在尝试颁发中间 CA 证书时,我创建了一个为 CA 设置 x509 基本约束的模板,但我故意将“关键”关闭。
当我使用此模板创建证书时,创建的证书具有标记为关键的基本约束。似乎 CA 正在覆盖我的模板并使约束变得至关重要。
即使我使用certutil设置基本约束的扩展值。一旦我颁发了证书,它就变回了关键。
当尝试使用 mod_substitute 和 mod_filter 从文本内容类型替换内容时,它不适用于反向代理配置。
<virtualhost *:80>
ServerName rp
ProxyRequests Off
ProxyPreserveHost Off
<Location />
ProxyPass http://site/
ProxyPassReverse http://site/
FilterDeclare replace
FilterProvider replace SUBSTITUTE resp=Content-Type $text/
FilterProtocol replace "change=yes proxy=transform cache=no"
FilterChain +replace
FilterTrace replace 1
Substitute "s/foo/bar/in"
</Location>
</virtualhost>
请求标头看起来像
Host: site
Cache-Control: max-age=0
Accept: image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102 Safari/537.36
Referer: http://rp/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
X-Forwarded-For: 10.1.1.107
X-Forwarded-Host: rp
X-Forwarded-Server: rp
Connection: Keep-Alive
这可能是什么原因?
我需要在邮箱服务器上重新安装操作系统。如果我:
- 备份数据库
- 卸载交换
- 重做操作系统
- 重新安装交换
- 恢复数据库
...该服务器的配置是否会保留(用户邮箱等)?
如果不是,我应该遵循什么流程?
编辑:这不是唯一的交换服务器。只要至少有一台服务器剩余,配置是否会保留?
JD990A上的接口非常精简。有一个带有最少命令的串行控制台和一个 Web 界面。3750 在 2 个交换机堆栈中,我正在尝试使用 HP 配置跨堆栈链路聚合。大多数在线信息都倾向于使用 cli 访问的更好的 HP 交换机,而这是没有的。
有谁知道实现这一目标可能需要什么?
Cisco 3750:Cisco IOS 软件、C3750E 软件 (C3750E-UNIVERSALK9NPE-M),版本 15.0(2)SE2,发布软件 (fc1)
HP JD990A:软件版本:02.00.01
思科 3750 配置
!
! Last configuration change at 01:50:10 AEST Thu Jun 13 2013 by administrator
! NVRAM config last updated at 01:50:11 AEST Thu Jun 13 2013 by administrator
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname 1.c.s.net
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 redacted
!
username administrator privilege 15 secret 5 redacted
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
!
aaa session-id common
clock timezone redacted
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
!
!
!
ip domain-name corp.redacted.com.au
!
stack-power stack PowerStack-1
!
!
!
crypto pki trustpoint TP-self-signed-3311124608
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3311124608
revocation-check none
rsakeypair TP-self-signed-3311124608
!
!
crypto pki certificate chain TP-self-signed-3311124608
certificate self-signed 01
redacted
quit
cts server deadtime 0
no cts server test all enable
cts server test all idle-time 0
cts server test all deadtime 0
!
!
!
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip scp server enable
!
!
!
!
!
interface Port-channel5
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
channel-protocol lacp
channel-group 5 mode active
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
channel-protocol lacp
channel-group 5 mode active
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface Vlan1
ip address 10.1.1.242 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
!
line con 0
logging synchronous
line vty 0
exec-timeout 0 0
transport input ssh
transport output ssh
line vty 1 4
line vty 5 15
!
ntp server 10.1.1.21 prefer
end
配置 apcupsd 并启动服务后,服务最终超时并报告Warning communications lost with UPS。
ups 配置了客户端的 IP,客户端配置了正确的密码(在其他使用 PCNS 软件的机器上工作)
环境
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise
UPS
Model: Smart-UPS RT 8000 XL
Position: TOWER
Serial Number: IS10xxxxxxxx
Firmware Revision: 477.18.W
Manufacture Date: 12/02/10
apcupsd配置文件
UPSCABLE ether
UPSTYPE pcnet
DEVICE 10.1.1.11:admin:WVAVWFr5FV6SRq7u
LOCKFILE /var/lock
SCRIPTDIR /etc/apcupsd
PWRFAILDIR /etc/apcupsd
NOLOGINDIR /etc
ONBATTERYDELAY 6
BATTERYLEVEL 5
MINUTES 3
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 127.0.0.1
NISPORT 3551
EVENTSFILE /var/log/apcupsd.events
EVENTSFILEMAX 10
UPSCLASS standalone
UPSMODE disable
STATTIME 0
STATFILE /var/log/apcupsd.status
LOGSTATS on
DATATIME 0
笔记
我已经清除了 ubuntu apcupsd 包并使用enable-pcnet配置标志从源代码构建/安装。
我在查看host 10.1.1.11. 我只能看到来自 UPS 的数据包,但没有任何数据包进入。我认为 apcupsd 甚至没有尝试与它通信。也许设备线不工作?
我在安装我们的服务器时遇到问题Exchange 2010,客户端访问身份验证不起作用,除非将服务器配置为具有global catalogue.
由于时间限制,我将其投入生产,但我现在真的需要修复它。我不知道问题出在哪里或如何识别问题。
我的问题是:
什么可能导致这个问题?我该如何测试和修复它?
我真的不知道哪些信息与该问题相关,但是;
服务器操作系统Win 2008 R2和所有 DC 都相同。Exchange 服务器具有CAS,Hub Transport和Mailbox Server角色。外部邮件由另一个在 DMZ 中运行边缘角色的 exchange 2010 服务器接收。(这工作正常,边缘服务器不是 DC...显然 ;))
请让我知道可以添加哪些附加信息来改进这个问题。我会尽快添加它。
这是this的后续问题。
dcsdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC2, is a Directory Server.
Home Server = DC2
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=domain,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=domain,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC3,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MX1,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Brisbane\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Brisbane\DC2
Starting test: Advertising
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
The DS DC2 is advertising as a GC.
......................... DC2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... DC2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
Role Domain Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
Role PDC Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
Role Rid Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
......................... DC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC2 on DC DC2.
* SPN found :LDAP/DC2.corp.domain/corp.domain
* SPN found :LDAP/DC2.corp.domain
* SPN found :LDAP/DC2
* SPN found :LDAP/DC2.corp.domain/corpdomain
* SPN found :LDAP/ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ef6459ec-28d5-4ab4-85bc-778547782ce7/corp.domain
* SPN found :HOST/DC2.corp.domain/corp.domain
* SPN found :HOST/DC2.corp.domain
* SPN found :HOST/DC2
* SPN found :HOST/DC2.corp.domain/corpdomain
* SPN found :GC/DC2.corp.domain/corp.domain
......................... DC2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC2.
* Security Permissions Check for
DC=ForestDnsZones,DC=corp,DC=domain
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=corp,DC=domain
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=corp,DC=domain
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=corp,DC=domain
(Configuration,Version 3)
* Security Permissions Check for
DC=corp,DC=domain
(Domain,Version 3)
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC2\netlogon
Verified share \\DC2\sysvol
......................... DC2 passed test NetLogons
Starting test: ObjectsReplicated
DC2 is in domain DC=corp,DC=domain
Checking for CN=DC2,OU=Domain Controllers,DC=corp,DC=domain in domain DC=corp,DC=domain on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain in domain CN=Configuration,DC=corp,DC=domain on 1 servers
Object is up-to-date on all servers.
......................... DC2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=corp,DC=domain
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=corp,DC=domain
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=corp,DC=domain
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=corp,DC=domain
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=corp,DC=domain
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 3102 to 1073741823
* DC2.corp.domain is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1602 to 2101
* rIDPreviousAllocationPool is 1602 to 2101
* rIDNextRID: 1818
......................... DC2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2 passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x80000003
Time Generated: 03/19/2013 13:15:51
Event String:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 3:15:51.0000 3/19/2013 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: CORP.domain
Server Name: dc2$@CORP.domain
Target Name: dc2$@CORP.domain@CORP.domain
Error Text:
File: 9
Line: f09
Error Data is in record data.
An error event occurred. EventID: 0x80000003
Time Generated: 03/19/2013 13:30:51
Event String:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 3:30:51.0000 3/19/2013 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: CORP.domain
Server Name: dc2$@CORP.domain
Target Name: dc2$@CORP.domain@CORP.domain
Error Text:
File: 9
Line: f09
Error Data is in record data.
An error event occurred. EventID: 0x80000003
Time Generated: 03/19/2013 13:45:52
Event String:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 3:45:52.0000 3/19/2013 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: CORP.domain
Server Name: dc2$@CORP.domain
Target Name: dc2$@CORP.domain@CORP.domain
Error Text:
File: 9
Line: f09
Error Data is in record data.
An error event occurred. EventID: 0x80000003
Time Generated: 03/19/2013 13:53:46
Event String:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 3:53:46.0000 3/19/2013 Z
Error Code: 0x29 KRB_AP_ERR_MODIFIED
Extended Error:
Client Realm:
Client Name:
Server Realm: CORP.domain
Server Name: dc2$
Target Name:
Error Text:
File: 3
Line: 576
Error Data is in record data.
An error event occurred. EventID: 0x80000003
Time Generated: 03/19/2013 14:00:52
Event String:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 4:0:52.0000 3/19/2013 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: CORP.domain
Server Name: dc2$@CORP.domain
Target Name: dc2$@CORP.domain@CORP.domain
Error Text:
File: 9
Line: f09
Error Data is in record data.
......................... DC2 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC2,OU=Domain Controllers,DC=corp,DC=domain and
backlink on
CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
are correct.
The system object reference (serverReferenceBL)
CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=corp,DC=domain
and backlink on
CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=corp,DC=domain
and backlink on
CN=DC2,OU=Domain Controllers,DC=corp,DC=domain are
correct.
......................... DC2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.domain
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\DC2.corp.domain
Locator Flags: 0xe00031fd
PDC Name: \\DC2.corp.domain
Locator Flags: 0xe00031fd
Time Server Name: \\DC2.corp.domain
Locator Flags: 0xe00031fd
Preferred Time Server Name: \\DC2.corp.domain
Locator Flags: 0xe00031fd
KDC Name: \\DC2.corp.domain
Locator Flags: 0xe00031fd
......................... corp.domain passed test
LocatorCheck
Starting test: Intersite
Skipping site Brisbane, this site is outside the scope provided by the
command line arguments provided.
......................... corp.domain passed test Intersite
dcsdiag /测试:拓扑
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Brisbane\DC2
Starting test: Connectivity
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Brisbane\DC2
Starting test: Topology
......................... DC2 passed test Topology
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : corp
Running enterprise tests on : corp.domain
dcsdiag /测试:复制
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Brisbane\DC2
Starting test: Connectivity
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Brisbane\DC2
Starting test: Replications
......................... DC2 passed test Replications
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : corp
Running enterprise tests on : corp.domain
dnslint /ad 10.1.1.21 /s 10.1.1.21
DNSLint Report
System Date: Tue Mar 19 14:43:20 2013
Command run:
c:\dnslint\dnslint /ad 10.1.1.21 /s 10.1.1.21
Root of Active Directory Forest:
corp.domain
Active Directory Forest Replication GUIDs Found:
DC: DC2
GUID: ef6459ec-28d5-4ab4-85bc-778547782ce7
DC: DC3
GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
DC: MX1
GUID: 579be28b-006e-4f1c-911a-780458c5d081
Total GUIDs found: 3
--------------------------------------------------------------------------------
The following 2 DNS servers were checked for records related to AD forest replication:
DNS server: dc2.corp.domain
IP Address: 10.1.1.21
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: dc2.corp.domain
Hostmaster: hostmaster.corp.domain
Zone serial number: 150
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
dc2.corp.domain Unknown
dc3.corp.domain Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
Alias: dc2.corp.domain
Glue: 10.1.1.21
CNAME: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346._msdcs.corp.domain
Alias: dc3.corp.domain
Glue: 10.1.1.22
CNAME: 579be28b-006e-4f1c-911a-780458c5d081._msdcs.corp.domain
Alias: mx1.corp.domain
Glue: 10.1.1.25
Total number of CNAME records found on this server: 3
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------------------------------------------------------------
DNS server: dc3.corp.domain
IP Address: 10.1.1.22
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: dc3.corp.domain
Hostmaster: hostmaster.corp.domain
Zone serial number: 150
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
dc2.corp.domain Unknown
dc3.corp.domain Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
Alias: dc2.corp.domain
Glue: 10.1.1.21
CNAME: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346._msdcs.corp.domain
Alias: dc3.corp.domain
Glue: 10.1.1.22
CNAME: 579be28b-006e-4f1c-911a-780458c5d081._msdcs.corp.domain
Alias: mx1.corp.domain
Glue: 10.1.1.25
Total number of CNAME records found on this server: 3
Total number of CNAME records missing on this server: 0
dnscmd /zoneinfo corp.domain
Zone query result:
Zone info:
ptr = 0000000000197AB0
zone name = corp.domain
zone type = 1
shutdown = 0
paused = 0
update = 2
DS integrated = 1
read only zone = 0
in DS loading queue = 0
currently DS loading = 0
data file = (null)
using WINS = 0
using Nbstat = 0
aging = 0
refresh interval = 168
no refresh = 168
scavenge available = 0
Zone Masters NULL IP Array.
Zone Secondaries NULL IP Array.
secure secs = 1
directory partition = AD-Domain flags 00000015
zone DN = DC=corp.domain,cn=MicrosoftDNS,DC=DomainDnsZones,DC=corp,DC=domain
Command completed successfully.
重新管理/showrepl
Repadmin: running command /showrepl against full DC localhost
Brisbane\DC2
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: ef6459ec-28d5-4ab4-85bc-778547782ce7
DSA invocationID: d2eb9fee-f5ee-458d-b37f-813d6cc41d9b
==== INBOUND NEIGHBORS ======================================
DC=corp,DC=domain
Brisbane\MX1 via RPC
DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
Last attempt @ 2013-03-19 14:58:35 was successful.
Brisbane\DC3 via RPC
DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
Last attempt @ 2013-03-19 14:59:08 was successful.
CN=Configuration,DC=corp,DC=domain
Brisbane\DC3 via RPC
DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
Last attempt @ 2013-03-19 14:55:31 was successful.
Brisbane\MX1 via RPC
DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
Last attempt @ 2013-03-19 14:55:31 was successful.
CN=Schema,CN=Configuration,DC=corp,DC=domain
Brisbane\DC3 via RPC
DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
Last attempt @ 2013-03-19 14:55:31 was successful.
Brisbane\MX1 via RPC
DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
Last attempt @ 2013-03-19 14:55:31 was successful.
DC=DomainDnsZones,DC=corp,DC=domain
Brisbane\DC3 via RPC
DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
Last attempt @ 2013-03-19 14:55:31 was successful.
DC=ForestDnsZones,DC=corp,DC=domain
Brisbane\DC3 via RPC
DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
Last attempt @ 2013-03-19 14:55:31 was successful.
重新管理/replsummary
Replication Summary Start Time: 2013-03-19 14:59:31
Beginning data collection for replication summary, this may take awhile:
......
Source DSA largest delta fails/total %% error
DC2 12m:51s 0 / 8 0
DC3 12m:51s 0 / 8 0
MX1 11m:11s 0 / 6 0
Destination DSA largest delta fails/total %% error
DC2 04m:00s 0 / 8 0
DC3 11m:11s 0 / 8 0
MX1 12m:51s 0 / 6 0
重新管理/kcc
Repadmin: running command /kcc against full DC localhost
Brisbane
Current Site Options: (none)
Consistency check on localhost successful.
Netdom -查询 fsmo
Schema master DC2.corp.domain
Domain naming master DC2.corp.domain
PDC DC2.corp.domain
RID pool manager DC2.corp.domain
Infrastructure master DC2.corp.domain
The command completed successfully.
最初在设置时Exchange 2010 CAS我遇到了权限问题。我通过将服务器提升为带有 GC 的 DC 来绕过它们。
服务器最初安装有2008 R2 Standard ED. 我需要进行就地升级,ENTERPRISE这需要我先将此服务器上的 DC 降级 (AKAIK)。
这是一个生产服务器。
我的问题是:如何最好地实现这一目标?
如果您只能针对可能出现的问题提供一些建议,我也将不胜感激。
环境是Ubuntu Server 12.04
我想在服务器上创建一个用户,该用户只能通过 ssh 进入在日志文件上运行 tail -f 的 shell,并在程序结束后关闭会话 (ctrl+c)。
有没有办法做到这一点?
我的域没有 CIFS/mydomain.com 的 SPN。我的 DC 抛出错误代码:KDC_ERR_S_PRINCIPAL_UNKNOWN。域中有许多 Windows 工作站正在尝试使用此 SPN。
setspn -a cifs/corp.com.au corp.com.au
FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525
Unable to locate account corp.com.au
这会造成什么问题?这个 SPN 应该默认存在吗?
全天 DNS 服务器(2x Win 2k8 R2 服务器)无法响应请求。失败的请求都在 .root 区域中,这些区域要么被缓存,要么从我们转发到根提示之前从 5 台 DNS 服务器中的 1 台获取。
起初我以为我们转发到的 DNS 服务器有问题。所以我添加了一些。目前转发列表看起来像
- 互联网服务提供商 DNS 1
- 打开 DNS 1
- 互联网服务提供商 DNS 2
- 打开 DNS 2
- 互联网服务提供商 DNS 3
我努力了:
- 关闭根提示。
- 将记录清理设置为 7 天。
dnscmd /config /EnableEDNSProbes 0按照这个使用。
DNS服务器抓包显示局域网客户端与本地DNS服务器之间有大量服务器故障的查询响应;它似乎没有转发这些请求。那么缓存可能有问题吗?
有没有人有什么我可以尝试让它工作的?
转发器窗格
这是来自名为 DC3 的辅助 DNS 的上限,带有捕获过滤器“端口 53”