Компьютерный форум OSzone.net  

Компьютерный форум OSzone.net (http://forum.oszone.net/index.php)
-   Microsoft Windows NT/2000/2003 (http://forum.oszone.net/forumdisplay.php?f=5)
-   -   [решено] Главное конечное имя неверно (http://forum.oszone.net/showthread.php?t=212829)

Карбофос 08-08-2011 12:05 1727762
Главное конечное имя неверно
 
Добрый день! Подобная тема уже была, но, поскольку, возможно, у меня ситуация иная, создаю новую.

Итак, в домене 2 контроллера. Их обоих восстанавливали из бекапа (разница в срезах бекапов -- примерно 12 часов). После подъема не делается репликация с формулировкой "Главное конечное имя неверно". DNS, вроде, настроены. Предпочитаемые dns-серверы этих КД смотрят "друг на друга"

Выполнение netdom resetpwd (как тут советовали) на DC1:
Код:
netdom resetpwd /server:DC2.mydomain.ru /userd:mydomain\administrator /passwordd:god
The machine account password for the local machine has been successfully reset
The command completed successfully
Выполнение repadmin /syncall:
* на DC1:
Код:
CALLBACK MESSAGE: Error contacting server 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru (network error): -2146893022 (0x80090322):
Главное конечное имя неверно.
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error contacting server 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru (network error): -2146893022 (0x80090322):    Главное конечное имя неверно.
* на DC2:
Код:
CALLBACK MESSAGE: The following replication is in progress:
From: ba4c2bbb-07cb-4d1d-a17a-989c84c65db7._msdcs.mydomain.ru
To  : 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru
CALLBACK MESSAGE: The following replication completed successfully:
From: ba4c2bbb-07cb-4d1d-a17a-989c84c65db7._msdcs.mydomain.ru
To  : 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru
CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors.
Кроме того, в логах на DC1 пишется ошибка kerberos #4:
Код:
Клиент Kerberos получил ошибку KRB_AP_ERR_MODIFIED с сервера host/DC2.mydomain.ru.
Использовавшееся конечное имя: mydomain\DC2$. Это значит, что пароль, который был использован
для шифрования билета службы Kerberos, отличается от пароля на конечном сервере.
Обычно это происходит, если в конечной сфере (mydomain.RU) и в сфере клиента имеются учетные
записи компьютеров с одинаковыми именами.  Обратитесь к системному администратору.
Что можно сделать, чтоб восстановить возможность репликаций?

Telepuzik 08-08-2011 12:23 1727777
Цитата:
Цитата Карбофос
Выполнение netdom resetpwd »
После выполнения данной команды КД перезагрузили? Службу центра распространения ключей Kerberos запустили?

Карбофос 08-08-2011 12:41 1727796
Не перегружал. Как и было рекомендовано:
1) остановил службу, перевел ее запуск в "ручной"
2) выполнил resetpwd
3) запустил службу и сделал запуск "авто"

Сейчас перегрузил DC1. Реакция на repadmin /syncall изменилась:
Код:
CALLBACK MESSAGE: Error contacting server 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru (network error): 5 (0x5):
    Отказано в доступе.
CALLBACK MESSAGE: Error contacting server ba4c2bbb-07cb-4d1d-a17a-989c84c65db7._msdcs.mydomain.ru (network error): 5 (0x5):
    Отказано в доступе.
SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    Для этой операции репликации указан недопустимый контекст именования.

Telepuzik 08-08-2011 13:31 1727831
Цитата:
Цитата Карбофос
Не перегружал. Как и было рекомендовано: »
Как раз в том посте на который вы указываете дается рекомендация перезагрузить КД после выполнения команды netdom.
На проблемном КД сохраните копию файлов %systemroot%\system32\config\netlogon.dns и %systemroot%\system32\config\Netlogon.dnb, затем удалите файлы Netlogon.dns и Netlogon.dnb. Выполните команды:
net stop netlogon
net start netlogon
netdiag /fix
netdiag /test:DNS /v
Вывод покажите.

Карбофос 08-08-2011 13:50 1727846
netdiag /fix:
Код:
....................................

    Computer Name: DC1
    DNS Host Name: DC1.mydomain.ru
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 8, GenuineIntel
    List of installed hotfixes :
        KB2079403
        KB2115168
        KB2121546
        KB2141007
        KB2158563
        KB2160329
        KB2183461
        KB2183461-IE7
        KB2183461-IE8
        KB2207559
        KB2229593
        KB2259922
        KB2279986
        KB2286198
        KB2296011
        KB2296199
        KB2345886
        KB2347290
        KB2360131-IE8
        KB2360937
        KB2378111
        KB2387149
        KB2416400-IE8
        KB2416451
        KB2419635
        KB2423089
        KB2436673
        KB2440591
        KB2443105
        KB2467659
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902-v2
        KB926140-v5
        KB927891
        KB929123
        KB930178
        KB932168
        KB933854
        KB936357
        KB938127
        KB941569
        KB943055
        KB943460
        KB943729
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB950760
        KB950762
        KB950974
        KB951066
        KB951748
        KB952004
        KB952069
        KB952954
        KB953298
        KB954155
        KB954550-v5
        KB955069
        KB955759
        KB956572
        KB956744
        KB956802
        KB956803
        KB956844
        KB958644
        KB958869
        KB959426
        KB960225
        KB960803
        KB960859
        KB961063
        KB961118
        KB961501
        KB967715
        KB967723
        KB968389
        KB968816
        KB969059
        KB969947
        KB970238
        KB970430
        KB971032
        KB971468
        KB971513
        KB971657
        KB971737
        KB971961
        KB971961-IE8
        KB972270
        KB973037
        KB973354
        KB973507
        KB973540
        KB973687
        KB973815
        KB973869
        KB973904
        KB974112
        KB974318
        KB974392
        KB974571
        KB975025
        KB975364-IE8
        KB975467
        KB975558_WM8
        KB975560
        KB975562
        KB975713
        KB976662-IE8
        KB977290
        KB977816
        KB977914
        KB978037
        KB978262
        KB978338
        KB978542
        KB978601
        KB978695
        KB978706
        KB979306
        KB979309
        KB979482
        KB979559
        KB979683
        KB979687
        KB979907
        KB980182
        KB980195
        KB980218
        KB980232
        KB980436
        KB981322
        KB981332-IE8
        KB981350
        KB981550
        KB981793
        KB981957
        KB982132
        KB982214
        KB982381
        KB982381-IE7
        KB982632-IE8
        KB982802
        Q147222


Netcard queries test . . . . . . . : Passed
    GetStats failed for 'Прямой параллельный порт'. [ERROR_NOT_SUPPORTED]
    [WARNING] The net card 'Минипорт WAN (PPTP)' may not be working because it has not received any packets.
    [WARNING] The net card 'Минипорт WAN (PPPoE)' may not be working because it has not received any packets.
    [WARNING] The net card 'Минипорт WAN (IP)' may not be working because it has not received any packets.
    GetStats failed for 'Минипорт WAN (L2TP)'. [ERROR_NOT_SUPPORTED]



Per interface results:

    Adapter : Подключение по локальной сети

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DC1
        IP Address . . . . . . . . : 192.168.0.252
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.254
        Dns Servers. . . . . . . . : 192.168.0.227
                                    192.168.0.252


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{BC11B6F1-6725-4F51-A655-2E75264D03EC}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.227' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{BC11B6F1-6725-4F51-A655-2E75264D03EC}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{BC11B6F1-6725-4F51-A655-2E75264D03EC}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'mydomain' is to '\\DC2.mydomain.ru'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'DC2.mydomain.ru'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

Telepuzik 08-08-2011 13:54 1727853
Карбофос,
А все остальное где??

Карбофос 08-08-2011 13:55 1727856
вывод netdiag /test:DNS /v не умещается... сейчас в два захода сделаю...

netdiag /test:DNS /v:
Код:
    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.227' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.252' and other DCs also have some of the names registered.

    Tests complete.


    Computer Name: DC1
    DNS Host Name: DC1.mydomain.ru
    DNS Domain Name: mydomain.ru
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 8, GenuineIntel
    Hotfixes :
        Installed?      Name
          Yes          KB2079403
          Yes          KB2115168
          Yes          KB2121546
          Yes          KB2141007
          Yes          KB2158563
          Yes          KB2160329
          Yes          KB2183461
          Yes          KB2183461-IE7
          Yes          KB2183461-IE8
          Yes          KB2207559
          Yes          KB2229593
          Yes          KB2259922
          Yes          KB2279986
          Yes          KB2286198
          Yes          KB2296011
          Yes          KB2296199
          Yes          KB2345886
          Yes          KB2347290
          Yes          KB2360131-IE8
          Yes          KB2360937
          Yes          KB2378111
          Yes          KB2387149
          Yes          KB2416400-IE8
          Yes          KB2416451
          Yes          KB2419635
          Yes          KB2423089
          Yes          KB2436673
          Yes          KB2440591
          Yes          KB2443105
          Yes          KB2467659
          Yes          KB923561
          Yes          KB924667-v2
          Yes          KB925398_WMP64
          Yes          KB925876
          Yes          KB925902-v2
          Yes          KB926140-v5
          Yes          KB927891
          Yes          KB929123
          Yes          KB930178
          Yes          KB932168
          Yes          KB933854
          Yes          KB936357
          Yes          KB938127
          Yes          KB941569
          Yes          KB943055
          Yes          KB943460
          Yes          KB943729
          Yes          KB944338-v2
          Yes          KB944653
          Yes          KB945553
          Yes          KB946026
          Yes          KB948496
          Yes          KB950760
          Yes          KB950762
          Yes          KB950974
          Yes          KB951066
          Yes          KB951748
          Yes          KB952004
          Yes          KB952069
          Yes          KB952954
          Yes          KB953298
          Yes          KB954155
          Yes          KB954550-v5
          Yes          KB955069
          Yes          KB955759
          Yes          KB956572
          Yes          KB956744
          Yes          KB956802
          Yes          KB956803
          Yes          KB956844
          Yes          KB958644
          Yes          KB958869
          Yes          KB959426
          Yes          KB960225
          Yes          KB960803
          Yes          KB960859
          Yes          KB961063
          Yes          KB961118
          Yes          KB961501
          Yes          KB967715
          Yes          KB967723
          Yes          KB968389
          Yes          KB968816
          Yes          KB969059
          Yes          KB969947
          Yes          KB970238
          Yes          KB970430
          Yes          KB971032
          Yes          KB971468
          Yes          KB971513
          Yes          KB971657
          Yes          KB971737
          Yes          KB971961
          Yes          KB971961-IE8
          Yes          KB972270
          Yes          KB973037
          Yes          KB973354
          Yes          KB973507
          Yes          KB973540
          Yes          KB973687
          Yes          KB973815
          Yes          KB973869
          Yes          KB973904
          Yes          KB974112
          Yes          KB974318
          Yes          KB974392
          Yes          KB974571
          Yes          KB975025
          Yes          KB975364-IE8
          Yes          KB975467
          Yes          KB975558_WM8
          Yes          KB975560
          Yes          KB975562
          Yes          KB975713
          Yes          KB976662-IE8
          Yes          KB977290
          Yes          KB977816
          Yes          KB977914
          Yes          KB978037
          Yes          KB978262
          Yes          KB978338
          Yes          KB978542
          Yes          KB978601
          Yes          KB978695
          Yes          KB978706
          Yes          KB979306
          Yes          KB979309
          Yes          KB979482
          Yes          KB979559
          Yes          KB979683
          Yes          KB979687
          Yes          KB979907
          Yes          KB980182
          Yes          KB980195
          Yes          KB980218
          Yes          KB980232
          Yes          KB980436
          Yes          KB981322
          Yes          KB981332-IE8
          Yes          KB981350
          Yes          KB981550
          Yes          KB981793
          Yes          KB981957
          Yes          KB982132
          Yes          KB982214
          Yes          KB982381
          Yes          KB982381-IE7
          Yes          KB982632-IE8
          Yes          KB982802
          Yes          Q147222


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Прямой параллельный порт
    Device: \DEVICE\{D56EB0ED-1FDE-4A35-8814-489733E5887B}
    GetStats failed for 'Прямой параллельный порт'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: Минипорт WAN (PPTP)
    Device: \DEVICE\{D3D7F806-D3A2-4766-89F2-9F5854CCF92D}

    Media State:                    Connected

    Device State:                    Connected
    Connect Time:                    00:00:00
    Media Speed:                    0 bps

    Packets Sent:                    0
    Bytes Sent (Optional):          0

    Packets Received:                0
    Directed Pkts Recd (Optional):  0
    Bytes Received (Optional):      0
    Directed Bytes Recd (Optional):  0

    [WARNING] The net card 'Минипорт WAN (PPTP)' may not be working because it has not received any packets.
    ---------------------------------------------------------------------------
    Description: Минипорт WAN (PPPoE)
    Device: \DEVICE\{52401B3C-04C3-4FD6-ACAB-830EF3F493DB}

    Media State:                    Connected

    Device State:                    Connected
    Connect Time:                    00:00:00
    Media Speed:                    0 bps

    Packets Sent:                    0
    Bytes Sent (Optional):          0

    Packets Received:                0
    Directed Pkts Recd (Optional):  0
    Bytes Received (Optional):      0
    Directed Bytes Recd (Optional):  0

    [WARNING] The net card 'Минипорт WAN (PPPoE)' may not be working because it has not received any packets.
    ---------------------------------------------------------------------------
    Description: Минипорт WAN (IP)
    Device: \DEVICE\NDISWANIP

    Media State:                    Connected

    Device State:                    Connected
    Connect Time:                    01:06:12
    Media Speed:                    28 Kbps

    Packets Sent:                    0
    Bytes Sent (Optional):          0

    Packets Received:                0
    Directed Pkts Recd (Optional):  0
    Bytes Received (Optional):      0
    Directed Bytes Recd (Optional):  0

    [WARNING] The net card 'Минипорт WAN (IP)' may not be working because it has not received any packets.
    ---------------------------------------------------------------------------
    Description: Минипорт WAN (L2TP)
    Device: \DEVICE\{D7108D0B-6095-46E2-B7DC-20AAA833A60F}
    GetStats failed for 'Минипорт WAN (L2TP)'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: VMware Accelerated AMD PCNet Adapter
    Device: \DEVICE\{BC11B6F1-6725-4F51-A655-2E75264D03EC}

    Media State:                    Connected

    Device State:                    Connected
    Connect Time:                    01:06:12
    Media Speed:                    1 Gbps

    Packets Sent:                    277192
    Bytes Sent (Optional):          57637025

    Packets Received:                365276
    Directed Pkts Recd (Optional):  352293
    Bytes Received (Optional):      70270799
    Directed Bytes Recd (Optional):  70270799

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Подключение по локальной сети
        Adapter ID . . . . . . . . : {BC11B6F1-6725-4F51-A655-2E75264D03EC}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Domain Controller
    Netbios Domain name. . . . . . : mydomain
    Dns domain name. . . . . . . . : mydomain.ru
    Dns forest name. . . . . . . . : mydomain.ru
    Domain Guid. . . . . . . . . . : {EBB7DD75-88DC-47F7-B057-D9F1B73D949A}
    Domain Sid . . . . . . . . . . : S-1-5-21-2066648584-3145624946-3895715101
    Logon User . . . . . . . . . . : Admin
    Logon Domain . . . . . . . . . : mydomain


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{BC11B6F1-6725-4F51-A655-2E75264D03EC}
    1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
      Interface {BC11B6F1-6725-4F51-A655-2E75264D03EC}
        DNS Domain:
        DNS Servers: 192.168.0.227 192.168.0.252
        IP Address:        Expected registration with PDN (primary DNS domain name):
          Hostname: DC1.mydomain.ru.
          Authoritative zone: mydomain.ru.
          Primary DNS server: DC2.mydomain.ru 192.168.0.227
          Authoritative NS:192.168.0.252 192.168.0.227
Check the DNS registration for DCs entries on DNS server '192.168.0.227'
The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.227 is:
DNS NAME = mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC2.mydomain.ru
            SRV 0 100 3268 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ebb7dd75-88dc-47f7-b057-d9f1b73d949a.domains._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.ebb7dd75-88dc-47f7-b057-d9f1b73d949a.domains._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.227 is:
DNS NAME = gc._msdcs.mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is correct on DNS server '192.168.0.227'.

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru
            SRV 0 100 88 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC2.mydomain.ru
            SRV 0 100 88 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kerberos._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru
            SRV 0 100 88 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

Карбофос 08-08-2011 13:57 1727859
netdiag /test:DNS /v (продолжение):
Код:
+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru
            SRV 0 100 88 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _gc._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _gc._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kerberos._udp.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru
            SRV 0 100 88 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kpasswd._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru
            SRV 0 100 464 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.mydomain.ru.
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _kpasswd._udp.mydomain.ru
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru
            SRV 0 100 464 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.227 is:
DNS NAME = DomainDnsZones.mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.DomainDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.DomainDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC00001.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.227 is:
DNS NAME = ForestDnsZones.mydomain.ru
DNS DATA =
            A  192.168.0.252
            A  192.168.0.227
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ForestDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.ForestDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC00001.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.227'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.227', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.227 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
+------------------------------------------------------+

    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.227' and other DCs also have some of the names registered.
Check the DNS registration for DCs entries on DNS server '192.168.0.252'
The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.252 is:
DNS NAME = mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ebb7dd75-88dc-47f7-b057-d9f1b73d949a.domains._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.ebb7dd75-88dc-47f7-b057-d9f1b73d949a.domains._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.252 is:
DNS NAME = gc._msdcs.mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is correct on DNS server '192.168.0.252'.

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC2.mydomain.ru
            SRV 0 100 88 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru
            SRV 0 100 88 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kerberos._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC2.mydomain.ru
            SRV 0 100 88 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kerberos._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC2.mydomain.ru
            SRV 0 100 88 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _gc._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.Default-First-Site-Name._sites.mydomain.ru.
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _gc._tcp.Default-First-Site-Name._sites.mydomain.ru
DNS DATA =
            SRV 0 100 3268 DC1.mydomain.ru
            SRV 0 100 3268 DC2.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.mydomain.ru.
DNS DATA =
            SRV 0 100 88 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kerberos._udp.mydomain.ru
DNS DATA =
            SRV 0 100 88 DC2.mydomain.ru
            SRV 0 100 88 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.mydomain.ru.
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kpasswd._tcp.mydomain.ru
DNS DATA =
            SRV 0 100 464 DC2.mydomain.ru
            SRV 0 100 464 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.mydomain.ru.
DNS DATA =
            SRV 0 100 464 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _kpasswd._udp.mydomain.ru
DNS DATA =
            SRV 0 100 464 DC2.mydomain.ru
            SRV 0 100 464 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.252 is:
DNS NAME = DomainDnsZones.mydomain.ru
DNS DATA =
            A  192.168.0.227
            A  192.168.0.252
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.DomainDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.DomainDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.mydomain.ru.
DNS DATA =
            A  192.168.0.252

The record on DNS server 192.168.0.252 is:
DNS NAME = ForestDnsZones.mydomain.ru
DNS DATA =
            A  192.168.0.252
            A  192.168.0.227
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ForestDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.ForestDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
+------------------------------------------------------+

The Record is different on DNS server '192.168.0.252'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.0.252', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.ru.
DNS DATA =
            SRV 0 100 389 DC1.mydomain.ru.

The record on DNS server 192.168.0.252 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.ru
DNS DATA =
            SRV 0 100 389 DC2.mydomain.ru
            SRV 0 100 389 DC00001.mydomain.ru
            SRV 0 100 389 DC1.mydomain.ru
+------------------------------------------------------+

    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.252' and other DCs also have some of the names registered.


The command completed successfully
Любопытно, что DC00001.mydomain.ru в домене быть не должно.. Возможно, это "старое" имя DC1.

Telepuzik 08-08-2011 14:04 1727862
Цитата:
Цитата Карбофос
Любопытно, что DC00001.mydomain.ru в домене быть не должно.. »
Да эта запись однозначно лишняя.
Что показывает команда repadmin /syncall на DC1 и на DC2.

Карбофос 08-08-2011 14:08 1727866
DC1:
Код:
CALLBACK MESSAGE: Error contacting server 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru (network error): -2146893022 (0x80090322):
    Главное конечное имя неверно.
CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:
Error contacting server 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru (network error): -2146893022 (0x80090322):
    Главное конечное имя неверно.
DC2:
Код:
CALLBACK MESSAGE: The following replication is in progress:
    From: ba4c2bbb-07cb-4d1d-a17a-989c84c65db7._msdcs.mydomain.ru
    To  : 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru
CALLBACK MESSAGE: The following replication completed successfully:
    From: ba4c2bbb-07cb-4d1d-a17a-989c84c65db7._msdcs.mydomain.ru
    To  : 8a6d014e-4e37-48ed-a504-676e028cca34._msdcs.mydomain.ru
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Telepuzik 08-08-2011 14:16 1727871
Покажите вывод команды netdom query fsmo.

Карбофос 08-08-2011 14:19 1727876
DC1:
Код:
Schema owner                DC2.mydomain.ru
Domain role owner          DC2.mydomain.ru
PDC role                    DC2.mydomain.ru
RID pool manager            DC2.mydomain.ru
Infrastructure owner        DC2.mydomain.ru
The command completed successfully.
DC2:
Код:
Schema owner                DC2.mydomain.ru
Domain role owner          DC2.mydomain.ru
PDC role                    DC2.mydomain.ru
RID pool manager            DC2.mydomain.ru
Infrastructure owner        DC2.mydomain.ru
The command completed successfully.

zero55 08-08-2011 14:29 1727884
Оба восстановлены из бэкапа?
Тогда зачем вы сбрасываете пароль?

Достаточно на одном сказать что он восстановлен из бэкапа тут.

Вы же сбросив пароль ничего кроме проблемы с керберосом не добьетесь.

Карбофос 08-08-2011 14:52 1727917
repadmin /showutdvec
на DC1:
Код:
Caching GUIDs.
..
Default-First-Site-Name\DC1  @ USN  44708536 @ Time 2011-08-08 14:46:39
Default-First-Site-Name\DC2 @ USN  52826192 @ Time 2011-06-06 18:05:57
Default-First-Site-Name\DC1 (retired) @ USN  43321507 @ Time 2011-08-04 09:57:59
Default-First-Site-Name\DC2 (retired) @ USN  1595066 @ Time 2009-03-05 21:21:42
на DC2:
Код:
Caching GUIDs.
..
Default-First-Site-Name\DC2 (retired) @ USN  53794943 @ Time 2011-08-04 10:14:26
Default-First-Site-Name\DC1 (retired) @ USN  28046722 @ Time 2011-06-06 17:56:12
Default-First-Site-Name\DC2 @ USN  53867081 @ Time 2011-08-08 14:48:03
Default-First-Site-Name\DC2 (retired) @ USN  1595066 @ Time 2009-03-05 21:21:42
Что бы это могло значить, уважаемые гуру?

zero55 08-08-2011 14:54 1727921
USN Rollback :)
ссылка выше...

Карбофос 08-08-2011 15:14 1727930
zero55, не сочтите за словоблудство: просто, хочется уточнить, правильно ли я понял Вашу мысль... Вы предлагаете пойти методом №1?

zero55 08-08-2011 15:19 1727934
Она вам уже не поможет.
Придется удалять роль контроллера
dcpromo /forceremoval
потом metadata cleanup
потом ставим контроллер заново.

PS методика №1 могла бы помочь только в случае поднятия первого контроллера и на втором отметить что он восстановлен из бэкапа.

Карбофос 08-08-2011 15:32 1727943
Переустановка КД на работающем предприятии -- звучит, как приговор :)
Неужели нет терапевтических методов лечения этого заболевания?

zero55 08-08-2011 15:43 1727951
Почему как приговор?
Это вполне нормальная ситуация. Главное иметь актуальные бэкапы.

Карбофос 09-08-2011 10:30 1728407
Застрял на полпути. На DC1 снес контроллер домена, погасил его физически. Не пойму, как снести метадату... Вот что на DC2:
Код:
server connections: connect to server DC1
Привязка к DC1 ...
DsBindW ошибка 0x6ba(Сервер RPC недоступен.)
Или я что-то недопонял?

zero55 09-08-2011 12:34 1728490
А роли вы передавали?

Карбофос 09-08-2011 13:21 1728527
Да, вроде, роли были на DC2. Итак, перечисляю свои "достижения" :)
- как уже говорил, на DC1 снес контроллер домена и погасил его физически;
- на DC2 (connect to server DC2) снес метаданные строго в соответствии с мануалом;
- пытаюсь (dcpromo) поднять КД на DC1, ругается:
Код:
Операция не выполнена по следующей причине:

Ошибка при репликации службой каталогов раздела CN=Schema,CN=Configuration,DC=mydomain,DC=ru с удаленного контроллера доменов DC2.mydomain.ru.

"Исходный сервер в настоящий момент отвергает запросы на репликацию."
repadmin /showrepl говорит:
Код:
Repadmin can't connect to a "home server", because of the following error.  Try specifying a different home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:

    LDAP Error 49(0x31): Неправильные учетные данные
    Server Win32 Error 2148074252(0x8009030c): Попытка входа в систему неудачна
    Extended Information: 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
Любопытно, что в логах на DC2 есть события NTDS Replication #2092:
"Этот сервер является владельцем следующей роли FSMO, но не считает назначение правильным...."

zero55 09-08-2011 14:37 1728577
Становится все интереснее...
Я бы восстановился из бэкапа заново первый контроллер, а на втором сделал бы отметку что он восстановлен из бэкапа.

PS теоретически ваш случай не сложен (лечение не более часа), но в режиме вопрос-форум-ответ он может сильно затянуться.

Карбофос 09-08-2011 14:59 1728590
Цитата:
Цитата zero55
Я бы восстановился из бэкапа заново первый контроллер, а на втором сделал бы отметку что он восстановлен из бэкапа. »
Правильно ли я понял, что:
1) DC1 поднимаем из бекапа (когда он еще не был отстанен от должности КД) в режиме Directory Service Restore Mode;
2) действуем по методу 1, причем работаем с реестром DC1;

Если да, то что-то не пойму, что значит "на втором сделал бы отметку что он восстановлен из бэкапа"....

Карбофос 09-08-2011 16:12 1728638
Все-таки не оставляю попыток сделать через dcpromo... DC2 отказывается реплицироваться, видимо, вот по какой причине:

выполняю repadmin /options:
Код:
Current DC Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
пробую repadmin /options -DISABLE_OUTBOUND_REPL:
Код:
Repadmin experienced the following error trying to resolve the DC_NAME: -DISABLE_OUTBOUND_REPL
Error: An error occured:
    Win32 Error 8419(0x20e3): Не удается найти объект DSA.

Telepuzik 09-08-2011 16:50 1728656
Цитата:
Цитата Карбофос
пробую repadmin /options -DISABLE_OUTBOUND_REPL: »
А если так: repadmin /options dc2.mydomain.ru -DISABLE_OUTBOUND_REPL и надеюсь вы указали в качестве предпочитаемого DNS сервера адрес DC2.

Карбофос 09-08-2011 17:15 1728670
Цитата:
Цитата Telepuzik
repadmin /options dc2.mydomain.ru -DISABLE_OUTBOUND_REPL »
Помогло! Репликация с DC2 на DC1 прошла! Спасибо всем огромное!!!
Единственный вопрос: в оснастке "AD - сайты и службы" не прописался NTDS Settings для DC1 (с DC2), а прописался только для DC2 (с DC1). Это нормально? Он пропишется потом?

Разобрался: сделал IS_GC DISABLE_INBOUND_REPL для DC1.

Еще раз всем спасибо! С вами я стану Мастером Доменных Дел! :)

zero55 10-08-2011 10:48 1729042
Отключение репликации это решение?
Не думаю...

Карбофос 10-08-2011 13:19 1729130
Цитата:
Цитата zero55
Не думаю... »
Правильно думаете, что так не думаете :)
Действительно, ситуация окончательно выправилась, когда сделал и -DISABLE_OUTBOUND_REPL, и -DISABLE_INBOUND_REPL

zero55 10-08-2011 15:42 1729202
т.е. вы убрали следствие а не причину?
И получили нереплицируемый контроллер...

Хм.. Сомневаюсь что это правильно. Контроллер то неработоспособен :)

Карбофос 10-08-2011 16:45 1729240
Цитата:
Цитата zero55
Контроллер то неработоспособен»
Так... Тогда я вообще ничего не понимаю... Что тогда означает фраза "Active Directory произвела репликацию подключений" после того, как я в оснастке "AD - сайты и службы", стоя на NTDS Settings, сделал "Реплицировать сейчас"?

zero55 10-08-2011 19:13 1729321
Вы отключили репликацию и естественно при таком "финте" происходит такая реакция.

попробуйте
repadmin /showrepl
readmin /replsum
Это покажет когда именно и что реплицировалось.

Карбофос 11-08-2011 11:30 1729694
repadmin /showrepl
* DC1
Код:
repadmin running command /showrepl against server localhost

Default-First-Site-Name\DC1
DC Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
DC invocationID: ecd904b2-a3f2-4a8d-8344-9d8cb626e522

==== INBOUND NEIGHBORS ======================================

DC=mydomain,DC=ru
    Default-First-Site-Name\DC2 via RPC
        DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
        Last attempt @ 2011-08-11 11:20:50 was successful.

CN=Configuration,DC=mydomain,DC=ru
    Default-First-Site-Name\DC2 via RPC
        DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
        Last attempt @ 2011-08-11 11:20:09 was successful.

CN=Schema,CN=Configuration,DC=mydomain,DC=ru
    Default-First-Site-Name\DC2 via RPC
        DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
        Last attempt @ 2011-08-11 11:20:10 was successful.

DC=DomainDnsZones,DC=mydomain,DC=ru
    Default-First-Site-Name\DC2 via RPC
        DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
        Last attempt @ 2011-08-11 11:20:10 was successful.

DC=ForestDnsZones,DC=mydomain,DC=ru
    Default-First-Site-Name\DC2 via RPC
        DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
        Last attempt @ 2011-08-11 11:20:10 was successful.
* DC2
Код:
repadmin running command /showrepl against server localhost

Default-First-Site-Name\DC2
DC Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DC object GUID: 8a6d014e-4e37-48ed-a504-676e028cca34
DC invocationID: c3692a40-40ff-46c6-8ae4-ae2c74f57625

==== INBOUND NEIGHBORS ======================================

DC=mydomain,DC=ru
    Default-First-Site-Name\DC1 via RPC
        DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
        Last attempt @ 2011-08-11 11:18:34 was successful.

CN=Configuration,DC=mydomain,DC=ru
    Default-First-Site-Name\DC1 via RPC
        DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
        Last attempt @ 2011-08-11 11:12:39 was successful.

CN=Schema,CN=Configuration,DC=mydomain,DC=ru
    Default-First-Site-Name\DC1 via RPC
        DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
        Last attempt @ 2011-08-11 11:12:39 was successful.

DC=DomainDnsZones,DC=mydomain,DC=ru
    Default-First-Site-Name\DC1 via RPC
        DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
        Last attempt @ 2011-08-11 11:12:39 was successful.

DC=ForestDnsZones,DC=mydomain,DC=ru
    Default-First-Site-Name\DC1 via RPC
        DC object GUID: 7065d632-8674-4bb2-8694-b547a4485f43
        Last attempt @ 2011-08-11 11:13:10 was successful.
repadmin /replsum
* DC1
Код:
Replication Summary Start Time: 2011-08-11 11:25:10

Beginning data collection for replication summary, this may take awhile:
  .....


Source DC          largest delta  fails/total  %%  error
 DC2          05m:01s    0 /  5    0 
 DC1                12m:31s    0 /  5    0 


Destination DC    largest delta    fails/total  %%  error
 DC2          12m:32s    0 /  5    0 
 DC1                05m:02s    0 /  5    0
* DC2
Код:
Replication Summary Start Time: 2011-08-11 11:28:52

Beginning data collection for replication summary, this may take awhile:
  .....

Source DC          largest delta  fails/total  %%  error
 DC2          08m:43s    0 /  5    0 
 DC1                01m:13s    0 /  5    0 

Destination DC    largest delta    fails/total  %%  error
 DC2          01m:13s    0 /  5    0 
 DC1                08m:43s    0 /  5    0

Telepuzik 11-08-2011 11:36 1729702
Цитата:
Цитата Карбофос
Действительно, ситуация окончательно выправилась, когда сделал и -DISABLE_OUTBOUND_REPL, и -DISABLE_INBOUND_REPL »
Цитата:
Цитата zero55
Вы отключили репликацию и естественно при таком "финте" происходит такая реакция. »
Параметры -DISABLE_OUTBOUND_REPL, и -DISABLE_INBOUND_REPL включают входящую/исходящую репликацию так что репликация работает. Для отключения репликации необходимо использовать параметры +DISABLE_OUTBOUND_REPL и +DISABLE_INBOUND_REPL.

Карбофос 11-08-2011 11:41 1729707
Цитата:
Цитата Telepuzik
Параметры -DISABLE_OUTBOUND_REPL, и -DISABLE_INBOUND_REPL включают входящую/исходящую репликацию так что репликация работает. Для отключения репликации необходимо использовать параметры +DISABLE_OUTBOUND_REPL и +DISABLE_INBOUND_REPL. »
Я так и понял, правда, не сразу :)

zero55 11-08-2011 14:49 1729883
Цитата:
Цитата Telepuzik
Параметры -DISABLE_OUTBOUND_REPL, и -DISABLE_INBOUND_REPL включают входящую/исходящую репликацию »
Был не прав...
Каюсь после прочтения хэлпа.

PS по выводу repadmin-а все в порядке, но на DC2 нездорово большая дельта. В идеале нужно посмотреть за производительностью но это уже дело автора топика...


Время: 21:12.

Время: 21:12.
© OSzone.net 2001-