Forum

Active Directory Ro...
 
Bildirimler
Hepsini Temizle

Active Directory Role değişim sorunu.

4 Yazılar
2 Üyeler
0 Reactions
1,089 Görüntüleme
(@Cuneytkivanc)
Gönderiler: 3
Active Member
Konu başlatıcı
 

merhaba,

 

Server 2012 DTC dan 2012 r2 Standart Sunucusuna  Active Directory Master role taşıdım. "netdom query fsmo" kontrol ettiğim de tüm role yeni sunucuya taşındığını görüyorum.  Daha sonrasında Eski sunucudan DOmain servisi kaldırmadan önce Farklı bir hata olusup oluşmadıgını görmek için sunucuyu kapatıp bir test yapmak istedim. domaine ekli sunucular da "netdom query fsmo" sorgusu cektıgım de role listesini goremıyorum. dns ayarlarını yenı sunucuya gore yaptım.

Sorunun nedeni konusunda yardımcı olursanız çok sevinirim.

dcdiag çıktısı aşağıdaki gibidir.

C:\Users\administrator.xxx>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DTPDC01
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DTPDC01
Starting test: Connectivity
......................... DTPDC01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DTPDC01
Starting test: Advertising
Warning: DsGetDcName returned information for \\DBMIRROR.xxx.com,
when we were trying to reach DTPDC01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DTPDC01 failed test Advertising
Starting test: FrsEvent
......................... DTPDC01 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DTPDC01 failed test DFSREvent
Starting test: SysVolCheck
......................... DTPDC01 passed test SysVolCheck
Starting test: KccEvent
......................... DTPDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DTPDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DTPDC01 passed test MachineAccount
Starting test: NCSecDesc
......................... DTPDC01 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DTPDC01\netlogon)
[DTPDC01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... DTPDC01 failed test NetLogons
Starting test: ObjectsReplicated
......................... DTPDC01 passed test ObjectsReplicated
Starting test: Replications
......................... DTPDC01 passed test Replications
Starting test: RidManager
......................... DTPDC01 passed test RidManager
Starting test: Services
......................... DTPDC01 passed test Services
Starting test: SystemLog
......................... DTPDC01 passed test SystemLog
Starting test: VerifyReferences
......................... DTPDC01 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : xxx
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation

Running enterprise tests on : xxx.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... xxx.com failed test LocatorCheck
Starting test: Intersite
......................... xxx.com passed test Intersite

 
Gönderildi : 24/11/2016 22:04

Hakan Uzuner
(@hakanuzuner)
Gönderiler: 33322
Illustrious Member Yönetici
 

Merhaba

Yukarıdaki komutu ilk DC ayakta yani çalışıyorken mi çalıştırdınız? Eğer öyle ise hali hazırda zaten bir iletişim problemi vardır ve bu nedenle role taşıma başarılı bir şekilde gerçekleşmemiş olabilr, veya dns kayıtları eksik olabilir. Yeni sunucuda DNS SRV kayıtlarını kontol ettiniz mi?

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

 
Gönderildi : 25/11/2016 18:18

(@Cuneytkivanc)
Gönderiler: 3
Active Member
Konu başlatıcı
 

merhaba hakan hocam,

 

evet role tasıdıktan sonra yenı dc de çalıştırdım. dns SRV kayıtlarını kontrol ettim eski ve yeni sunucunun da kerberos ve ldap kayıtları gozukyor. her 2 sunucu için de priorty değeri sfır. (DTPDC01 yeni dc)

netlogon ve sysvol paylasımları gözükmüyor. hatalar bu dosyalar ulasamadıgından oluyor olabılırmı? ben bunları reg edıtden manuel aktif etsem bir sorun yaşarmıyım ve sorunun çözümüne etki edermi? bunların dışında sizin tavsiyeniz ne olur? 

0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:88:5C:42
IP Address is static
IP address: 172.16.18.13, fe80::8ce:1f68:65d5:865
DNS servers:
172.16.18.13 (DTPDC01) [Valid]
172.16.18.22 (dbmirror.xxx.com.) [Valid]
127.0.0.1 (DTPDC01) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found prim
ary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
213.194.110.17 (<name unavailable>) [Valid]
4.2.2.1 (<name unavailable>) [Valid]
4.2.2.2 (<name unavailable>) [Valid]
8.8.4.4 (<name unavailable>) [Valid]
8.8.8.8 (<name unavailable>) [Valid]
fec0:0:0:ffff::1 (<name unavailable>) [Invalid (unreachable
)]
fec0:0:0:ffff::2 (<name unavailable>) [Invalid (unreachable
)]
fec0:0:0:ffff::3 (<name unavailable>) [Invalid (unreachable
)]

TEST: Delegations (Del)
Delegation information for the zone: xxx.com.
Delegated domain name: _msdcs.xxx.com.
DNS server: dbmirror.xxx.com. IP:172.16.18.22 [Vali
d]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone dtpc
loud.com
Test record dcdiag-test-record deleted successfully in zone dt
pcloud.com

TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server 172.16.18.13:
045ec6a3-0fdb-449d-b801-f48519dce77f._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.13:
DTPDC01.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.d47c7885-8caa-4202-b7e7-54dab4d19087.domains._ms
dcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._udp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kpasswd._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dtp
cloud.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.gc._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.13:
gc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_gc._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.pdc._msdcs.xxx.com

Matching CNAME record found at DNS server 172.16.18.22:
045ec6a3-0fdb-449d-b801-f48519dce77f._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.22:
DTPDC01.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.d47c7885-8caa-4202-b7e7-54dab4d19087.domains._ms
dcs.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_kerberos._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_kerberos._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_kerberos._udp.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_kpasswd._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dtp
cloud.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.22:
_kerberos._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.gc._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.22:
gc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_gc._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.22:
_ldap._tcp.pdc._msdcs.xxx.com

Matching CNAME record found at DNS server 172.16.18.13:
045ec6a3-0fdb-449d-b801-f48519dce77f._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.13:
DTPDC01.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.d47c7885-8caa-4202-b7e7-54dab4d19087.domains._ms
dcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.dc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._udp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kpasswd._tcp.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dtp
cloud.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.13:
_kerberos._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.gc._msdcs.xxx.com

Matching A record found at DNS server 172.16.18.13:
gc._msdcs.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_gc._tcp.Default-First-Site-Name._sites.xxx.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.dtpclou
d.com

Matching SRV record found at DNS server 172.16.18.13:
_ldap._tcp.pdc._msdcs.xxx.com

TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: fec0:0:0:ffff::1 (<name unavailable>)
2 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::1
[Error details: 1460 (Type: Win32 - Description: This operation returne
d because the timeout period expired.)]

DNS server: fec0:0:0:ffff::2 (<name unavailable>)
2 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::2
[Error details: 1460 (Type: Win32 - Description: This operation returne
d because the timeout period expired.)]

DNS server: fec0:0:0:ffff::3 (<name unavailable>)
2 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server fec0:0:0:ffff::3
[Error details: 1460 (Type: Win32 - Description: This operation returne
d because the timeout period expired.)]

DNS server: 172.16.18.13 (DTPDC01)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

DNS server: 172.16.18.22 (dbmirror.xxx.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS delegation for the domain _msdcs.xxx.com. is operationa
l on IP 172.16.18.22

DNS server: 213.194.110.17 (<name unavailable>)
All tests passed on this DNS server

DNS server: 4.2.2.1 (<name unavailable>)
All tests passed on this DNS server

DNS server: 4.2.2.2 (<name unavailable>)
All tests passed on this DNS server

DNS server: 4.2.2.5 (<name unavailable>)
All tests passed on this DNS server

DNS server: 8.8.4.4 (<name unavailable>)
All tests passed on this DNS server

DNS server: 8.8.8.8 (<name unavailable>)
All tests passed on this DNS server

DNS server: 95.128.56.3 (<name unavailable>)
All tests passed on this DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: xxx.com
DBMIRROR PASS PASS PASS PASS PASS PASS PASS
DTPDC01 PASS PASS PASS PASS PASS PASS PASS

......................... xxx.com passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

C:\Users\administrator.xxx>

Teşekkürler.

 
Gönderildi : 29/11/2016 10:13

Hakan Uzuner
(@hakanuzuner)
Gönderiler: 33322
Illustrious Member Yönetici
 

Netlogon ve Sysvol önemli, malum ona erişemez ise logon sorunu yaşarsın, evet D4 D2 parametreleri vardı o şekilde çözebilirsin ama belli ki sorunlu geçecek bu geçiş.

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

 
Gönderildi : 01/12/2016 17:16

Paylaş: