Dns сервер обнаружил ошибку 9002

 In our all Server 2003 network, the domain controller with DNS keeps getting this error:

 Event Type: Warning

Event Source: DNS

Event Category: None

Event ID: 4521

Date: 6/23/2009

Time: 10:10:52 AM

User: N/A

Computer: Sam1

Description:

The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Forward/Reverse zones look good.  IP settings look good (on all DC’s).  Computers are registering properly in DNS and nslookup works.  

Doing a Dcdiag and Netdiag on this server has everything passing but not when I do it on the other four DC’s.  On the other DC’s the Dcdiag shows a different server being returned for DsGetDcName than the one it should be showing.

Netdiag fails on advertising and frsevent.

File replication is definitely not working properly.  The SYSVOL will not replicated even to a newly introduced domain controller.

I’m just trying to figure out if DNS is the problem for all of this since Active Directory relies so heavily on it.

I am also unable to create another DNS zone.  What happens if I delete my current zone (only this one server runs DNS)?  Will it wipe out my Users/Computers or what?

Здравствуйте.

На DNS в событиях. Внешне пока все работает. Но необходимо поднимать резервный контроллер домена. Посмотрите плиз….

Тип события:    Предупреждение
Источник события:    DNS
Категория события:    Отсутствует
Код события:    4521
Дата:        29.07.2009
Время:        7:54:14
Пользователь:        Н/Д
Компьютер:    SRV
Описание:
DNS-сервер обнаружил ошибку 9002 при попытке загрузки зоны . из службы каталогов Active Directory. DNS-сервер повторит попытку загрузки этой зоны по истечении цикла тайм-аута. Эта ошибка может быть вызвана высокой нагрузкой на службу каталогов Active Directory, что может быть временным состоянием.

Дополнительные сведения можно найти в центре справки и поддержки, в «http://go.microsoft.com/fwlink/events.asp».

[more]
=============================ipconfig

Настройка протокола IP для Windows

Имя компьютера . . . . . . . . . : srv

Основной DNS-суффикс . . . . . . : okptd.ru

Тип узла. . . . . . . . . . . . . : неизвестный

IP-маршрутизация включена . . . . : нет

WINS-прокси включен . . . . . . . : нет

Порядок просмотра суффиксов DNS . : okptd.ru

Local Area Connection — Ethernet адаптер:

DNS-суффикс этого подключения . . :

Описание . . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter

Физический адрес. . . . . . . . . : 00-1C-C4-7C-E5-AE

DHCP включен. . . . . . . . . . . : нет

IP-адрес . . . . . . . . . . . . : 192.168.0.2

Маска подсети . . . . . . . . . . : 255.255.255.0

Основной шлюз . . . . . . . . . . : 192.168.0.1

DNS-серверы . . . . . . . . . . . : 192.168.0.2

=============================netdiag
………………………………

Computer Name: SRV
DNS Host Name: srv.okptd.ru
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
List of installed hotfixes :
KB923561
KB924667-v2
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127-IE7
KB938464
KB941202
KB941568
KB941569
KB941644
KB941693
KB942763
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948881
KB949014
KB950760
KB950762
KB950974
KB951066
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB954211
KB954600
KB955069
KB955839
KB956572
KB956802
KB956803
KB956841
KB957097
KB958644
KB958687
KB959426
KB960225
KB960715
KB960803
KB961063
KB961260-IE7
KB961373
KB961501
KB967715
KB968537
KB969805
KB969897-IE7
KB969898
KB970238
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : srv
IP Address . . . . . . . . : 192.168.0.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.2

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> ‘WorkStation Service’, <03> ‘Messenger Service’, <20> ‘WINS’ names is missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{824A823F-EBFE-4BDF-B653-7AF4347F0AE4}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don’t have a single interface with the <00> ‘WorkStation Service’, <03> ‘Messenger Service’, <20> ‘WINS’ names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS — All the DNS entries for DC are registered on DNS server ‘192.168.0.2’.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{824A823F-EBFE-4BDF-B653-7AF4347F0AE4}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{824A823F-EBFE-4BDF-B653-7AF4347F0AE4}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run «netsh ipsec dynamic show /?» for more detailed information

The command completed successfully

=============================dcdiag

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine srv, is a DC.
* Connecting to directory service on server srv.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-NameSRV
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
……………………. SRV passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-NameSRV
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=okptd,DC=ru
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=okptd,DC=ru
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=okptd,DC=ru
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
……………………. SRV passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC’s on DC SRV.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=okptd,DC=ru
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=okptd,DC=ru
(Configuration,Version 2)
* Security Permissions Check for
DC=okptd,DC=ru
(Domain,Version 2)
……………………. SRV passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \SRVnetlogon
Verified share \SRVsysvol
……………………. SRV passed test NetLogons
Starting test: Advertising
The DC SRV is advertising itself as a DC and having a DS.
The DC SRV is advertising as an LDAP server
The DC SRV is advertising as having a writeable directory
The DC SRV is advertising as a Key Distribution Center
The DC SRV is advertising as a time server
The DS SRV is advertising as a GC.
……………………. SRV passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru
Role Domain Owner = CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru
Role PDC Owner = CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru
Role Rid Owner = CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru
……………………. SRV passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2616 to 1073741823
* srv.okptd.ru is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1616 to 2115
* rIDPreviousAllocationPool is 1616 to 2115
* rIDNextRID: 1770
……………………. SRV passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SRV on DC SRV.
* SPN found :LDAP/srv.okptd.ru/okptd.ru
* SPN found :LDAP/srv.okptd.ru
* SPN found :LDAP/SRV
* SPN found :LDAP/srv.okptd.ru/OKPTD
* SPN found :LDAP/db47131f-9b08-4739-8b09-affe5a039a5e._msdcs.okptd.ru
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/db47131f-9b08-4739-8b09-affe5a039a5e/okptd.ru
* SPN found :HOST/srv.okptd.ru/okptd.ru
* SPN found :HOST/srv.okptd.ru
* SPN found :HOST/SRV
* SPN found :HOST/srv.okptd.ru/OKPTD
* SPN found :GC/srv.okptd.ru/okptd.ru
……………………. SRV passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
……………………. SRV passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SRV is in domain DC=okptd,DC=ru
Checking for CN=SRV,OU=Domain Controllers,DC=okptd,DC=ru in domain DC=okptd,DC=ru on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru in domain CN=Configuration,DC=okptd,DC=ru on 1 servers
Object is up-to-date on all servers.
……………………. SRV passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service’s SYSVOL is ready
……………………. SRV passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
……………………. SRV passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
……………………. SRV passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 07/29/2009 07:23:26
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

NTACY01$. The target name used was

cifs/PCPOL16.okptd.ru. This indicates that the

password used to encrypt the kerberos service

ticket is different than that on the target

server. Commonly, this is due to identically

named machine accounts in the target realm

(OKPTD.RU), and the client realm. Please

contact your system administrator.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/29/2009 07:23:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/29/2009 07:31:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/29/2009 07:33:15
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

NTACY01$. The target name used was

cifs/PCPOL16.okptd.ru. This indicates that the

password used to encrypt the kerberos service

ticket is different than that on the target

server. Commonly, this is due to identically

named machine accounts in the target realm

(OKPTD.RU), and the client realm. Please

contact your system administrator.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/29/2009 07:34:02
(Event String could not be retrieved)
……………………. SRV failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SRV,OU=Domain Controllers,DC=okptd,DC=ru and backlink on

CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru

are correct.
The system object reference (frsComputerReferenceBL)

CN=SRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=okptd,DC=ru

and backlink on CN=SRV,OU=Domain Controllers,DC=okptd,DC=ru are

correct.
The system object reference (serverReferenceBL)

CN=SRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=okptd,DC=ru

and backlink on

CN=NTDS Settings,CN=SRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=okptd,DC=ru

are correct.
……………………. SRV passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : Schema
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom

Running partition tests on : okptd
Starting test: CrossRefValidation
……………………. okptd passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. okptd passed test CheckSDRefDom

Running enterprise tests on : okptd.ru
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
……………………. okptd.ru passed test Intersite
Starting test: FsmoCheck
GC Name: \srv.okptd.ru
Locator Flags: 0xe00003fd
PDC Name: \srv.okptd.ru
Locator Flags: 0xe00003fd
Time Server Name: \srv.okptd.ru
Locator Flags: 0xe00003fd
Preferred Time Server Name: \srv.okptd.ru
Locator Flags: 0xe00003fd
KDC Name: \srv.okptd.ru
Locator Flags: 0xe00003fd
……………………. okptd.ru passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
[/more]

Добавлено:
кто-нибудь встречал подробное описание сообщений dcdiag на русском языке?

Добавлено:
вроде нашел что-то по теме… но осмыслить пока не получается из-за очень слабого английского

http://eventid.net/display.asp?eventid=4521&eventno=8953&source=DNS&phase=1

Автор: IHmG
Дата сообщения: 29.07.2009 12:28

Автор: Alan Capital
Дата сообщения: 26.01.2010 17:10