dcgiag c MNSUZDC1:
читать дальше »
Код:
C:\Users\Administrator.SPEL>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MNSUZDC1
* Identified AD Forest.
[DC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Got error while checking if the DC is using FRS or DFSR. Error:
A directory service error has occurred.The VerifyReferences, FrsEvent and
DfsrEvent tests might fail because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: uzory\mnsuzdc1
Starting test: Connectivity
......................... mnsuzdc1 passed test Connectivity
Doing primary tests
Testing server: uzory\mnsuzdc1
Starting test: Advertising
......................... mnsuzdc1 passed test Advertising
Starting test: FrsEvent
......................... mnsuzdc1 passed test FrsEvent
Starting test: DFSREvent
......................... mnsuzdc1 passed test DFSREvent
Starting test: SysVolCheck
......................... mnsuzdc1 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 02/04/2011 15:32:31
Event String:
All directory servers in the following site that can replicate the d
irectory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with t
he following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complet
e spanning tree network topology. As a result, the following list of sites canno
t be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 02/04/2011 15:32:31
Event String:
All directory servers in the following site that can replicate the d
irectory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with t
he following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complet
e spanning tree network topology. As a result, the following list of sites canno
t be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 02/04/2011 15:32:31
Event String:
All directory servers in the following site that can replicate the d
irectory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with t
he following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complet
e spanning tree network topology. As a result, the following list of sites canno
t be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 02/04/2011 15:32:31
Event String:
All directory servers in the following site that can replicate the d
irectory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with t
he following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 02/04/2011 15:32:31
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complet
e spanning tree network topology. As a result, the following list of sites canno
t be reached from the local site.
......................... mnsuzdc1 failed test KccEvent
Starting test: KnowsOfRoleHolders
[DC1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: DC1 is the Schema Owner, but is not responding to DS RPC
Bind.
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to LDAP Bind.
......................... mnsuzdc1 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... mnsuzdc1 passed test MachineAccount
Starting test: NCSecDesc
......................... mnsuzdc1 passed test NCSecDesc
Starting test: NetLogons
......................... mnsuzdc1 passed test NetLogons
Starting test: ObjectsReplicated
......................... mnsuzdc1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,mnsuzdc1] A recent replication attempt failed:
From DC1 to mnsuzdc1
Naming Context: DC=ForestDnsZones,DC=spel,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2011-02-04 14:53:33.
The last success occurred at 2011-01-13 14:49:29.
176 failures have occurred since the last success.
[Replications Check,mnsuzdc1] A recent replication attempt failed:
From DC1 to mnsuzdc1
Naming Context: DC=DomainDnsZones,DC=spel,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2011-02-04 14:53:33.
The last success occurred at 2011-01-13 14:49:29.
176 failures have occurred since the last success.
[Replications Check,mnsuzdc1] A recent replication attempt failed:
From DC1 to mnsuzdc1
Naming Context: CN=Schema,CN=Configuration,DC=spel,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-02-04 14:53:34.
The last success occurred at 2011-01-13 14:49:29.
176 failures have occurred since the last success.
[Replications Check,mnsuzdc1] A recent replication attempt failed:
From DC1 to mnsuzdc1
Naming Context: CN=Configuration,DC=spel,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-02-04 14:53:33.
The last success occurred at 2011-01-13 14:49:28.
176 failures have occurred since the last success.
[Replications Check,mnsuzdc1] A recent replication attempt failed:
From DC1 to mnsuzdc1
Naming Context: DC=spel,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-02-04 14:53:33.
The last success occurred at 2011-01-13 14:49:28.
176 failures have occurred since the last success.
......................... mnsuzdc1 failed test Replications
Starting test: RidManager
......................... mnsuzdc1 failed test RidManager
Starting test: Services
......................... mnsuzdc1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 02/04/2011 14:37:58
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0xC2000001
Time Generated: 02/04/2011 14:44:34
Event String: Unexpected failure. Error code: 490@01010004
An error event occurred. EventID: 0x40000004
Time Generated: 02/04/2011 14:47:47
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver dc1$. The target name used was ldap/dc1.spel.local. This indicates that the
target server failed to decrypt the ticket provided by the client. This can occ
ur when the target server principal name (SPN) is registered on an account other
than the account the target service is using. Please ensure that the target SPN
is registered on, and only registered on, the account used by the server. This
error can also happen when the target service is using a different password for
the target service account than what the Kerberos Key Distribution Center (KDC)
has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is
not fully qualified, and the target domain (SPEL.LOCAL) is different from the c
lient domain (SPEL.LOCAL), check if there are identically named server accounts
in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 02/04/2011 14:53:33
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver dc1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/e1c6f3e
8-6480-458e-a980-bcb76ec10ea7/spel.local@spel.local. This indicates that the tar
get server failed to decrypt the ticket provided by the client. This can occur w
hen the target server principal name (SPN) is registered on an account other tha
n the account the target service is using. Please ensure that the target SPN is
registered on, and only registered on, the account used by the server. This erro
r can also happen when the target service is using a different password for the
target service account than what the Kerberos Key Distribution Center (KDC) has
for the target service account. Please ensure that the service on the server and
the KDC are both updated to use the current password. If the server name is not
fully qualified, and the target domain (SPEL.LOCAL) is different from the clien
t domain (SPEL.LOCAL), check if there are identically named server accounts in t
hese two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 02/04/2011 15:21:53
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver dc1$. The target name used was DNS/dc1.spel.local. This indicates that the
target server failed to decrypt the ticket provided by the client. This can occu
r when the target server principal name (SPN) is registered on an account other
than the account the target service is using. Please ensure that the target SPN
is registered on, and only registered on, the account used by the server. This e
rror can also happen when the target service is using a different password for t
he target service account than what the Kerberos Key Distribution Center (KDC) h
as for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is
not fully qualified, and the target domain (SPEL.LOCAL) is different from the cl
ient domain (SPEL.LOCAL), check if there are identically named server accounts i
n these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 02/04/2011 15:34:11
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver dc1$. The target name used was LDAP/e1c6f3e8-6480-458e-a980-bcb76ec10ea7._m
sdcs.spel.local. This indicates that the target server failed to decrypt the tic
ket provided by the client. This can occur when the target server principal name
(SPN) is registered on an account other than the account the target service is
using. Please ensure that the target SPN is registered on, and only registered o
n, the account used by the server. This error can also happen when the target se
rvice is using a different password for the target service account than what the
Kerberos Key Distribution Center (KDC) has for the target service account. Plea
se ensure that the service on the server and the KDC are both updated to use the
current password. If the server name is not fully qualified, and the target dom
ain (SPEL.LOCAL) is different from the client domain (SPEL.LOCAL), check if ther
e are identically named server accounts in these two domains, or use the fully-q
ualified name to identify the server.
......................... mnsuzdc1 failed test SystemLog
Starting test: VerifyReferences
......................... mnsuzdc1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : spel
Starting test: CheckSDRefDom
......................... spel passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... spel passed test CrossRefValidation
Running enterprise tests on : spel.local
Starting test: LocatorCheck
......................... spel.local passed test LocatorCheck
Starting test: Intersite
......................... spel.local passed test Intersite
C:\Users\Administrator.SPEL>
|
