מאמרים אחרונים

שתף בפייסבוק שיתוף בפייסבוק
RSS - מאמריםמאמרים
RSS - פורומיםפורומים
דווח למנהל דיווח למנהל
קישור לעמוד זה קישור לעמוד זה
עוד בקבוצת HT



לא מצליח להכנס ל gpo בDC


   פורומים > HTPC ומחשוב > רשתות, IT ומחשוב
מחבר הודעה
Popcorn110 (יוסי)
חבר פעיל מאוד
חבר פעיל מאוד

הצטרף בתאריך:
  Aug 26, 2015
מספר הודעות: 101

 #1  נשלח: ה' 23/05/2019 13:36
לא מצליח להכנס ל gpo בDC

שלום

יש לי שני server DC משוכפלים
server1
server2

ההתקנה הראשונה היית על server1 ואחר כך צירפתי את server2
הdns יושב על server1


כנראה שserver2 לא מתקשר עם server1
אם אני משנה משהו ב AD בserver1 הוא משפיע על כל המשתמשים שמחוברים (שינוי סיסמא לדוגמא)
אבל לא מתעדכן ב server2
אם אני משנה בserver2 - זה לא משפיע על אף מחשב (חוץ מserver2 כמובן)

הבעיה היא
יש לי תוכנות על server2
ואני מנסה לשנות את ה gpo הראשי
ומקבל שגיאה (מצורף תמונה)

יש דרך להחזיר את החיבור בין שני המחשבים?
גם כדי שיהיה גיבוי לAD במידה ואחד נופל
וגם שאוכל לשנות את ה gpo

וגם ממה זה יכול לקרות פתאום?


תודה רבה



| פרופיל | שלח הודעה | חפש
NegativeIQ (דן)
חבר מביא חבר
חבר מביא חבר

הצטרף בתאריך:
  Dec 13, 2005
הבעות תודה: 447
מספר הודעות: 3740

 #2  נשלח: ה' 23/05/2019 15:01
Re: לא מצליח להכנס ל gpo בDC

Popcorn110 כתב:
שלום

יש לי שני server DC משוכפלים
server1
server2

ההתקנה הראשונה היית על server1 ואחר כך צירפתי את server2
הdns יושב על server1


כנראה שserver2 לא מתקשר עם server1
אם אני משנה משהו ב AD בserver1 הוא משפיע על כל המשתמשים שמחוברים (שינוי סיסמא לדוגמא)
אבל לא מתעדכן ב server2
אם אני משנה בserver2 - זה לא משפיע על אף מחשב (חוץ מserver2 כמובן)

הבעיה היא
יש לי תוכנות על server2
ואני מנסה לשנות את ה gpo הראשי
ומקבל שגיאה (מצורף תמונה)

יש דרך להחזיר את החיבור בין שני המחשבים?
גם כדי שיהיה גיבוי לAD במידה ואחד נופל
וגם שאוכל לשנות את ה gpo

וגם ממה זה יכול לקרות פתאום?


תודה רבה

קודם כל, כל DC חייב להריץ שרת DNS, אם server2 לא מריץ DNS אז זאת כבר בעיה. תוודא את זה דבר ראשון.
חוץ מזה תבדוק את ה-Event log ותראה האם יש שם שגיאות.
| פרופיל | שלח הודעה | חפש
ag43
חבר פעיל במיוחד
חבר פעיל במיוחד

הצטרף בתאריך:
  Aug 23, 2008
הבעות תודה: 62
מספר הודעות: 954

 #3  נשלח: ה' 23/05/2019 15:04

הם לא חייבים להריץ DNS אבל זה מקובל. מתי התחילה הבעיה? למה אתה מתכוון ב"משוכפלים"? מונחים באנגלית יעזרו להבין אותך יותר טוב.
| פרופיל | שלח הודעה | חפש
Popcorn110 (יוסי)
חבר פעיל מאוד
חבר פעיל מאוד

הצטרף בתאריך:
  Aug 26, 2015
מספר הודעות: 101

 #4  נשלח: ה' 23/05/2019 15:15

ag43
·
בצעתי dcpromo
וסימנתי שיתחבר existing force
לדומיין הקיים..

זהו

זה עבד כמה חודשים,
לא יודע מתי הפסיק, היום בדקתי כי הוספתי משתמש לראשי וראיתי שהוא לא נוסף לשני
וגם ראיתי שלא היה שינוי ב gpo השני
| פרופיל | שלח הודעה | חפש
fLy (דורון לוי)
חבר ותיק
חבר ותיק


הצטרף בתאריך:
  Apr 17, 2009

מיקום: רמת השרון
הבעות תודה: 283
מספר הודעות: 1656

 #5  נשלח: ה' 23/05/2019 19:09

תריץ בשניהם dcdiag בשורת הפקודה וטפל בשגיאות(שאני מנחש שיצופו)
https://activedirectorypro.com/dcdiag-check-domain...
| פרופיל | שלח הודעה | חפש
Popcorn110 (יוסי)
חבר פעיל מאוד
חבר פעיל מאוד

הצטרף בתאריך:
  Aug 26, 2015
מספר הודעות: 101

 #6  נשלח: ה' 23/05/2019 21:49

fLy
·
fLy
·
תודה על הכיוון

מצאתי שיש בעיה בין server2 ל server1
אבל הפוך אין בעיה

השגיאה היית 8341
מצאתי פתרון באינטרנט
את הפקודה הזאת
netdom resetpwd /server:SCSRVBC0 /userd:*your_domain*\administrator /passwordd:*admin_password*

אחרי שביצעתי את זה
אני מפעיל dcdiag /s:server1 (מserver2) ועובד..

הבעיה היא, שאני מפעיל מחדש זה שוב לא עובד..
יכול להיות שהסיסמא מתאפסת בהפעלה מחדש של ה server?
אני רואה גם שAD גם לא מתעדכן ב server2
| פרופיל | שלח הודעה | חפש
fLy (דורון לוי)
חבר ותיק
חבר ותיק


הצטרף בתאריך:
  Apr 17, 2009

מיקום: רמת השרון
הבעות תודה: 283
מספר הודעות: 1656

 #7  נשלח: ו' 24/05/2019 9:26

תריץ dcdiag בשניהם, בלי שום סוויצ'ים ואופציות, ופרסם כאן את הפלט
| פרופיל | שלח הודעה | חפש
Popcorn110 (יוסי)
חבר פעיל מאוד
חבר פעיל מאוד

הצטרף בתאריך:
  Aug 26, 2015
מספר הודעות: 101

 #8  נשלח: ו' 24/05/2019 12:30

fLy
·
לא הבנתי את עניין הסוויץ

שני המחשבים לא נמצאים אחד ליד השני, הם בשני קומות שונים

ביצעתי dcdiag על שניהם כמו שהם עכשיו (דרך סוויץ)
מעלה 3 קבצים

server1 - התוצאה של server1 (הראשון)
server2 - התוצאה של server1
server2-after - התוצאה של server2 אחרי שביצעתי את הפקדוה netdom resetpwd


server1

ציטוט:

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = server1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER1
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: FrsEvent
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER1 failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER1 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
[SERVER1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SERVER1 failed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER1] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... SERVER1 failed test Replications
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: Services
Could not open NTDS Service on SERVER1, error 0x5
"Access is denied."
......................... SERVER1 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC00A0038
Time Generated: 05/24/2019 11:25:38
Event String:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 213.151.55.106.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:26:06
Event String:
Driver Microsoft Software Printer Driver required for printer OneNote is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:26:06
Event String:
Driver HP DJ 4670 series required for printer HP DJ 4670 series is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:26:07
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:26:09
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
......................... SERVER1 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : ***
Starting test: CheckSDRefDom
......................... *** passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... kc passed test CrossRefValidation

Running enterprise tests on : *****
Starting test: LocatorCheck
......................... ***** passed test LocatorCheck
Starting test: Intersite
......................... ***** passed test Intersite



server2



ציטוט:
Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SERVER2
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER2
Starting test: Connectivity
......................... SERVER2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER2
Starting test: Advertising
......................... SERVER2 passed test Advertising
Starting test: FrsEvent
......................... SERVER2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2 failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
[SERVER1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: SERVER1 is the Schema Owner, but is not responding to DS RPC
Bind.
[SERVER1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SERVER1 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: SERVER1 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SERVER1 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: SERVER1 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: SERVER1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER1 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: SERVER1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER1 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: SERVER1 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... SERVER2 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=ForestDnsZones,DC=***,DC==****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
940 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=DomainDnsZones,DC=***,DC==****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
1744 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Schema,CN=Configuration,DC=***,DC==****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
922 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Configuration,DC=***,DC==****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
925 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=***,DC==****
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-05-24 11:32:50.
The last success occurred at 2019-04-16 10:55:36.
6547 failures have occurred since the last success.
......................... SERVER2 failed test Replications
Starting test: RidManager
......................... SERVER2 failed test RidManager
Starting test: Services
......................... SERVER2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 10:46:06
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was ***\SERVER1$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (*****) is different from the client domain (*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:32
Event String:
Driver Microsoft Software Printer Driver required for printer OneNote is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:32
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:33
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:35
Event String:
Driver HP DJ 4670 series required for printer HP DJ 4670 series is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:25:46
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/c222aada-6180-46bb-80c0-327ff395eb46/*****@*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (*****) is different from the client domain (*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:36:53
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was LDAP/c222aada-6180-46bb-80c0-327ff395eb46._msdcs.*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (*****) is different from the client domain (*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:36:53
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was ldap/server1.*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (*****) is different from the client domain (*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... SERVER2 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2 passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : kc
Starting test: CheckSDRefDom
......................... kc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... kc passed test CrossRefValidation

Running enterprise tests on : *****
Starting test: LocatorCheck
......................... ***** passed test LocatorCheck
Starting test: Intersite
......................... ***** passed test Intersite



server2-after


ציטוט:

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SERVER2
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER2
Starting test: Connectivity
......................... SERVER2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER2
Starting test: Advertising
Warning: SERVER2 is not advertising as a Key Distribution Center.
Check that the Directory has started.
......................... SERVER2 failed test Advertising
Starting test: FrsEvent
......................... SERVER2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2 failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=ForestDnsZones,DC=***,DC=*****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 11:40:58.
The last success occurred at 2019-04-16 10:55:36.
941 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=DomainDnsZones,DC=***,DC=*****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 11:41:01.
The last success occurred at 2019-04-16 10:55:36.
1745 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Schema,CN=Configuration,DC=***,DC=*****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
922 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: CN=Configuration,DC=***,DC=*****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 10:57:08.
The last success occurred at 2019-04-16 10:55:36.
925 failures have occurred since the last success.
[Replications Check,SERVER2] A recent replication attempt failed:
From SERVER1 to SERVER2
Naming Context: DC=***,DC=*****
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

The failure occurred at 2019-05-24 11:41:20.
The last success occurred at 2019-04-16 10:55:36.
6549 failures have occurred since the last success.
......................... SERVER2 failed test Replications
Starting test: RidManager
......................... SERVER2 passed test RidManager
Starting test: Services
kdc Service is stopped on [SERVER2]
......................... SERVER2 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 10:46:06
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was ***\SERVER1$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (***.*****) is different from the client domain (***.*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:32
Event String:
Driver Microsoft Software Printer Driver required for printer OneNote is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:32
Event String:
Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:33
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 05/24/2019 11:25:35
Event String:
Driver HP DJ 4670 series required for printer HP DJ 4670 series is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:25:46
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/c222aada-6180-46bb-80c0-327ff395eb46/***.*****@***.*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (***.*****) is different from the client domain (***.*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:36:53
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was LDAP/c222aada-6180-46bb-80c0-327ff395eb46._msdcs.***.*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (***.*****) is different from the client domain (***.*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05/24/2019 11:36:53
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server1$. The target name used was ldap/server1.***.*****. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (***.*****) is different from the client domain (***.*****), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... SERVER2 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2 passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : kc
Starting test: CheckSDRefDom
......................... kc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... kc passed test CrossRefValidation

Running enterprise tests on : ***.*****
Starting test: LocatorCheck
......................... ***.***** passed test LocatorCheck
Starting test: Intersite
......................... ***.*****

passed test Intersite
| פרופיל | שלח הודעה | חפש
fLy (דורון לוי)
חבר ותיק
חבר ותיק


הצטרף בתאריך:
  Apr 17, 2009

מיקום: רמת השרון
הבעות תודה: 283
מספר הודעות: 1656

 #9  נשלח: ו' 24/05/2019 17:33

הכוונה ב'סוויצ'ים' זה האופציות שאחרי הפקודה, התכוונתי שתריץ dcdiag בלי / סלאשים למיניהם.
תריץ בבקשה את הפקודה שוב בשני השרתים מElevated command prompt - Command Prompt(Admin)
תבדוק Event Log אחרי שהרצת את הdcdiag, רוב הסיכויים שיהיה שגיאות שיש לחקור.
מה מונע ממך להוריד את הDC השני(dcpromo) ולהחזיר?

אינפורמציה נוספת:
https://redmondmag.com/articles/2014/08/28/dcdiag-...
https://dirteam.com/paul/2009/01/26/troubleshootin...
https://www.microsoft.com/en-us/download/details.a...
| פרופיל | שלח הודעה | חפש
ag43
חבר פעיל במיוחד
חבר פעיל במיוחד

הצטרף בתאריך:
  Aug 23, 2008
הבעות תודה: 62
מספר הודעות: 954

 #10  נשלח: שבת 25/05/2019 21:02

fLy כתב:

מה מונע ממך להוריד את הDC השני(dcpromo) ולהחזיר?

ציטוט:


·זו אכן דרך הפעולה המומלצת אם מיצית את כל שאר הדרכים.
(1) הבעות תודה: Popcorn110
| פרופיל | שלח הודעה | חפש
Popcorn110 (יוסי)
חבר פעיל מאוד
חבר פעיל מאוד

הצטרף בתאריך:
  Aug 26, 2015
מספר הודעות: 101

 #11  נשלח: ו' 31/05/2019 8:32

ag43 כתב:

ציטוט:
...


·זו אכן דרך הפעולה המומלצת אם מיצית את כל שאר הדרכים.


·זה הצליח תודה רבה!!!

גם זה עבד רק אחרי שרשמתי netdom resetpwd
לפני זה הוא לא הצליח להמחק

תודה רבה
| פרופיל | שלח הודעה | חפש
כל הזמנים הם שעון קיץ - ישראל (GMT+3) הצג הודעות קודמות:    
פורומים > רשתות, IT ומחשוב


  
    שם משתמש:
נתוני כניסה לכל אתרי HT:

  סיסמא:
 

  


 | 

קפוץ אל: 
לא ניתן לשלוח הודעות בפורום זה
לא ניתן להגיב להודעות בפורום זה
לא ניתן לערוך את הודעותיך בפורום זה
לא ניתן למחוק את הודעותיך בפורום זה
לא ניתן להצביע לסקרים בפורום זה
לא ניתן לצרף קבצים בפורום זה
לא ניתן להוריד קבצים בפורום זה

תקנון / תנאי השימוש באתר צור קשר / contact us כל הזכויות שמורות לקבוצת ht