Instalei o Windows Server 2016 Datacenter em uma máquina física chamada LOKI. É alocado o IP estático 192.168.1.77pelo roteador. Ele também é definido manualmente na TCP/IPv4NIC. O gateway está definido para 192.168.1.1(o roteador). O servidor DNS primário está definido como 127.0.0.1. O Servidor DNS Secundário está em branco. Ao adicionar os serviços de domínio do Active Directory e as funções de DNS - optei por criar uma nova floresta: acme.com(estou usando isso como exemplo, mas na verdade está definido como um domínio válido que possuo). O nome de domínio NetBIOS foi definido como ACME.
Eu tentei ingressar em um servidor físico ( BALDER) ao domínio, bem como em VMs em execução no BALDER. Eu tenho BALDERo servidor DNS primário TCP/IPv4definido como 192.168.1.77. Possui um IP estático atribuído pelo roteador de 192.168.1.75. Eu também tentei configurá-lo manualmente TCP/IPv4com um gateway de 192.168.1.1.
Ao ingressar no domínio, estou usando o domínio completo, com o TLD: acme.com.
Ocasionalmente, sou solicitado a fornecer credenciais. Já tentei os seguintes usuários:
acme\administratoracme.com\administratoracme\dbacme.com\db
(onde dbé um Administrador de Empresa). Ao inserir quaisquer credenciais, recebo:
---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "acme.com":
The specified domain either does not exist or could not be contacted.
---------------------------
OK
---------------------------
...mas na maioria das vezes recebo imediatamente esta mensagem de erro, sem ser solicitada as credenciais:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "acme.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.acme.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.77
- One or more of the following zones do not include delegation to its child zone:
acme.com
com
. (the root zone)
Eu dcdiag /fixcorri LOKI. Todos os testes passam.
Eu executei o seguinte:
nslookup
set type=all
_ldap._tcp.dc._msdcs.acme.com
No LOKI(DC) eu recebo:
Server: UnKnown
Address: ::1
_ldap._tcp.dc._msdcs.acme.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = LOKI.acme.com
LOKI.acme.com internet address = 192.168.1.77
LOKI.acme.com AAAA IPv6 address = 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
LOKI.acme.com AAAA IPv6 address = fdc6:f573:1ff9:0:8dce:ebee:6510:b61c
Em BALDEReu recebo:
Server: UnKnown
Address: fdc6:f573:1ff9:0:7250:afff:fe35:beec
*** UnKnown can't find _ldap._tcp.dc._msdcs.acme.com: Non-existent domain
Eu tentei executar isso em LOKI, que é concluído com sucesso:
dcdiag /test:registerindns /dnsdomain:acme.com /v
Também reiniciei o servidor DNS e reiniciei o NetLogonserviço.
Eu tentei rodar ipconfig /flushdnsem ambos LOKIe BALDER.
Eu posso pingar com sucesso o DC ( LOKI) de BALDER, bem como minhas VMs. Não sei se importa que esteja respondendo com um endereço IPv6 em vez de um endereço IPv4. Os endereços IPv6 são definidos dinamicamente pelo DHCP no roteador. De qualquer forma, está resolvendo com sucesso o FQDN.
C:\Windows\system32>ping loki
Pinging loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] with 32 bytes of data:
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time=1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Ping statistics for 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
As máquinas são conectadas por um único switch GigE (executando isso em BALDER):
C:\Windows\system32>tracert loki
Tracing route to loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms LOKI [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
Trace complete.
De acordo com o comentário de Greg, executei este comando:
nltest /dsgetdc:acme.com
A saída parece ser a mesma do DC e de um servidor de ingresso.
Aqui está a saída de LOKI(o DC):
DC: \\LOKI.acme.com
Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
Aqui está a saída de BALDER(um servidor de ingresso):
DC: \\LOKI.acme.com
Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
Apenas para misturar um pouco, executei o PortQueryUI de um servidor diferente - ODIN(uma VM em BALDER). Entrei LOKIno campo Destination IP/FQDN to query e deixei o restante das opções como padrão ( Service to query: Domains and Trusts ).
Minha postagem está excedendo o limite de caracteres, então enviei os resultados para o Pastebin.
Eu executei ipconfig /allem alguns servidores de junção — um servidor físico ( BALDER) e uma VM ( ODIN). Aqui estão os resultados.
BALDER:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BALDER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : QLogic BCM5708C Gigabit Ethernet (NDIS VBD Client) #50
Physical Address. . . . . . . . . : 00-22-19-61-D7-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter vEthernet (INTERNET):
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-22-19-61-D7-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:15f2:deb5:93d3:460d(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:15f2:deb5:93d3:460d(Preferred)
Link-local IPv6 Address . . . . . : fe80::15f2:deb5:93d3:460d%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 June 2017 23:05:03
Lease Expires . . . . . . . . . . : 13 June 2017 23:05:02
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%17
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 335553049
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:146b:3e88:3f57:feb4(Preferred)
Link-local IPv6 Address . . . . . : fe80::146b:3e88:3f57:feb4%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201326592
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {8620C56F-EB4F-484B-A9DA-5C135F83D4F6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{91D42D6A-0FF8-4541-AF50-FE8AB4C11F3D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ODIN:
Windows IP Configuration
Host Name . . . . . . . . . . . . : ODIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-4C-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:6912:438f:9808:ad47(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:6912:438f:9808:ad47(Preferred)
Link-local IPv6 Address . . . . . : fe80::6912:438f:9808:ad47%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%10
192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 50337117
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c7e:2db:fd81:f39(Preferred)
Link-local IPv6 Address . . . . . : fe80::c7e:2db:fd81:f39%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {16673442-3677-41AD-94B2-86C728C55B62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Eu também tentei definir o sufixo DNS para acme.com, mas isso não ajudou.
O que está me impedindo de associar qualquer máquina ao domínio?
Se o IPV6 estiver habilitado, os clientes deverão ter entradas DNS de controlador de domínio válidas nas propriedades do adaptador de rede.
Configure sua estática manualmente no servidor para usar a máquina do controlador de domínio como o gateway e configure o DNS manualmente, provavelmente o mesmo que o controlador de domínio. Em seguida, tente ingressar no domínio.
Defina-os novamente como dinâmicos depois de ingressar no domínio.