компьютерный форум
Вернуться   Компьютерный форум > Компьютерный форум > Операционные системы и ПО > Системному администратору


Ответ
 
LinkBack Опции темы Опции просмотра
Старый 15.04.2010, 19:47   #1
Пользователи
 
Регистрация: 15.04.2010
Сообщений: 4
По умолчанию

6005/6006
Код:
The winlogon notification subscriber  took 62 second(s) to handle the notification event (CreateSession).
решения в сети не нашёл вовсе.. ip v 6 отключён.

1014
Код:
Name resolution for the name domain.local timed out after none of the configured DNS servers responded.
оба днс доступны, в чём проблема - без понятия.

29
Код:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
Выполняю шаги отсюда - _ttp://technet.microsoft.com/en-us/library/cc734096%28WS.10%29.aspx

Во-первых в Certificates/Personal/ - нет ничего, чтобы удалить недействительный.

C:Windowssystem32>certutil -dcinfo verify
0: DC01
1: DC00

*** Testing DC[0]: DC01
** Enterprise Root Certificates for DC DC01
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC DC01
0 KDC certs for DC01
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)

*** Testing DC[1]: DC00
** Enterprise Root Certificates for DC DC00
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC DC00
0 KDC certs for DC00
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)

CertUtil: -DCInfo command FAILED: 0x80092004 (-2146885628)
CertUtil: Cannot find object or property.


во-вторых, при создании нового требует указать URI.. Какой указывать? если указываю LDAP:, то недоступна кнопка ADD...



Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dc00
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter domain.local:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigab
it Ethernet Controller
Physical Address. . . . . . . . . : 00-0E-2E-41-09-8F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.183.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.183.10
DNS Servers . . . . . . . . . . . : 192.168.183.2
192.168.183.1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{25463427-86CE-45B5-8EBE-E31DCA043513}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = dc00
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-NameDC00
Starting test: Connectivity
......................... DC00 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-NameDC00
Starting test: Advertising
......................... DC00 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC00 passed test FrsEvent
Starting test: DFSREvent
......................... DC00 passed test DFSREvent
Starting test: SysVolCheck
......................... DC00 passed test SysVolCheck
Starting test: KccEvent
......................... DC00 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC00 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC00 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
......................... DC00 failed test NCSecDesc
Starting test: NetLogons
[DC00] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... DC00 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC00 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC00] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105 "Replication access was denied."
......................... DC00 failed test Replications
Starting test: RidManager
......................... DC00 passed test RidManager
Starting test: Services
Could not open NTDS Service on DC00, error 0x5 "Access is denied."
......................... DC00 failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 04/15/2010 19:44:12
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x0000000C
Time Generated: 04/15/2010 19:45:28
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
A warning event occurred. EventID: 0x000003F6
Time Generated: 04/15/2010 19:48:01
Event String:
Name resolution for the name crl.microsoft.com timed out after none
of the configured DNS servers responded.
......................... DC00 passed test SystemLog
Starting test: VerifyReferences
......................... DC00 passed test VerifyReferences


Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation

Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite


netdiag /v
'netdiag' is not recognized as an internal or external command,
operable program or batch file.




primasys вне форума  
Digg this Post!Bookmark Post in Technorati
Ответить с цитированием
15.04.2010, 19:47
Техник
реклама
По умолчанию

Старый 16.04.2010, 11:32   #2
Пользователи
 
Регистрация: 15.04.2010
Сообщений: 4
По умолчанию

Все ошибки решил кроме 29 (KDC). Можно развернуть AD CA?
Если да, то можно ли его настроить под управлением 2008р2 стандарт?
primasys вне форума  
Digg this Post!Bookmark Post in Technorati
Ответить с цитированием
Старый 16.04.2010, 14:50   #3
Пользователи
 
Регистрация: 15.04.2010
Сообщений: 4
По умолчанию

Избавился от всех ошибок. Но!

Поднял CA, начали появляться ошибки 91 и 40960 при каждой перезагрузке.

The Security System detected an authentication error for the server LDAP/DC00. The failure code from authentication protocol Kerberos was "An attempt was made to logon, but the netlogon service was not started.
(0xc0000192)".

Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.

Дал разрешения как указано здесь - http://technet.microsoft.com/en-us/library...803(WS.10).aspx. Не помогло.

В какую сторону хоть смотреть, как справиться?

По 40960 есть куча способов на евентид, но ничего толкового не увидел там...

Параметр DependOnService имеет два значение:
LanmanWorkstation
LanmanServer
Так и надо? Или оставить один?
primasys вне форума  
Digg this Post!Bookmark Post in Technorati
Ответить с цитированием
Ответ


Опции темы
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Trackbacks are Вкл.
Pingbacks are Вкл.
Refbacks are Вкл.



Текущее время: 13:28. Часовой пояс GMT.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd. Перевод: zCarot
Content Relevant URLs by vBSEO 3.5.0 RC2