резервном , сделав его основным (ns). потом когда мне выделили компутер я завел его в домен с именем MX. т.е. с именем который был у умершего КД. потом передал ему все роли.

    Сообщение изменено: K.E.P. (07 Март 2012 - 07:48 )

    • 0
    Просмотров: 292 | Добавил: nerved | Рейтинг: 0.0/0
    Всего комментариев: 0
    Copyright MyCorp © 2025
    Бесплатный конструктор сайтовuCoz