我已在名为LOKI. 它192.168.1.77由路由器分配静态IP。它也是TCP/IPv4在 NIC 上手动设置的。网关设置为192.168.1.1(路由器)。主 DNS 服务器设置为127.0.0.1。辅助 DNS 服务器为空白。添加 Active Directory 域服务和 DNS 角色时 - 我选择创建一个新林:(acme.com我使用此作为示例,但它实际上设置为我拥有的有效域)。NetBIOS 域名设置为ACME.
我尝试将物理服务器 ( BALDER) 加入域,以及运行在BALDER. 我将BALDER主 DNS 服务器TCP/IPv4设置为192.168.1.77. 它有一个由路由器分配的静态IP 192.168.1.75。我还尝试TCP/IPv4使用192.168.1.1.
加入域时,我使用的是带有 TLD: 的完整域acme.com。
有时会提示我输入凭据。我试过以下用户:
acme\administratoracme.com\administratoracme\dbacme.com\db
(db企业管理员在哪里)。输入任何凭据后,我得到:
---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "acme.com":
The specified domain either does not exist or could not be contacted.
---------------------------
OK
---------------------------
...但大多数时候我会立即收到此错误消息,而不会提示您输入凭据:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "acme.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.acme.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.77
- One or more of the following zones do not include delegation to its child zone:
acme.com
com
. (the root zone)
我跑dcdiag /fix了LOKI。所有测试通过。
我已经运行了以下内容:
nslookup
set type=all
_ldap._tcp.dc._msdcs.acme.com
在LOKI(DC)上,我得到:
Server: UnKnown
Address: ::1
_ldap._tcp.dc._msdcs.acme.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = LOKI.acme.com
LOKI.acme.com internet address = 192.168.1.77
LOKI.acme.com AAAA IPv6 address = 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
LOKI.acme.com AAAA IPv6 address = fdc6:f573:1ff9:0:8dce:ebee:6510:b61c
我BALDER得到:
Server: UnKnown
Address: fdc6:f573:1ff9:0:7250:afff:fe35:beec
*** UnKnown can't find _ldap._tcp.dc._msdcs.acme.com: Non-existent domain
我试过在 上运行它LOKI,它成功完成:
dcdiag /test:registerindns /dnsdomain:acme.com /v
我还重新启动了 DNS 服务器,并重新启动了NetLogon服务。
我已经尝试ipconfig /flushdns在两者LOKI上运行BALDER.
我可以从以及我的 VM成功 ping DC ( LOKI) 。BALDER我不知道用 IPv6 地址而不是 IPv4 地址回复是否重要。IPv6 地址由路由器上的 DHCP 动态设置。无论哪种方式,它都成功地解析了 FQDN。
C:\Windows\system32>ping loki
Pinging loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] with 32 bytes of data:
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time=1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Ping statistics for 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
机器通过单个 GigE 交换机连接(在 上运行BALDER):
C:\Windows\system32>tracert loki
Tracing route to loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms LOKI [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
Trace complete.
根据格雷格的评论,我已经运行了这个命令:
nltest /dsgetdc:acme.com
DC 和加入服务器的输出似乎相同。
这是LOKI(DC)的输出:
DC: \\LOKI.acme.com
Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
这是BALDER(加入服务器)的输出:
DC: \\LOKI.acme.com
Address: \\2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
只是为了稍微混淆一下,我从不同的服务器运行 PortQueryUI - ODIN(打开的 VM BALDER)。我LOKI在Destination IP/FQDN to query字段中输入,并将其余选项保留为默认值(要查询的服务:域和信任)。
我的帖子超出了字符数限制,所以我已将结果上传到 Pastebin。
我在ipconfig /all几台加入的服务器上运行过——一台物理服务器 ( BALDER) 和一台虚拟机 ( ODIN)。这是结果。
BALDER:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BALDER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : QLogic BCM5708C Gigabit Ethernet (NDIS VBD Client) #50
Physical Address. . . . . . . . . : 00-22-19-61-D7-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter vEthernet (INTERNET):
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-22-19-61-D7-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:15f2:deb5:93d3:460d(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:15f2:deb5:93d3:460d(Preferred)
Link-local IPv6 Address . . . . . : fe80::15f2:deb5:93d3:460d%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 June 2017 23:05:03
Lease Expires . . . . . . . . . . : 13 June 2017 23:05:02
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%17
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 335553049
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:146b:3e88:3f57:feb4(Preferred)
Link-local IPv6 Address . . . . . : fe80::146b:3e88:3f57:feb4%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201326592
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {8620C56F-EB4F-484B-A9DA-5C135F83D4F6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{91D42D6A-0FF8-4541-AF50-FE8AB4C11F3D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ODIN:
Windows IP Configuration
Host Name . . . . . . . . . . . . : ODIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-4C-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:6912:438f:9808:ad47(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:6912:438f:9808:ad47(Preferred)
Link-local IPv6 Address . . . . . : fe80::6912:438f:9808:ad47%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%10
192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 50337117
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c7e:2db:fd81:f39(Preferred)
Link-local IPv6 Address . . . . . : fe80::c7e:2db:fd81:f39%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {16673442-3677-41AD-94B2-86C728C55B62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
我也尝试将 DNS 后缀设置为acme.com,但这没有帮助。
是什么阻止我将任何机器加入域?
如果启用了 IPV6,则客户端必须在网络适配器属性中具有有效的域控制器 DNS 条目。
在服务器上手动设置静态以使用域控制器机器作为网关并手动设置 DNS 以及可能与域控制器相同。然后尝试加入域。
加入域后将这些设置回动态。