域控制器AD报错

全部回复

• 

  

  0

  登录进行投票

  你好，域控上有多块网卡或者多个IP地址确实可能会造成1030报错，不过也不一定，还可能是其他因素造成的。建议你先停掉那块网卡观察一下。

  ---

  面帶微笑，春暖花開

  • 已建议为答案 sly.lee 2010年7月21日 9:50
  • 已标记为答案 Tom Zhang – MSFTModerator 2010年7月23日 7:18

  2010年7月21日 9:00

  回复

  |

  引用

  版主
• 

  

  0

  登录进行投票

  您好！                         

   

  根据您的描述，我想跟您确认以下几个问题：

  1. 请问您的网络环境中有几台DC？

  2. 该错误信息是否只出现在一台DC上，还是所有的DC上？

   

  1030错误可能与名称解析有关，我们建议您根据以下步骤进行排错：

  1. 运行ipconfig /all 检查TCP/IP协议的配置是否正确，请把主DNS服务器指向PDC。

   

  2. 下载并安装最新的网卡驱动。

   

  3. 进入微软网站，更新系统889100补丁。

   

  无法执行组策略处理，事件 1030 和 1058 被记录到域控制器的应用程序日志中

  http://support.microsoft.com/kb/842804/zh-cn

   

  4. 在所有域控制器上，确认Net Logon服务为启动状态。

  a. 点击“开始－>运行”并输入“SERVICES.MSC”。

  b. 点击 “Net Logon”，确认“服务状态”为启动，“启动类型”为自动。

   

  5. 点击“开始－>运行” 并输入\\domain\sysvol\domain\Policies\（domain为您的域名），检查在 Sysvol 共享上正确设置了 NTFS 文件系统权限和共享权限，授予 Authenticated Users 组读取和应用组策略权限。

   

  How to Give Users Access to Group Policy Objects

  http://support.microsoft.com/kb/273857/en-us

   

  6. 点击“开始－>运行” 并输入\\domain\sysvol\domain\Policies\，检查是否有gpt.ini文件存在。

   

  7. 如果您的域控制器为多宿主主机。安装了多块网卡，或者设置了多个IP的话，也可能会出现该错误，请暂时停用一块网卡或者只设置一个IP地址，查看问题是否依然存在。

   

  关于1053的错误，我们建议您尝试以下操作：

   

  1. 如果您的局域网中还有Windows 2000 Server的话，请您下载并安装SP4补丁。

   

  2. 打开DNS控制台，展开正向搜索区域，查看是否有yourdomainname.###（您的域名）的区域存在。

   

  3. 如果没有的话，请创建一个与AD集成的区域，并配置动态更新。

   

  4. 关闭DNS控制台，在命令提示符中，输入：

  net stop netlogon

  net start netlogon

   

  5. 请您下载Hotfixe 829993，该hotfix并不能在网站中直接下载，您可以拨打微软客户服务热线8008203800获取。

   

  829993 Memory Leak Occurs in the Lsass.exe Process on a Windows Server

  http://support.microsoft.com/?id=829993

   

  希望我的回答对您有所帮助，如果您还有什么问题，请您再和我们联系。

   

  Tom Zhang 张一平

  ---

  Tom Zhang – MSFT

  • 已标记为答案 Tom Zhang – MSFTModerator 2010年7月23日 7:18

  2010年7月23日 7:18

  回复

  |

  引用

  版主
• 

  

  0

  登录进行投票

   有两台域控， 上周五我停掉了一块网卡，但故障依旧。还是报1030 1053错误。

  Event Type: Error
  Event Source: Userenv
  Event Category: None
  Event ID: 1030
  Date:  7/25/2010
  Time:  9:53:30 AM
  User:  NT AUTHORITY\SYSTEM
  Computer: DELL2950
  Description:
  Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  Event Type: Error
  Event Source: Userenv
  Event Category: None
  Event ID: 1053
  Date:  7/25/2010
  Time:  8:16:38 PM
  User:  NT AUTHORITY\SYSTEM
  Computer: DELL2950
  Description:
  Windows cannot determine the user or computer name. (Not enough storage is available to complete this operation. ). Group Policy processing aborted.

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  vent Type: Warning
  Event Source: NTDS Replication
  Event Category: Replication
  Event ID: 1586
  Date:  7/25/2010
  Time:  10:10:19 AM
  User:  NT AUTHORITY\ANONYMOUS LOGON
  Computer: DELL2950
  Description:
  The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
   
  A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
   
  The checkpoint process will be tried again in four hours.
   
  Additional Data
  Error value:
  14 Not enough storage is available to complete this operation.

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  Event Type: Error
  Event Source: NETLOGON
  Event Category: None
  Event ID: 5719
  Date:  7/25/2010
  Time:  5:44:05 PM
  User:  N/A
  Computer: DELL2950
  Description:
  This computer was not able to set up a secure session with a domain controller in domain EDFBJ due to the following:
  Not enough storage is available to process this command. 
  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 

  ADDITIONAL INFO
  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 17 00 00 c0               ...?  

  Event Type: Warning
  Event Source: NtFrs
  Event Category: None
  Event ID: 13508
  Date:  7/26/2010
  Time:  8:23:55 AM
  User:  N/A
  Computer: DELL2950
  Description:
  The File Replication Service is having trouble enabling replication from IBMFS to DELL2950 for d:\windows\sysvol\domain using the DNS name ibmfs.EDFBJ.COM.CN. FRS will keep retrying.
   Following are some of the reasons you would see this warning.
   
   [1] FRS can not correctly resolve the DNS name ibmfs.EDFBJ.COM.CN from this computer.
   [2] FRS is not running on ibmfs.EDFBJ.COM.CN.
   [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
   
   This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: d5 04 00 00               ?..   

  GPT.ini是存在。

  yourdomainname.###（您的域名）的区域存在 这个也是存在的.

  Net Logon服务也起来了。

   

   

   

  2010年7月26日 3:04

  回复

  |

  引用