Forum
iyi çalışmalar ;
domain controllerde aşadaki gibi bir dizi hata alıyorum yardımcı olabilirmisiniz.
The application-specific permission
settings do not grant Local Launch permission for the COM Server application
with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
to
the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using
LRPC). This security permission can be modified using the Component Services
administrative tool.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
During the past 4.25 hours there have been 1132
connections to this Domain Controller from client machines whose IP addresses
don't map to any of the existing sites in the enterprise. Those clients,
therefore, have undefined sites and may connect to any Domain Controller
including those that are in far distant locations from the clients. A client's
site is determined by the mapping of its subnet to one of the existing sites.
To move the above clients to one of the sites, please consider creating subnet
object(s) covering the above IP addresses with mapping to one of the existing
sites. The names and IP addresses of the clients in question have been
logged on this computer in the following log file
'%SystemRoot%\debug\netlogon.log' and, potentially, in the log file
'%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The
log(s) may contain additional unrelated debugging information. To filter out
the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name and the
second word is the client IP address. The maximum size of the log(s) is
controlled by the following registry DWORD value
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
the default is 20000000 bytes. The current maximum size is 20000000
bytes. To set a different maximum size, create the above registry value
and set the desired maximum size in bytes.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
The session setup from computer 'CILHAN' failed because the
security database does not contain a trust account 'CILHAN$' referenced by the
specified computer.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
USER ACTION
If this is the first occurrence of this event for the specified
computer and account, this may be a transient issue that doesn't require any
action at this time. If this is a Read-Only Domain Controller and
'CILHAN$' is a legitimate machine account for the computer 'CILHAN' then
'CILHAN' should be marked cacheable for this location if appropriate or
otherwise ensure connectivity to a domain controller capable of servicing
the request (for example a writable domain controller). Otherwise, the
following steps may be taken to resolve this problem:
If 'CILHAN$' is a legitimate machine account for the
computer 'CILHAN', then 'CILHAN' should be rejoined to the domain.
If 'CILHAN$' is a legitimate interdomain trust account, then
the trust should be recreated.
Otherwise, assuming that 'CILHAN$' is not a legitimate
account, the following action should be taken on 'CILHAN':
If 'CILHAN' is a Domain Controller, then the trust
associated with 'CILHAN$' should be deleted.
If 'CILHAN' is not a Domain Controller, it should be
disjoined from the domain.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
The Key Distribution Center (KDC) cannot find a suitable
certificate to use for smart card logons, or the KDC certificate could not be
verified. Smart card logon may not function correctly if this problem is not
resolved. To correct this problem, either verify the existing KDC certificate
using certutil.exe or enroll for a new KDC certificate.
Biraz bilgi verebilir misiniz? Kaç adet DC var, ortamda silinen DC var mı? Ayrıca Event ID'yi göremedim logda. En basit işlem olarak bilgisayarı DC'den çıkarıp-tekrar dahil ettiniz mi?
16 tane domain controller var sistemde dağınık bir yapı site site ayrılmış durumda 2003 ad den 2008 e yükselltim eski dc sistemde hala ama ad rolünü kaldırdım