Здравствуйте уважаемые!

История:
было Active Directory.. Три контроллера, один как главный и как днс(именуется server-25.domain.local ), другие два вроде как дублирующие, server-11.domain.local и server-12.domain.local

server-25 было решено снести.

добавляется в качества четвертого контроллера server-125.domain.local

примерные действия: устанавливается роль DNS на server-11, сносится/выключается server-25, какой-то из оставшихся должен был подхватить роль главного(pdc)..

подхватил или нет - хз..

что имеем:

server-11 как DNS и контроллер
server-12 и server-125 как контроллеры
server-25 - похерен(ни бэкапов ни AD на нем, роли просто удалили)

появляются ошибки:
домен не найден, не возможно: войти в групповые политики,
отсутствует GC, отсутствует PDC,
имена не резольвятся по IP адресам
при попытке входа с помощью удаленного рабочего стола на эти сервера пишет об отсутсвии домена или его недосупности

хотел удалить роль AD c сервера server-125 - не получилось(домен не существует)

dcdiag на этом сервере:
авторDomain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\server-125
Starting test: Connectivity
The host a78b2d13-567b-46fa-ad31-eec3c077a0f5._msdcs.domain.local could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(a78b2d13-567b-46fa-ad31-eec3c077a0f5._msdcs.domain.local) couldn't be

resolved, the server name (server-125.domain.local) resolved to the IP

address (192.168.150.125) and was pingable. Check that the IP address

is registered correctly with the DNS server.
......................... server-125 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server-125
Skipping all tests, because server server-125 is
not responding to directory service requests

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abk
Starting test: CrossRefValidation
......................... abk passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abk passed test CheckSDRefDom

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... domain.local failed test FsmoCheck

автор



то есть не резольвится..

можете объяснить, как исправить ситуацию с ДНСом ?
и как подходить к проблеме с GC и PDC?

на счет PDC: я через ntdutils устанавливал роль pdc серверу server-11 (который и днс) но это помогло только частично(dcdiag все равно продолжал ругаться) и до перезагрузки.. точно знаю, что GC находится на server-11, проверял командой telnet server-11 3268 .. подключался к нему через ldp, смотрел..

в active directory я не силен, но не очень понятно, что и где должно быть...

to Цветков:
нужно обойтись без спецов =)

to all

dns вроде настроил nslookup проходит,

однако,

делают на сервере server-11 захват ролей
всех пяти поочереди, при этом подключаясь к этому же серверу

ntdsutil:
roles
connections
connect to server server-11
q
seize domain naming
seize ..
seize pdc
seize rid
seize ..
q
q

перезагружаю все три - фигвам..

GC и PDC не находятся ...

в той же ntdsutil
connect to domain не происходит(потому что такой домен не может определить)

The Dim!,

серверная не такая большая =))

to all :

что имеется:
server-11 имеет все 5 ролей
server-12 не понимает , что server-11 имеет эти пять ролей
server-125 понимает , что server-11 имеет эти пять ролей

проверял что понимают при помощи dsquery server -hasfsmo pdc | name | rid ..

думаю, может server-12 как-то исключить.. репликация все равно не работает =))

Anatoly Podgoretskyавторserver-11 имеет все 5 ролей
авторперезагружаю все три - фигвам
Противорей нет?

понимаю, что противоречия есть, потому и пишу..

подробнее про имеющиеся роли сервера server-11:


авторC:\Documents and Settings\Администратор.ABK>dsquery server -hasfsmo name
"CN=SERVER-11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=abk,DC=local"

C:\Documents and Settings\Администратор.ABK>dsquery server -hasfsmo rid
"CN=SERVER-11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=abk,DC=local"

C:\Documents and Settings\Администратор.ABK>dsquery server -hasfsmo pdc
"CN=SERVER-11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=abk,DC=local"

C:\Documents and Settings\Администратор.ABK>dsquery server -hasfsmo schema
"CN=SERVER-11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=abk,DC=local"

C:\Documents and Settings\Администратор.ABK>dsquery server -hasfsmo infr
"CN=SERVER-11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=abk,DC=local"

to Sergey Orlov
на счет ролей инфраструктуры и др:
когда писал пост, просто не помнил как называются две другие роли, потому указал ...
при захвате ошибок не было..

24 часа.. вот этого не пойму :)

dcdiag на server-11

авторDomain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER-11
Starting test: Connectivity
......................... SERVER-11 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER-11
Starting test: Replications
......................... SERVER-11 passed test Replications
Starting test: NCSecDesc
......................... SERVER-11 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SERVER-11\netlogon)
[SERVER-11] An net use or LsaPolicy operation failed with error 1203, ЌЁ ®¤­  Ё§ б«г¦Ў ¤®бвгЇ  Є бҐвЁ ­Ґ ᬮЈ«  ®Ўа Ў®в вм § ¤ ­­л© бҐвҐў®© Їгвм..
......................... SERVER-11 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER-11) call failed, error 1355
The Locator could not find the server.
......................... SERVER-11 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER-11 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER-11 passed test RidManager
Starting test: MachineAccount
......................... SERVER-11 passed test MachineAccount
Starting test: Services
......................... SERVER-11 passed test Services
Starting test: ObjectsReplicated
......................... SERVER-11 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER-11 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... SERVER-11 failed test frsevent
Starting test: kccevent
......................... SERVER-11 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 12/12/2011 12:42:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/12/2011 12:42:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/12/2011 12:43:11
(Event String could not be retrieved)
......................... SERVER-11 failed test systemlog
Starting test: VerifyReferences
......................... SERVER-11 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abk
Starting test: CrossRefValidation
......................... abk passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abk passed test CheckSDRefDom

Running enterprise tests on : abk.local
Starting test: Intersite
......................... abk.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... abk.local failed test FsmoCheck

Biz©глобальный каталог поднимали ?
зы: оснастка сайтов и сервисов

нет.. а скажите как?! .. я знаю что он как раз на server-11 лежит...

feomatr,

точнее,
server-11 галка глобальный каталог стоит
server-12 галок нет
server-125 галок нет

то есть, там был гк еще до всех потрясений..
новых не создавал.. мало ли что..

Sergey Orlov,

DCDIAG
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER-11
Starting test: Connectivity
......................... SERVER-11 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER-11
Starting test: Replications
......................... SERVER-11 passed test Replications
Starting test: NCSecDesc
......................... SERVER-11 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SERVER-11\netlogon)
[SERVER-11] An net use or LsaPolicy operation failed with error 1203, "Ни одна из служб доступа к сети не смогла обработать заданный сетевой путь...."
......................... SERVER-11 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER-11) call failed, error 1355
The Locator could not find the server.
......................... SERVER-11 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER-11 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER-11 passed test RidManager
Starting test: MachineAccount
......................... SERVER-11 passed test MachineAccount
Starting test: Services
......................... SERVER-11 passed test Services
Starting test: ObjectsReplicated
......................... SERVER-11 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER-11 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... SERVER-11 failed test frsevent
Starting test: kccevent
......................... SERVER-11 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 12/12/2011 13:25:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/12/2011 13:25:12
(Event String could not be retrieved)
......................... SERVER-11 failed test systemlog
Starting test: VerifyReferences
......................... SERVER-11 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abk
Starting test: CrossRefValidation
......................... abk passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abk passed test CheckSDRefDom

Running enterprise tests on : abk.local
Starting test: Intersite
......................... abk.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... abk.local failed test FsmoCheck

NETDIAG ( hotfix убрал)..................................

Computer Name: SERVER-11
DNS Host Name: server-11.abk.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 23 Stepping 10, GenuineIntel
etcard queries test . . . . . . . : Passed
GetStats failed for 'Прямой параллельный порт'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Минипорт WAN (PPTP)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (PPPoE)' may not be working because it has not received any packets.
[WARNING] The net card 'Минипорт WAN (IP)' may not be working because it has not received any packets.
GetStats failed for 'Минипорт WAN (L2TP)'. [ERROR_NOT_SUPPORTED]



Per interface results:

Adapter : lan1

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server-11
IP Address . . . . . . . . : 192.168.150.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.150.1
Dns Servers. . . . . . . . : 192.168.150.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{665DE38A-3F9C-42C1-A09F-98A7CFCE6223}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.150.11' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{665DE38A-3F9C-42C1-A09F-98A7CFCE6223}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{665DE38A-3F9C-42C1-A09F-98A7CFCE6223}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'ABK'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
'ABK': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
'ABK': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: Указанный домен не существует или к нему невозможно подключиться.


[WARNING] Cannot find DC in domain 'ABK'. [ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

как с подобным разобраться?! желательно поподробней
автор Testing server: Default-First-Site-Name\server-125
Starting test: Connectivity
The host a78b2d13-567b-46fa-ad31-eec3c077a0f5._msdcs.abk.local could no
t be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a78b2d13-567b-46fa-ad31-eec3c077a0f5._msdcs.abk.local) couldn't be
resolved, the server name (server-125.abk.local) resolved to the IP
address (192.168.150.125) and was pingable. Check that the IP address
is registered correctly with the DNS server.
.........................server-125 failed test Connectivity

to Цветков:

русским по белому выполнял захват ролей,
вот с днс не понимаю..

цель - чтобы dcdiag не выдавал было ошибок, остальное - следствия