none
WINXP客户端无法加入域“trinx” RRS feed

  • 问题

  • trinx域已经正常运行了四年多的时间,上次也出现这样的问题,修复就可以啦。。这次不行啦。

    已经加入域的客户端是可以正常登陆域的

    DC具体情况如下(dcdiag。txt):
    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine leoniserp, is a DC.
       * Connecting to directory service on server leoniserp.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 2 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\LEONISERP
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... LEONISERP passed test Connectivity

    Doing primary tests
      
       Testing server: Default-First-Site-Name\LEONISERP
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
                CN=Schema,CN=Configuration,DC=trinx
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=trinx
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=trinx
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             * Replication Site Latency Check
             ......................... LEONISERP passed test Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC LEONISERP.
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=trinx
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=trinx
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=trinx
                (Domain,Version 2)
             ......................... LEONISERP passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\LEONISERP\netlogon)
             [LEONISERP] An net use or LsaPolicy operation failed with error 1203, 无任何网络提供程序接受指定的网络路径。.
             ......................... LEONISERP failed test NetLogons
          Starting test: Advertising
             The DC LEONISERP is advertising itself as a DC and having a DS.
             The DC LEONISERP is advertising as an LDAP server
             The DC LEONISERP is advertising as having a writeable directory
             The DC LEONISERP is advertising as a Key Distribution Center
             The DC LEONISERP is advertising as a time server
             The DS LEONISERP is advertising as a GC.
             ......................... LEONISERP passed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings\0ADEL:fab3bae7-9467-4eac-9f97-6993a7ff4240,CN=SERVERAPP\0ADEL:8ee41335-952d-423c-870e-81d4c87e0662,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx
             Warning: CN=NTDS Settings\0ADEL:fab3bae7-9467-4eac-9f97-6993a7ff4240,CN=SERVERAPP\0ADEL:8ee41335-952d-423c-870e-81d4c87e0662,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx is the Schema Owner, but is deleted.
             Role Domain Owner = CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx
             Role PDC Owner = CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx
             Role Rid Owner = CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx
             ......................... LEONISERP failed test KnowsOfRoleHolders
          Starting test: RidManager
             * Available RID Pool for the Domain is 4609 to 1073741823
             * leoniserp.trinx is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 3109 to 3608
             * rIDPreviousAllocationPool is 3109 to 3608
             * rIDNextRID: 3320
             ......................... LEONISERP passed test RidManager
          Starting test: MachineAccount
             Checking machine account for DC LEONISERP on DC LEONISERP.
             * SPN found :LDAP/leoniserp.trinx/trinx
             * SPN found :LDAP/leoniserp.trinx
             * SPN found :LDAP/LEONISERP
             * SPN found :LDAP/leoniserp.trinx/TRINX
             * SPN found :LDAP/cfb595c3-56a6-4eab-90c1-68076813d536._msdcs.trinx
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/cfb595c3-56a6-4eab-90c1-68076813d536/trinx
             * SPN found :HOST/leoniserp.trinx/trinx
             * SPN found :HOST/leoniserp.trinx
             * SPN found :HOST/LEONISERP
             * SPN found :HOST/leoniserp.trinx/TRINX
             * SPN found :GC/leoniserp.trinx/trinx
             ......................... LEONISERP passed test MachineAccount
          Starting test: Services
             * Checking Service: Dnscache
                Dnscache Service is stopped on [LEONISERP]
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: RpcSs
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... LEONISERP failed test Services
          Test omitted by user request: OutboundSecureChannels
          Starting test: ObjectsReplicated
             LEONISERP is in domain DC=trinx
             Checking for CN=LEONISERP,OU=Domain Controllers,DC=trinx in domain DC=trinx on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx in domain CN=Configuration,DC=trinx on 1 servers
                Object is up-to-date on all servers.
             ......................... LEONISERP passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... LEONISERP passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... LEONISERP passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minutes.
             ......................... LEONISERP passed test kccevent
          Starting test: systemlog
             * The System Event log test
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 09/20/2010   17:14:31
                (Event String could not be retrieved)
             ......................... LEONISERP failed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)

             CN=LEONISERP,OU=Domain Controllers,DC=trinx and backlink on

             CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=LEONISERP,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=trinx

             and backlink on CN=LEONISERP,OU=Domain Controllers,DC=trinx are

             correct.
             The system object reference (serverReferenceBL)

             CN=LEONISERP,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=trinx

             and backlink on

             CN=NTDS Settings,CN=LEONISERP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trinx

             are correct.
             ......................... LEONISERP passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : trinx
          Starting test: CrossRefValidation
             ......................... trinx passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... trinx passed test CheckSDRefDom
      
       Running enterprise tests on : trinx
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... trinx passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\leoniserp.trinx
             Locator Flags: 0xe00003fd
             PDC Name: \\leoniserp.trinx
             Locator Flags: 0xe00003fd
             Time Server Name: \\leoniserp.trinx
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\leoniserp.trinx
             Locator Flags: 0xe00003fd
             KDC Name: \\leoniserp.trinx
             Locator Flags: 0xe00003fd
             ......................... trinx passed test FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS
    ip 地址是通过路由器的DHCP分配的。

    已经加入域的客户端可以是PING域名的,未加入域的就PING不通,DC和客户端的IP都在同一个网段192.168.1.0/24。

    dns错误日志:

    事件类型: 错误
    事件来源: DNS
    事件种类: 无
    事件 ID: 6702
    日期:  2010-9-20
    事件:  17:46:39
    用户:  N/A
    计算机: LEONISERP
    描述:
    DNS 服务器已经更新了它自己的主机 (A) 记录。为了保证它的 DS 集成的对等 DNS 服务器能与此服务器进行复制,尝试通过 动态更新用新记录更新它们。在此更新过程中发生了一个错误, 记录数据是错误代码。
     
    如果此 DNS 服务器没有任何 DS 集成的对等,此错误应该
    被忽略。
     
    如果此 DNS 服务器的 Active Directory 复制伙伴没有此 服务器的正确 IP 地址,它们将不能与它进行复制。
     
    要保证正确复制:
    1) 找到运行 DNS 服务器的此服务器的 Active Directory 复制伙伴。
    2) 打开 DnsManager,依次连接各个复制伙伴。
    3) 在每个服务器上,为此服务器检查主机 (A 记录) 的注册。
    4) 删除所有与此服务器的 IP 地址不相关的 A 记录。
    5) 如果没有此服务器的 A 记录,添加至少一个与此服务器 的地址相关的 A 记录,这样其他的复制伙伴就能够访问它。 (也就是说,如果此 DNS 服务器有多个 IP 地址,添加至少一个 与您要更新的 Active Directory DNS 服务器在同一个网络上的  IP 地址。)
    6) 注意,没有必要更新每一个复制伙伴。只需要有足够多的 复制伙伴的记录进行了更新,这样每一个与此服务器进行复制 的服务器都能够收到(通过复制)新的数据。

    有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。
    数据:
    0000: 7c 26 00 00               |&..   
    事件类型: 警告
    事件来源: DNS
    事件种类: 无
    事件 ID: 4521
    日期:  2010-9-20
    事件:  19:46:01
    用户:  N/A
    计算机: LEONISERP
    描述:
    DNS 服务器试图从 Active Directory 加载区域 . 时遇到 错误 9002。DNS 服务器将在下一个超时周期重新尝试加载此区域。 这可能是由 Active Directory 负载过高导致,并且 可能是暂时情况。

    有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

     

    加入的时候提示不能找到这个域“trinx”

    2010年9月20日 12:27

答案

  • 您好!

     

    根据您提供的信息,我们建议建议您做以下测试:

     

    1. 检查出现问题的客户端上RPC服务是否已经启动。点击控制面板-管理工具-服务-“Remote Procedure Call(RPC)”,确认服务状态启动

     

    2. 在出现问题的客户端上,点击开始运行并输入“CMD”→Ping域控制器的IP地址加-t参数,察看都否有丢包的现象。

     

    3. 在出现问题的客户端上,点击开始运行并输入“CMD”→Ping域控制器的FQDN名称,测试是否正常。

     

    4. 运行ipconfig /all 检查TCP/IP协议的配置是否正确,请把主DNS服务器指向PDC

     

    5. 在远程客户端上使用NSLOOKUP工具验证 DCSRV 记录在客户端是否可以解析,具体的操作步骤如下:
    a. 打开框中,键入 cmd
    b. 键入 nslookup,然后按 Enter
    c. 键入 set type=all,然后按 Enter
    d. 键入 _ldap._tcp.dc._msdcs.Domain_Name,其中 Domain_Name 为域名,然后按 Enter

    Nslookup 将返回显示为以下格式的一个或多个 SRV 服务位置记录,其中,Server_Name 为域控制器的主机名,Domain_Name 为域控制器所属的域,Server_IP_Address 为域控制器的 Internet 协议 (IP) 地址。

    如何验证是否为域控制器创建了 SRV DNS 记录
    http://support.microsoft.com/kb/816587/zh-cn

     

    6. 请暂时关闭客户端上的防火墙和杀毒软件。


    希望我的回答对您有所帮助,如果有什么不清楚的地方,请您回帖。

     

    Tom Zhang 张一平
    Tom Zhang – MSFT
    2010年9月28日 9:01
    版主