【发布时间】:2021-11-21 23:03:18
【问题描述】:
我正在为开发目的设置 AD/DNS 服务器,但在从任何客户端连接到它时都遇到了困难。该服务器是安装在公共云计算环境中的 vanilla Windows Server 2019,按照this virtualgyanis guide 进行设置。客户端是我们内部 LAN 上的 Windows 10 机器。
设置进行得很顺利,但我无法让客户端连接到 DC。任何意见都将不胜感激。
在 Windows 10 中,尝试加入域时,我收到消息“无法联系域“simon.adtest”的 Active Directory 域控制器 (AC DC)”,并提供更多信息:
The query was for the SRV record for _ldap._tcp.dc._msdcs.simon.adtest
The following domain controllers were identified by the query:
simondc2019.simon.adtest
However no domain controllers could be contacted.
需要注意的是,为了排除故障,服务器和客户端都禁用了防火墙。还应该注意的是,这不是一个生产系统,我通常不会提倡降低防火墙。
这是来自客户端的 ipconfig /all:
Windows IP Configuration
Host Name . . . . . . . . . . . . : SIMONMCALOO9364
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #2
Physical Address. . . . . . . . . : 00-0C-29-4A-58-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 September 2021 12:05:31 pm
Lease Expires . . . . . . . . . . : 6 November 2157 9:03:20 pm
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 45.76.xx.xx (correct address of AD/DNS server confirmed)
NetBIOS over Tcpip. . . . . . . . : Enabled
我能够 ping AD (simon.adtest) 和服务器 (SimonDC2019.simon.adtest):
Reply from 45.76.xx.xx: bytes=32 time=17ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Ping statistics for 45.76.xx.xx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
nslookup 正在正确解析正向和反向查找区域:
Server: SimonDC2019.SIMON.adtest
Address: 45.76.xx.xx
Name: simon.adtest
Address: 45.76.xx.xx
C:\Users\simon>nslookup 45.76.xx.xx
Server: SimonDC2019.SIMON.adtest
Address: 45.76.xx.xx
Name: SimonDC2019.SIMON.adtest
Address: 45.76.xx.xx
C:\Users\simon>nslookup SimonDC2019.SIMON.adtest
Server: SimonDC2019.SIMON.adtest
Address: 45.76.xx.xx
Name: SimonDC2019.SIMON.adtest
Address: 45.76.xx.xx
在尝试排除故障时,我在服务器和客户端上都运行了 dcdiag。服务器通过了所有测试,唯一的例外是:
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... SIMONEVERYWHERE failed test DFSREvent
客户端的不同故事,输出如下:
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SIMON
Starting test: Connectivity
......................... SIMON passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SIMON
Starting test: Advertising
Fatal Error:DsGetDcName (SIMON) call failed, error 1722
The Locator could not find the server.
......................... SIMON failed test Advertising
Starting test: FrsEvent
......................... SIMON passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... SIMON failed test DFSREvent
Starting test: SysVolCheck
[SIMON] An net use or LsaPolicy operation failed with error 2,
The system cannot find the file specified..
The SysVol is not ready. This can cause the DC to not advertise itself as a DC for netlogon after dcpromo.
Also trouble with FRS SysVol replication can cause Group Policy problems. Check the FRS event log on this DC.
......................... SIMON failed test SysVolCheck
Starting test: KccEvent
......................... SIMON passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SIMON passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [SIMON]:failed with 2: The system cannot find the file specified.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... SIMON passed test MachineAccount
Starting test: NCSecDesc
......................... SIMON passed test NCSecDesc
Starting test: NetLogons
[SIMON] An net use or LsaPolicy operation failed with error 2,
The system cannot find the file specified..
......................... SIMON failed test NetLogons
Starting test: ObjectsReplicated
......................... SIMON passed test ObjectsReplicated
Starting test: Replications
......................... SIMON passed test Replications
Starting test: RidManager
......................... SIMON passed test RidManager
Starting test: Services
......................... SIMON passed test Services
Starting test: SystemLog
......................... SIMON passed test SystemLog
Starting test: VerifyReferences
......................... SIMON passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : SIMON
Starting test: CheckSDRefDom
......................... SIMON passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... SIMON passed test CrossRefValidation
Running enterprise tests on : SIMON.adtest
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... SIMON.adtest failed test LocatorCheck
Starting test: Intersite
......................... SIMON.adtest passed test Intersite
错误 1722 似乎很模糊,因为它是一般的 RPC 失败。我用谷歌搜索了一堆帖子,由于某种原因不适用于我们的设置,所以我完全被卡住了。
【问题讨论】:
-
你好@sfkHooper,如果我的回答对你有帮助,你可以投票并接受它作为答案(点击答案旁边的复选标记,将其从灰色切换为已填充。)。这对其他社区成员可能是有益的。谢谢。
标签: active-directory windows-10 windows-server-2019