Организованный хаос (megavolt_ss) wrote in ru_root,
Организованный хаос
megavolt_ss
ru_root

Дочерний домен

Заранее прошу прощения за несколько сумбурную постановку вопроса, так как началство сорвало меня на рабочее место совсем в неподходящее время. Итак, стартанул первый в своей жизни дочерний домен. Очень обрадовался тому, что можно залинковать объекты GPO из корневого домена, а не создавать новые, но столкнулся в результате с проблемой. Сейчас взаимодейтсвие доменов идёт очень медленно (10-15 минут на логин рабочей станции), в логах светится только две ошибки:

Source: LSASRV
Event ID: 40960
The Security System detected an authentication error for the server LDAP/bdc.irk.local/irk.local@IRK.LOCAL. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Source: NETLOGON
Event ID: 5781
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.irk.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

netdig выдаёт такое:



..............................................

Computer Name: DC-1
DNS Host Name: dc-1.usl.irk.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 8, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : dc-1
IP Address . . . . . . . . : 192.168.43.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.43.1
Primary WINS Server. . . . : 192.168.43.4
Dns Servers. . . . . . . . : 192.168.43.4
192.168.44.4


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8694F2CF-3D38-4E51-AB10-DAE830B9412C}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.43.4'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.43.4'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8694F2CF-3D38-4E51-AB10-DAE830B9412C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8694F2CF-3D38-4E51-AB10-DAE830B9412C}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\\IRK*\MAILSLOT\NET\NETLOGON' via r
edir. [ERROR_BAD_NETPATH]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot get ticket cache from Kerberos.
The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully



Я выпил слишком много пива или нехватает мне опыта? Проблема актуальна в течении 2 часов, но ответ будет интересно узнать и позже.

UPD: Пробема оказывается относится к ru_cisco. Проблема была в размере MTU.
Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 6 comments