Forum
Bildirimler
Hepsini Temizle
Windows Server
22
Yazılar
3
Üyeler
0
Reactions
4,060
Görüntüleme
Konu başlatıcı
Merhabalar.Var olan AD min ADC sini aldım. ilkte DNS'de Reverse Zone'u migrate yapmamıştı,forward zone da herşey norman fakat Reverse Zone da "Create Reverse Zone " yazıyordu AD de olmasına rağmen ilk makinemde. Sonra Pc mi ismini değiştirdim ADC yaptım aşağıdaki resimdeki gibi DNS iyice patladı bunun için bana yardımcı olursanız sevinirim ayrıca ilk cümlemde açıkladığım şey neden olmuş olabilir??
Gönderildi : 17/12/2012 20:44
bu zone u oluştururken replikasyon seçeneğini to all dns veya to all dcs şeklinde tanım yapmamış veya reverse zone için zone migration tanımını yapmamış iseniz reverse zone replike olmamış olabilir.
ikinci sorunuz için de dns servislerinin çalışıyor olduğundan emin olun. ipnizin sabit olduğundan ve çalışan dc üzerindeki dns sunucudaki ipnin doğru olduğundan emin olun.
Gönderildi : 17/12/2012 22:43
Konu başlatıcı
Hocam dediğiniz gibi ip yi sabit yaptım ama yine de bir şey değişmedi.Söylediğiniz gibi dc üzerindeki dns'in ip sine baktım o da aynı değişen bir şey yok.Pc nin ismini değiştirince ADC üzerindeki DNS server yeni ismi algılayamadı herhalde çünkü ben o pc'nin ismini "ADC" yapmama rağmen dns'te hala eski ismi gözüküyor.Hocam ADC üzerindeki DNS'in bütün herşeyini silip AD'den sadece DNS si replike yapma yolu var mı?? Yoksa AD ve DNS birlikte mi replike ediliyor ADC ye???
Gönderildi : 18/12/2012 13:50
Konu başlatıcı
Hocam ADC deki DNS'i remove edip tekrar yükledim. Server Manager'da ilk resimdeki gibi gözüküyor pc ismi fakat Admnistrative Tools>DNS dediğim zaman aşağıdaki fotoda göreceksiniz isim ADC olarak gözüküyor yani PC ismiyle aynı ben anlayamadım bu olayı hangisi doğru Server Managerdaki mi yoksa Admnistrative Tools>DNS deki mi??
Gönderildi : 18/12/2012 14:15
şimdi birkaç sorum ve anlamadığım yer var:
*adc olarak atadığınız aletin ipsi sabit değildi onumu sabitlediniz?
*bu snapshot verdiğiniz dns server hangi sunucu üzerinde bulunmakta?
*server manager üzerindeki dns server görünümünü refresh ettiniz mi?
*adc olmayan asıl dc üzerindeki dnsde mi ip veya isim olması gerektiği gibi görünmüyor?
*dns içinde mcdcs içerisindeki kayıtlarınızın hepsi olması gerektiği gibi mi?
*ipconfig/registerdns komutunu adc üzerinde yapmayı denediniz mi?
*dns üzerindeki domain zoneunuza sağ tıklayıp özelliklerini açıp zone repllication tabında her iki sunucuda bulunmakta mı? (bu işlemi her iki sunucuda da yapın)
*dns sunucular üzerinde sağ tıklayıp clear cache deyip update server data files işlemini yaptınız mı?
Gönderildi : 19/12/2012 02:01
Konu başlatıcı
Hocam sorularınıza sırayla cevap veriyorum.
1) Evet hocam ilkte ADC makinem ip'yi DHCP den alıyordu siz "sabit mi " diye sorunca ben sabitledim ip yi.
2)Verdiğim snapshot ADC makineme ait fotolardır.
3) Hocam Server Manager üzerinde hepsini refresh ettim ama hala aynı. ( Foto aşağıda)
4) Hocam asıl dc üzerindeki makinede herşey normal.Onda bir sorun yok.
5) "dns içinde mcdcs içerisindeki kayıtlarınızın hepsi olması gerektiği gibi mi?" bu sorunuza nasıl cvp verecem hocam bilmiyorum nerden bakacaz mcdcs'ye ??
6) Hocam dediğiniz komutu yazdım aşağıdaki fotoda görebilirsiniz.
7)Hocam bu maddede dediğiniz şeyi bulamadım.Aşağıya foto koydum oradan bana hangi yere bakacağımı gösterir misiniz?
8) Clear cache dedim ve server data files işlemini yaptım birşey değişmedi.Bunlar ne işe yarıyor açıklayabilir misiniz hocam? Emeğiniz için çok teşekkür ederim...
Gönderildi : 19/12/2012 18:36
Adc direk domaine mi aldiniz yoksa dcpromo komutu kullanarak additional dc olarak mi kurdunuz? Buna cevap verirseniz sirasiyla yardimci olabiliriz.
Gönderildi : 20/12/2012 03:25
Konu başlatıcı
Abdullah hocam direk dcpromo komutuyla kurdum.Videolara baktım kurmadan önce öyle yapılıyordu.
Gönderildi : 20/12/2012 13:12
command da repdamin /syncall ve dcdiag ciktisini aktarma sansinis varmidir?
Gönderildi : 20/12/2012 16:07
repadmin /syncall ve dcdiag ciktisini verme sansiniz varmidir? Sorunun nereden kaynaklandigini bulabiliriz. Birde tarih ve saat farkina dikkat edermisniz?
Gönderildi : 20/12/2012 16:09
Konu başlatıcı
Hocam bu repadmin /syncall çıktısı
C:\Users\atil.kazan.TEST>repadmin /syncall
CALLBACK MESSAGE: The following replication is in progress:
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
CALLBACK MESSAGE: Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
Bu da dcdiag çıktısı
Error issuing replication: 8453 (0x2105):
Replication access was denied.
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
C:\Users\atil.kazan.TEST>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ADC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ADC
Starting test: Connectivity
......................... ADC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ADC
Starting test: Advertising
......................... ADC passed test Advertising
Starting test: FrsEvent
......................... ADC passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADC failed test DFSREvent
Starting test: SysVolCheck
......................... ADC passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 12/20/2012 13:36:37
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
A warning event occurred. EventID: 0x80000828
Time Generated: 12/20/2012 13:36:42
Event String:
Active Directory Domain Services could not use DNS to resolve the IP
address of the source domain controller listed below. To maintain the consisten
cy of Security groups, group policy, users and computers and their passwords, Ac
tive Directory Domain Services successfully replicated using the NetBIOS or full
y qualified computer name of the source domain controller.
A warning event occurred. EventID: 0x8000082C
Time Generated: 12/20/2012 13:37:37
Event String:
A warning event occurred. EventID: 0x8000051C
Time Generated: 12/20/2012 13:41:37
Event String:
The Knowledge Consistency Checker (KCC) has detected that successive
attempts to replicate with the following directory service has consistently fai
led.
......................... ADC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADC passed test MachineAccount
Starting test: NCSecDesc
......................... ADC passed test NCSecDesc
Starting test: NetLogons
[ADC] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... ADC failed test NetLogons
Starting test: ObjectsReplicated
......................... ADC passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ADC] A recent replication attempt failed:
From BILGISAYAR1 to ADC
Naming Context: CN=Schema,CN=Configuration,DC=test,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-12-20 13:40:44.
The last success occurred at 2012-12-19 15:52:30.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,ADC] A recent replication attempt failed:
From BILGISAYAR1 to ADC
Naming Context: CN=Configuration,DC=test,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-12-20 13:39:32.
The last success occurred at 2012-12-19 15:52:30.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... ADC failed test Replications
Starting test: RidManager
......................... ADC passed test RidManager
Starting test: Services
Could not open NTDS Service on ADC, error 0x5 "Access is denied."
......................... ADC failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 12/20/2012 13:36:33
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:37:01
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 13:37:01
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sit
es.dc._msdcs.test.local timed out after none of the configured DNS servers respo
nded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:37:28
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 13:37:31
Event String:
Name resolution for the name _ldap._tcp.test.local timed out after n
one of the configured DNS servers responded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:37:55
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x0000000C
Time Generated: 12/20/2012 13:37:54
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:38:22
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:38:49
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:39:16
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:39:43
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000727AA
Time Generated: 12/20/2012 13:40:07
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ADC.tes
t.local; WSMAN/ADC.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:40:11
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:40:38
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:41:05
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 13:41:32
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x00001695
Time Generated: 12/20/2012 13:42:45
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'test.local.' failed. These records are used by other comput
ers to locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an app
lication partition).
An error event occurred. EventID: 0x0000168E
Time Generated: 12/20/2012 13:43:05
Event String:
The dynamic registration of the DNS record '_ldap._tcp.gc._msdcs.tes
t.local. 600 IN SRV 0 100 3268 ADC.test.local.' failed on the following DNS serv
er:
A warning event occurred. EventID: 0x00001695
Time Generated: 12/20/2012 13:43:05
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'test.local.' failed. These records are used by other comput
ers to locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an app
lication partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 12/20/2012 13:43:05
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'DomainDnsZones.test.local.' failed. These records are used
by other computers to locate this server as a domain controller (if the specifie
d domain is an Active Directory domain) or as an LDAP server (if the specified d
omain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 12/20/2012 13:43:05
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'ForestDnsZones.test.local.' failed. These records are used
by other computers to locate this server as a domain controller (if the specifie
d domain is an Active Directory domain) or as an LDAP server (if the specified d
omain is an application partition).
An error event occurred. EventID: 0x00000422
Time Generated: 12/20/2012 13:43:10
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\test.local\sysvol\test.local\Policies\{31B2F340-016D-11D2-945F-00C04FB98
4F9}\gpt.ini from a domain controller and was not successful. Group Policy setti
ngs may not be applied until this event is resolved. This issue may be transient
and could be caused by one or more of the following:
......................... ADC failed test SystemLog
Starting test: VerifyReferences
......................... ADC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : test
Starting test: CheckSDRefDom
......................... test passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... test passed test CrossRefValidation
Running enterprise tests on : test.local
Starting test: LocatorCheck
......................... test.local passed test LocatorCheck
Starting test: Intersite
......................... test.local passed test Intersite
C:\Users\atil.kazan.TEST>
Gönderildi : 20/12/2012 17:36
Kurulum esnasinda domaine eklediginiz an kullandiginiz ip yi vererek deneyin. Bu bir secenek sadece.
Kurulum sirasinda sanki ters giden birseyler var gibi. Additional dc olarak eklemisseniz dc tarafindan replikasyona izin vermesi gerekiyor. Dc tarafindan istekler rededdiliyor. Adc oturumunu domain\administrator olarak acin. Ve yenide repadmin /syncall parametersini kullanin. Eger sorun devam ederse server firewall kapatin yada kullandiginiz antivirusu devre disi birakin. Tekrar deneyin.
Ana dc tarafinda repadmin /queue komutunu kullanin kuyrukta bekleyen bir istegin olup olmadigini kontrol edin.
Adc tarafinda netdom query fsmo komutunu kullanin ve dc adinin varligindan emin olun.
Adc tarafinda net time komutunu kullanin zamani nerden cektigine bakin
Ana dc tarafindan dcdiag /a komutunu kullanin sync olarak daha detayli bilgi verecektir.
Dc ve adc dakika bakimindan 5 dakikayi gecmemesi gerekmektedir. Aksi takdirde dc istekleri reddeder.
Eger sorun cozulmez ise hem dc hemde adc tarafindan bi image alin ve dcpromo /forceremoval kullanarak domainden dusurun yeniden alin. additional dc olarak ekleyin.
Gönderildi : 20/12/2012 18:43
Ve isim degisikli pek onerilmez cunku cozumleme sirasinda sikinti yasanir. Domaine alinan additional dc isim degisikligi yuzunden replikasyona izin vermez. Bunu additional dc olarak eklediginizde msdcs tarafindan server adina gore bir kayit olusturulur. Bu kayit sadece o isme gore calisir ve dogrulugunu arar. Bunu bulamaz ise replikasyon izin verilmez.
Gecmis olsun. Cozum sonucunu buraya yazarsaniz baskalarida yararlanmis olur. İyi calismalar.
Gönderildi : 20/12/2012 18:53
Konu başlatıcı
Hocam dediğiniz gibi yaptım Admin hesabımda açtım düzeldi.Yaptığım komutları aşağıda gösteriyorum.Tek sorun ana bilgisayarda dcdiag /a komutunda benziyor gibi bir de siz bakarsanız iyi olur.Ayrıca hocam ADC de Reverse lookup Zones replike olmamış galiba " Add a new zone" diyor bunu nasıl replike edebilirim??
C:\Users\administrator>repadmin /syncall"
CALLBACK MESSAGE: The following replication is in progress:
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
CALLBACK MESSAGE: The following replication completed successfully:
From: f730f045-1d81-4221-a151-b212382387e3._msdcs.test.local
To : a2c88bb9-5057-4f47-b17f-869926c3b5d5._msdcs.test.local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
***********************************************************************************************************************************************************
C:\Users\Administrator.BILGISAYAR1.000>repadmin /queue
Repadmin: running command /queue against full DC localhost
Queue contains 0 items.
C:\Users\Administrator.BILGISAYAR1.000>
****************************************************************************************************************
C:\Users\administrator> netdom query fsmo
Schema master ADC.test.local
Domain naming master ADC.test.local
PDC ADC.test.local
RID pool manager ADC.test.local
Infrastructure master ADC.test.local
The command completed successfully.
C:\Users\administrator>
*****************************
C:\Users\administrator>net time
Current time at \\ADC is 12/20/2012 4:21:13 PM
The command completed successfully.
C:\Users\administrator>
*******************************************************************
Ana bilgisayarda dcdiag/a komutu çıktısı
Trying to find home server...
Home Server = bilgisayar1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BILGISAYAR1
Starting test: Connectivity
......................... BILGISAYAR1 passed test Connectivity
Testing server: Default-First-Site-Name\ADC
Starting test: Connectivity
......................... ADC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BILGISAYAR1
Starting test: Advertising
......................... BILGISAYAR1 passed test Advertising
Starting test: FrsEvent
......................... BILGISAYAR1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BILGISAYAR1 failed test DFSREvent
Starting test: SysVolCheck
......................... BILGISAYAR1 passed test SysVolCheck
Starting test: KccEvent
......................... BILGISAYAR1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BILGISAYAR1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BILGISAYAR1 passed test MachineAccount
Starting test: NCSecDesc
......................... BILGISAYAR1 passed test NCSecDesc
Starting test: NetLogons
......................... BILGISAYAR1 passed test NetLogons
Starting test: ObjectsReplicated
......................... BILGISAYAR1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,BILGISAYAR1] A recent replication attempt failed:
From ADC to BILGISAYAR1
Naming Context: CN=Schema,CN=Configuration,DC=test,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2012-12-20 15:46:46.
The last success occurred at 2012-12-20 14:45:42.
1 failures have occurred since the last success.
The source ADC is responding now.
[Replications Check,BILGISAYAR1] A recent replication attempt failed:
From ADC to BILGISAYAR1
Naming Context: CN=Configuration,DC=test,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2012-12-20 15:46:25.
The last success occurred at 2012-12-20 14:46:59.
1 failures have occurred since the last success.
The source ADC is responding now.
......................... BILGISAYAR1 failed test Replications
Starting test: RidManager
......................... BILGISAYAR1 passed test RidManager
Starting test: Services
......................... BILGISAYAR1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 15:28:36
Event String:
Name resolution for the name www.microsoft.com timed out after none
of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003EE
Time Generated: 12/20/2012 15:28:36
Event String:
The client was unable to validate the following as active DNS server
(s) that can service this client. The server(s) may be temporarily unavailable,
or may be incorrectly configured. ::1
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 15:28:36
Event String:
Name resolution for the name www.microsoft.com timed out after none
of the configured DNS servers responded.
An error event occurred. EventID: 0x40000004
Time Generated: 12/20/2012 15:56:58
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver adc$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/a2c88bb
9-5057-4f47-b17f-869926c3b5d5/[email protected]. This indicates that the tar
get server failed to decrypt the ticket provided by the client. This can occur w
hen the target server principal name (SPN) is registered on an account other tha
n the account the target service is using. Please ensure that the target SPN is
registered on, and only registered on, the account used by the server. This erro
r can also happen when the target service is using a different password for the
target service account than what the Kerberos Key Distribution Center (KDC) has
for the target service account. Please ensure that the service on the server and
the KDC are both updated to use the current password. If the server name is not
fully qualified, and the target domain (TEST.LOCAL) is different from the clien
t domain (TEST.LOCAL), check if there are identically named server accounts in t
hese two domains, or use the fully-qualified name to identify the server.
......................... BILGISAYAR1 failed test SystemLog
Starting test: VerifyReferences
......................... BILGISAYAR1 passed test VerifyReferences
Testing server: Default-First-Site-Name\ADC
Starting test: Advertising
......................... ADC passed test Advertising
Starting test: FrsEvent
......................... ADC passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADC failed test DFSREvent
Starting test: SysVolCheck
......................... ADC passed test SysVolCheck
Starting test: KccEvent
......................... ADC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADC passed test MachineAccount
Starting test: NCSecDesc
......................... ADC passed test NCSecDesc
Starting test: NetLogons
......................... ADC passed test NetLogons
Starting test: ObjectsReplicated
......................... ADC passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ADC] A recent replication attempt failed:
From BILGISAYAR1 to ADC
Naming Context: CN=Schema,CN=Configuration,DC=test,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-12-20 15:55:57.
The last success occurred at 2012-12-20 14:46:44.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... ADC failed test Replications
Starting test: RidManager
......................... ADC passed test RidManager
Starting test: Services
......................... ADC passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 12/20/2012 15:51:48
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:52:17
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 15:52:17
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sit
es.dc._msdcs.test.local timed out after none of the configured DNS servers respo
nded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:52:44
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/20/2012 15:52:46
Event String:
Name resolution for the name _ldap._tcp.test.local timed out after n
one of the configured DNS servers responded.
A warning event occurred. EventID: 0x0000000C
Time Generated: 12/20/2012 15:53:10
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:53:11
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:53:38
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:54:05
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:54:32
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:54:59
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x000727AA
Time Generated: 12/20/2012 15:55:22
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ADC.tes
t.local; WSMAN/ADC.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:55:26
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:55:53
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:56:20
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 12/20/2012 15:56:47
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
A warning event occurred. EventID: 0x00001695
Time Generated: 12/20/2012 15:58:00
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'test.local.' failed. These records are used by other comput
ers to locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an app
lication partition).
......................... ADC failed test SystemLog
Starting test: VerifyReferences
......................... ADC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : test
Starting test: CheckSDRefDom
......................... test passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... test passed test CrossRefValidation
Running enterprise tests on : test.local
Starting test: LocatorCheck
......................... test.local passed test LocatorCheck
Starting test: Intersite
......................... test.local passed test Intersite
Gönderildi : 20/12/2012 19:49
Sorun duzelmis. Gecmis olsun. dcdiag /a komutu son 24 saat icerisin olan olaylarin hepsini incelemnizi saglar. Son degisiklikten sonra bir sikinti yok.
Fakat ortada daha buyuk bir sikinti var.
1. Bilgisayar1
2. ADC
Bunlarin hangisi main server hangisi sonradan eklemis oldugun server? Su anda ADC ana server olarak gozukmekte. Bilgisayar1 ise addtional. Tum gorevi tasidinizmi yoksa yanlismi yaptiniz onun bilgisini vereyim dedim.
Gönderildi : 21/12/2012 00:13
Konu başlatıcı
Evet hocam ilkte Bilgisayar1 i kurdum sonra ADC yi kurdum ve tüm rolleri ADC ye taşıdım.Şu anda main server ADC.Peki hocam replike edilememiş "reverse lookup zone" hakkında ne düşünüyorsunuz? Ne yapabilirim?
Gönderildi : 21/12/2012 01:39
Reserve edilecek serveri goremedim
Gönderildi : 21/12/2012 03:14
Tum roller bilgisayar1 deyken reserve dns hangi servera rol atanmisti? Baska bir server dahami var? Replikasyonda goremedim. Eger reserve edilecek bir server yoksa yeni bastan rezerve ayarlari yapilmalidir. Yalniz size tavsiyem tum gorevleri tasidikdan sonra ortalama 7 gun acik kalacak sekilde dc ve adc acik kalip replikenin bitmesini beklemelisin. Her sey yolundaysa dc yi kaldirmalisin.
Gönderildi : 21/12/2012 03:17
Konu başlatıcı
Yok hocam başka server yok.Bütün DNS rolleri Bilgisayar1 deydi.Ben sadece ADC yi kurup rolleri ona taşıdım.Madem ADC ye "Reverse Lookup Zone" taşınmadıysa orayı kendim mi configuration yapayım? Hocam "replikasyon" ile "taşıma" arasındaki fark var mıdır? Hocam siz DC yi kaldırmamı söylemişsiniz ben Bilgisayar1 ile ADC yi cluster olarak çalıştırmak istiyorum ne yapmam gerek peki?
Gönderildi : 21/12/2012 12:39
Sayfa 1 / 2
Sonraki
