Недоступен домен: DcGetName(PDC_REQUIRED) call failed
Имеется сервер Windows 2003, который является основным КД в домене, а также на нем крутятся роли File Server, Print Server, Application Server и, конечно же, DNS.
После перезагрузки сервера на нем чего-то навернулось, и теперь пользователи работают только благодаря закешированным данным, а при попытке залогиниться на шары всплывает запрос имени и пароля. При попытке залогиниться пользователем, ранее не пользовавшимся компьютером, выдает ошибку "попробуйте позднее, т.к. домен недоступен"
С самого сервера доступ к клиентским компьютерам не нарушен - из-под учетки доменного администратора пускает куда угодно.
Я знаю, что подобная проблема с этим сервером уже была не так давно, но как она решилась я так и не узнал. За тот промежуток, пока все функционировало, был поднят резервный контроллер на 2008 сервере.
Вот, что выдают диагностические утилиты:
Основной КД:
>> тест dcdiag /v
Код:
C:\Program Files\Support Tools>dcdiag /v
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine MAIN, is a DC.
* Connecting to directory service on server MAIN.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MAIN
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MAIN passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MAIN
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... MAIN passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MAIN.
* Security Permissions Check for
DC=ForestDnsZones,DC=ctl,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=ctl,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ctl,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=ctl,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=ctl,DC=local
(Domain,Version 2)
......................... MAIN passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MAIN\netlogon
Verified share \\MAIN\sysvol
......................... MAIN passed test NetLogons
Starting test: Advertising
The DC MAIN is advertising itself as a DC and having a DS.
The DC MAIN is advertising as an LDAP server
The DC MAIN is advertising as having a writeable directory
The DC MAIN is advertising as a Key Distribution Center
The DC MAIN is advertising as a time server
The DS MAIN is advertising as a GC.
......................... MAIN passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default
First-Site-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local
Role Domain Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default
First-Site-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local
Role PDC Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default-Fi
st-Site-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local
Role Rid Owner = CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default-Fi
st-Site-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MAIN,CN=Ser
ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local
......................... MAIN passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* MAIN.ctl.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1332
......................... MAIN passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MAIN on DC MAIN.
* SPN found :LDAP/MAIN.ctl.local/ctl.local
* SPN found :LDAP/MAIN.ctl.local
* SPN found :LDAP/MAIN
* SPN found :LDAP/MAIN.ctl.local/CTL
* SPN found :LDAP/346d3a63-971c-4caa-aa2d-b29a7b690a94._msdcs.ctl.loca
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/346d3a63-971c-4caa-a
2d-b29a7b690a94/ctl.local
* SPN found :HOST/MAIN.ctl.local/ctl.local
* SPN found :HOST/MAIN.ctl.local
* SPN found :HOST/MAIN
* SPN found :HOST/MAIN.ctl.local/CTL
* SPN found :GC/MAIN.ctl.local/ctl.local
......................... MAIN passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MAIN passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MAIN is in domain DC=ctl,DC=local
Checking for CN=MAIN,OU=Domain Controllers,DC=ctl,DC=local in doma
n DC=ctl,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default-First-
ite-Name,CN=Sites,CN=Configuration,DC=ctl,DC=local in domain CN=Configuration,D
=ctl,DC=local on 1 servers
Object is up-to-date on all servers.
......................... MAIN passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MAIN passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... MAIN passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minu
es.
......................... MAIN passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MAIN passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MAIN,OU=Domain Controllers,DC=ctl,DC=local and backlink on
CN=MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
tion,DC=ctl,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=MAIN,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=ctl,DC=local
and backlink on CN=MAIN,OU=Domain Controllers,DC=ctl,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=MAIN,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=ctl,DC=local
and backlink on
CN=NTDS Settings,CN=MAIN,CN=Servers,CN=Default-First-Site-Name,CN=
ites,CN=Configuration,DC=ctl,DC=local
are correct.
......................... MAIN passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ctl
Starting test: CrossRefValidation
......................... ctl passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ctl passed test CheckSDRefDom
Running enterprise tests on : ctl.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ctl.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\MAIN.ctl.local
Locator Flags: 0xe00003fd
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\MAIN.ctl.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\MAIN.ctl.local
Locator Flags: 0xe00003fd
KDC Name: \\MAIN.ctl.local
Locator Flags: 0xe00003fd
......................... ctl.local failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
>> тест dcdiag /test:DNS
Код:
C:\Program Files\Support Tools>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MAIN
Starting test: Connectivity
......................... MAIN passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MAIN
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ctl
Running enterprise tests on : ctl.local
Starting test: DNS
Test results for domain controllers:
DC: MAIN.ctl.local
Domain: ctl.local
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
ctl.local.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: ctl.local
MAIN PASS PASS PASS PASS WARN PASS n/a
......................... ctl.local passed test DNS
>> тест Netdiag
Код:
C:\Program Files\Support Tools>netdiag
....................................
Computer Name: MAIN
DNS Host Name: MAIN.ctl.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
List of installed hotfixes :
KB923561
KB924667-v2
KB925398_WMP64
KB925902
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938464
KB938464-v2
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948881
KB949014
KB950759
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953298
KB953838
KB953839
KB954155
KB954211
KB954550-v5
KB954600
KB955069
KB955759
KB955839
KB956390
KB956391
KB956572
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958215
KB958469
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960714
KB960715
KB960803
KB960859
KB961063
KB961118
KB961373
KB961501
KB963027
KB967715
KB967723
KB968389
KB968816
KB969059
KB969898
KB969947
KB970238
KB970483
KB971032
KB971486
KB971557
KB971633
KB971657
KB971737
KB971961
KB972270
KB973037
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973904
KB973917
KB974112
KB974318
KB974392
KB974571
KB975025
KB975467
KB976098-v2
KB978207
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MAIN
IP Address . . . . . . . . : 192.168.0.55
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.55
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{442DA064-5F01-4E6D-9E3F-6CD8A9D10423}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.55
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{442DA064-5F01-4E6D-9E3F-6CD8A9D10423}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{442DA064-5F01-4E6D-9E3F-6CD8A9D10423}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
>>тесты Netdom
Код:
C:\Program Files\Support Tools>netdom query fsmo
Schema owner MAIN.ctl.local
Domain role owner MAIN.ctl.local
PDC role MAIN.ctl.local
RID pool manager MAIN.ctl.local
Infrastructure owner MAIN.ctl.local
The command completed successfully.
C:\Program Files\Support Tools>netdom query pdc
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
На "резервном" контроллере с 2008 сервером похожая ситуация, но оттуда на шару главного контроллера пускает без дополнительных запросов.
В процессе ковыряния на резервном сервере ставился и позднее был снесен DNS, также на него "добровольно" передавались все роли, а затем были возвращены обратно
с клиентских машин nslookup выглядит следующим образом:
читать дальше »
Код:
>nslookup
Default Server: MAIN.ctl.local
Address: 192.168.0.55
> ctl.local
Server: MAIN.ctl.local
Address: 192.168.0.55
Name: ctl.local
Addresses: 192.168.0.55, 192.168.0.54
> MAIN.ctl.local
Server: MAIN.ctl.local
Address: 192.168.0.55
Name: MAIN.ctl.local
Address: 192.168.0.55
> MAIN
Server: MAIN.ctl.local
Address: 192.168.0.55
Name: MAIN.ctl.local
Address: 192.168.0.55
> ad2
Server: MAIN.ctl.local
Address: 192.168.0.55
Name: ad2.ctl.local
Address: 192.168.0.54
Идей больше нету, прошу помощи( |
