Domain-Name-System
無法將機器加入域
我已在名為
LOKI. 它192.168.1.77由路由器分配靜態IP。它也是TCP/IPv4在 NIC 上手動設置的。網關設置為192.168.1.1(路由器)。主 DNS 伺服器設置為127.0.0.1。輔助 DNS 伺服器為空白。添加 Active Directory 域服務和 DNS 角色時 - 我選擇創建一個新林:(acme.com我使用此作為範例,但它實際上設置為我擁有的有效域)。NetBIOS 域名設置為ACME.我嘗試將物理伺服器 (
BALDER) 加入域,以及執行在BALDER. 我將BALDER主 DNS 伺服器TCP/IPv4設置為192.168.1.77. 它有一個由路由器分配的靜態IP192.168.1.75。我還嘗試TCP/IPv4使用192.168.1.1.加入域時,我使用的是帶有 TLD: 的完整域
acme.com。有時會提示我輸入憑據。我試過以下使用者:
acme\administratoracme.com\administratoracme\dbacme.com\db(
db企業管理員在哪裡)。輸入任何憑據後,我得到:--------------------------- Computer Name/Domain Changes --------------------------- The following error occurred attempting to join the domain "acme.com": The specified domain either does not exist or could not be contacted. --------------------------- OK ---------------------------…但大多數時候我會立即收到此錯誤消息,而不會提示您輸入憑據:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "acme.com": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.acme.com Common causes of this error include the following: - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 192.168.1.77 - One or more of the following zones do not include delegation to its child zone: acme.com com . (the root zone)我跑
dcdiag /fix了LOKI。所有測試通過。我已經執行了以下內容:
nslookup set type=all _ldap._tcp.dc._msdcs.acme.com在
LOKI(DC)上,我得到:Server: UnKnown Address: ::1 _ldap._tcp.dc._msdcs.acme.com SRV service location: priority = 0 weight = 100 port = 389 svr hostname = LOKI.acme.com LOKI.acme.com internet address = 192.168.1.77 LOKI.acme.com AAAA IPv6 address = 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c LOKI.acme.com AAAA IPv6 address = fdc6:f573:1ff9:0:8dce:ebee:6510:b61c我
BALDER得到:Server: UnKnown Address: fdc6:f573:1ff9:0:7250:afff:fe35:beec *** UnKnown can't find _ldap._tcp.dc._msdcs.acme.com: Non-existent domain我試過在 上執行它
LOKI,它成功完成:dcdiag /test:registerindns /dnsdomain:acme.com /v我還重新啟動了 DNS 伺服器,並重新啟動了
NetLogon服務。我已經嘗試
ipconfig /flushdns在兩者LOKI上執行BALDER.我可以從以及我的 VM成功 ping DC (
LOKI) 。BALDER我不知道用 IPv6 地址而不是 IPv4 地址回復是否重要。IPv6 地址由路由器上的 DHCP 動態設置。無論哪種方式,它都成功地解析了 FQDN。C:\Windows\system32>ping loki Pinging loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] with 32 bytes of data: Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time=1ms Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms Ping statistics for 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms機器通過單個 GigE 交換機連接(在 上執行
BALDER):C:\Windows\system32>tracert loki Tracing route to loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms LOKI [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] Trace complete.根據格雷格的評論,我已經執行了這個命令:
nltest /dsgetdc:acme.comDC 和加入伺服器的輸出似乎相同。
這是
LOKI(DC)的輸出:DC: \\LOKI.acme.com Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e Dom Name: acme.com Forest Name: acme.com Dc Site Name: Default-First-Site-Name Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 The command completed successfully這是
BALDER(加入伺服器)的輸出:DC: \\LOKI.acme.com Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e Dom Name: acme.com Forest Name: acme.com Dc Site Name: Default-First-Site-Name Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 The command completed successfully只是為了稍微混淆一下,我從不同的伺服器執行 PortQueryUI -
ODIN(打開的 VMBALDER)。我LOKI在Destination IP/FQDN to query欄位中輸入,並將其餘選項保留為預設值(要查詢的服務:域和信任)。我的文章超出了字元數限制,所以我已將結果上傳到 Pastebin。
我在
ipconfig /all幾台加入的伺服器上執行過——一台物理伺服器 (BALDER) 和一台虛擬機 (ODIN)。這是結果。
BALDER:Windows IP Configuration Host Name . . . . . . . . . . . . : BALDER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Home Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : QLogic BCM5708C Gigabit Ethernet (NDIS VBD Client) #50 Physical Address. . . . . . . . . : 00-22-19-61-D7-D3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter vEthernet (INTERNET): Connection-specific DNS Suffix . : Home Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter Physical Address. . . . . . . . . : 00-22-19-61-D7-D1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:15f2:deb5:93d3:460d(Preferred) IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:15f2:deb5:93d3:460d(Preferred) Link-local IPv6 Address . . . . . : fe80::15f2:deb5:93d3:460d%17(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 12 June 2017 23:05:03 Lease Expires . . . . . . . . . . : 13 June 2017 23:05:02 Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%17 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 335553049 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3 DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec 192.168.1.77 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:146b:3e88:3f57:feb4(Preferred) Link-local IPv6 Address . . . . . : fe80::146b:3e88:3f57:feb4%15(Preferred) Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 201326592 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Reusable ISATAP Interface {8620C56F-EB4F-484B-A9DA-5C135F83D4F6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Home Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{91D42D6A-0FF8-4541-AF50-FE8AB4C11F3D}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
ODIN:Windows IP Configuration Host Name . . . . . . . . . . . . : ODIN Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter Physical Address. . . . . . . . . : 00-15-5D-01-4C-05 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:6912:438f:9808:ad47(Preferred) IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:6912:438f:9808:ad47(Preferred) Link-local IPv6 Address . . . . . : fe80::6912:438f:9808:ad47%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.85(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%10 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 50337117 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05 DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec 192.168.1.77 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c7e:2db:fd81:f39(Preferred) Link-local IPv6 Address . . . . . : fe80::c7e:2db:fd81:f39%15(Preferred) Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 134217728 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Reusable ISATAP Interface {16673442-3677-41AD-94B2-86C728C55B62}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes我也嘗試將 DNS 後綴設置為
acme.com,但這沒有幫助。是什麼阻止我將任何機器加入域?
如果啟用了 IPV6,則客戶端必須在網路適配器屬性中具有有效的域控制器 DNS 條目。
在伺服器上手動設置靜態以使用域控制器機器作為網關,並手動設置 DNS,也可能與域控制器相同。然後嘗試加入域。
加入域後將這些設置回動態。