У меня был сервер SBS 2008, который находился на последнем издыхании, поэтому я сделал миграцию с SBS 2008 на SBS 2011.
Все шло отлично, пока я не добрался до последнего шага и не сделал dcpromo
на старой машине SBS 2008, чтобы отключить ее от сети. Он отказался отключиться от сети (у него были ... проблемы), поэтому я выполнил инструкции Technet для выполнения dcpromo /forceremoval
а затем выполнил очистку после принудительного удаления контроллера домена из сети.
Теперь самое интересное начинается. Похоже, у меня нет проблем с аутентификацией в сети для входа в систему, Exchange работает для всех, общие сетевые ресурсы в порядке, перенаправление папок в порядке, но когда я перехожу к любой из конфигураций уровня домена (например, Сайты и Services или пойти изменить GPO) Я получаю:
Информация о названии не может быть найдена, потому что:
Указанный домен либо не существует, либо с ним невозможно связаться.
Обратитесь к системному администратору, чтобы убедиться, что ваш домен правильно настроен и находится в сети.
ipconfig /all
:
C:\Windows\system32>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : EPPINGSBS2011 Primary Dns Suffix . . . . . . . : epping.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : epping.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada pter Physical Address. . . . . . . . . : 00-15-5D-A1-85-02 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::40a5:9698:961:869b%11(Preferred) Link-local IPv6 Address . . . . . : fe80::cb10:e7e2:95aa:a038%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.254 DHCPv6 IAID . . . . . . . . . . . : 234886493 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-35-19-31-00-15-5D-02-02-06 DNS Servers . . . . . . . . . . . : fe80::cb10:e7e2:95aa:a038%11 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{F662EDAB-23E8-433D-89E8-0832059C3278}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
А вот nltest /server:eppingsbs2011 /dsgetdc:epping.local
:
C:\Windows\system32>nltest /server:eppingsbs2011 /dsgetdc:epping.local DC: \\EPPINGSBS2011.epping.local Address: \\192.168.2.1 Dom Guid: c36db7ef-81b9-4487-93ad-f582e745f27a Dom Name: epping.local Forest Name: epping.local Dc Site Name: Default-First-Site-Name Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SI TE FULL_SECRET WS The command completed successfully
Надеюсь, вы видите, что все выглядит так, будто все в порядке, пока вы не дойдете до dcdiag
(во всей своей отвратительной красе):
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = EPPINGSBS2011 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\EPPINGSBS2011 Starting test: Connectivity ......................... EPPINGSBS2011 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\EPPINGSBS2011 Starting test: Advertising Fatal Error:DsGetDcName (EPPINGSBS2011) call failed, error 1355 The Locator could not find the server. ......................... EPPINGSBS2011 failed test Advertising Starting test: FrsEvent ......................... EPPINGSBS2011 passed test FrsEvent Starting test: DFSREvent ......................... EPPINGSBS2011 passed test DFSREvent Starting test: SysVolCheck ......................... EPPINGSBS2011 passed test SysVolCheck Starting test: KccEvent A warning event occurred. EventID: 0x80000B46 Time Generated: 11/21/2011 20:47:41 Event String: The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. An error event occurred. EventID: 0xC0000837 Time Generated: 11/21/2011 20:48:12 Event String: The Active Directory Domain Services database has been restored using an unsupported restoration procedure. ......................... EPPINGSBS2011 failed test KccEvent Starting test: KnowsOfRoleHolders ......................... EPPINGSBS2011 passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... EPPINGSBS2011 passed test MachineAccount Starting test: NCSecDesc ......................... EPPINGSBS2011 passed test NCSecDesc Starting test: NetLogons ......................... EPPINGSBS2011 passed test NetLogons Starting test: ObjectsReplicated ......................... EPPINGSBS2011 passed test ObjectsReplicated Starting test: Replications ......................... EPPINGSBS2011 passed test Replications Starting test: RidManager ......................... EPPINGSBS2011 passed test RidManager Starting test: Services w32time Service is stopped on [EPPINGSBS2011] NETLOGON Service is paused on [EPPINGSBS2011] ......................... EPPINGSBS2011 failed test Services Starting test: SystemLog An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:00:21 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:05:26 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:05:26 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:05:27 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:10:15 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:10:15 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:15:20 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:15:21 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:15:21 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:20:37 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:20:37 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:25:21 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:25:21 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0xC0001B58 Time Generated: 11/21/2011 20:38:12 Event String: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: An error event occurred. EventID: 0xC0001B58 Time Generated: 11/21/2011 20:38:12 Event String: The Link-Layer Topology Discovery Responder service failed to start due to the following error: An error event occurred. EventID: 0xC0001B59 Time Generated: 11/21/2011 20:38:22 Event String: The Kerberos Key Distribution Center service depends on the Active Directory Domain Services service which failed to start because of the following error: An error event occurred. EventID: 0xC0001B59 Time Generated: 11/21/2011 20:38:48 Event String: The DNS Server service depends on the Active Directory Domain Services service which failed to start because of the following error: An error event occurred. EventID: 0x0000040B Time Generated: 11/21/2011 20:38:49 Event String: The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data. An error event occurred. EventID: 0x0000040C Time Generated: 11/21/2011 20:38:49 Event String: The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data. An error event occurred. EventID: 0xC0001B59 Time Generated: 11/21/2011 20:38:49 Event String: The Intersite Messaging service depends on the Active Directory Domain Services service which failed to start because of the following error: An error event occurred. EventID: 0xC0001B70 Time Generated: 11/21/2011 20:41:20 Event String: The Microsoft Exchange Forms-Based Authentication service service terminated with service-specific error %%-2147467259. An error event occurred. EventID: 0xC0001B70 Time Generated: 11/21/2011 20:41:22 EvtFormatMessage failed (second call), error 15030 The description string for parameter reference (%1) could not be found.. (Event String (event log = System) could not be retrieved, error 0x3ab6) An error event occurred. EventID: 0xC0001B7E Time Generated: 11/21/2011 20:41:33 Event String: The SPTimerV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error: An error event occurred. EventID: 0xC0001B58 Time Generated: 11/21/2011 20:41:33 Event String: The SharePoint 2010 Timer service failed to start due to the following error: An error event occurred. EventID: 0xC0001B7E Time Generated: 11/21/2011 20:41:34 Event String: The SPWriterV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error: An error event occurred. EventID: 0xC0001B58 Time Generated: 11/21/2011 20:41:34 Event String: The SharePoint 2010 VSS Writer service failed to start due to the following error: A warning event occurred. EventID: 0x80001421 Time Generated: 11/21/2011 20:41:37 Event String: The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group. There may be problems in viewing and setting security permissions with the IIS_IUSRS group. This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain. Please see the online help for more information and solutions to this problem. The data field contains the error number. An error event occurred. EventID: 0xC0001B83 Time Generated: 11/21/2011 20:45:57 Event String: The Group Policy Client service did not shut down properly after receiving a preshutdown control. An error event occurred. EventID: 0xC0001B83 Time Generated: 11/21/2011 20:46:17 Event String: The Microsoft Exchange Replication service did not shut down properly after receiving a preshutdown control. A warning event occurred. EventID: 0x000003F6 Time Generated: 11/21/2011 20:48:13 Event String: Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.epping.local timed out after none of the configured DNS servers responded. A warning event occurred. EventID: 0x0000A001 Time Generated: 11/21/2011 20:48:17 Event String: The Security System could not establish a secured connection with the server ldap/epping.local/epping.local@EPPING.LOCAL. No authentication protocol was available. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:48:37 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:48:52 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:49:07 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:49:22 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:49:37 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:49:52 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0x0000002E Time Generated: 11/21/2011 20:49:53 Event String: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started. An error event occurred. EventID: 0xC0001B6F Time Generated: 11/21/2011 20:49:53 Event String: The Windows Time service terminated with the following error: An error event occurred. EventID: 0x0000002E Time Generated: 11/21/2011 20:49:54 Event String: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started. An error event occurred. EventID: 0xC0001B6F Time Generated: 11/21/2011 20:49:54 Event String: The Windows Time service terminated with the following error: An error event occurred. EventID: 0xC2000001 Time Generated: 11/21/2011 20:49:56 Event String: Unexpected failure. Error code: 490@01010004 An error event occurred. EventID: 0x00000469 Time Generated: 11/21/2011 20:49:56 Event String: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:50:07 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:50:24 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:50:25 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:50:33 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:50:33 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:50:39 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0x00000457 Time Generated: 11/21/2011 20:50:50 Event String: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 11/21/2011 20:50:51 Event String: Driver HP Officejet 6500 E710n-z required for printer HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 11/21/2011 20:50:52 Event String: Driver Fax - HP Officejet 6500 E710n-z required for printer Fax - HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 11/21/2011 20:50:54 Event String: Driver HP psc 2100 Series required for printer HP psc 2100 Series is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:50:54 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0xC00038D6 Time Generated: 11/21/2011 20:51:09 Event String: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. A warning event occurred. EventID: 0x000727AA Time Generated: 11/21/2011 20:52:05 Event String: The WinRM service failed to create the following SPNs: WSMAN/EPPINGSBS2011.epping.local; WSMAN/EPPINGSBS2011. An error event occurred. EventID: 0xC000042B Time Generated: 11/21/2011 20:55:10 Event String: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:55:29 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. An error event occurred. EventID: 0x0000041E Time Generated: 11/21/2011 20:55:29 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. ......................... EPPINGSBS2011 failed test SystemLog Starting test: VerifyReferences ......................... EPPINGSBS2011 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : epping Starting test: CheckSDRefDom ......................... epping passed test CheckSDRefDom Starting test: CrossRefValidation ......................... epping passed test CrossRefValidation Running enterprise tests on : epping.local Starting test: LocatorCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... epping.local failed test LocatorCheck Starting test: Intersite ......................... epping.local passed test Intersite
Сегодня просто не мой день. Если бы я прочитал dcdiag
внимательно:
Служба NETLOGON приостановлена [EPPINGSBS2011]
Отключил обслуживание, и привет, все довольны. Теперь - чтобы узнать, почему вообще было приостановлено.