Добрый день!
В организации есть сервер на Windows Server 2012 R2 Enterprise, на котором подняты контроллер домена Active Directory и DNS сервер. Так с недавнего времени в DNS сервере при проведении теста на «простой запрос к этому dns-серверу»
все время выдает «отказ». При чем, что в логах нет никаких ошибок. Подскажите, пожалуйста, в чем может быть причина и как исправить.
Может у кого было подобное и как исправили?
C:UsersАдминистратор>dcdiag /test:dns
Диагностика сервера каталогов
Выполнение начальной настройки:
Выполняется попытка поиска основного сервера…
Основной сервер = dc1
* Определен лес AD.
Сбор начальных данных завершен.
Выполнение обязательных начальных проверок
Сервер проверки: Default-First-Site-NameDC1
Запуск проверки: Connectivity
……………………. DC1 — пройдена проверка Connectivity
Выполнение основных проверок
Сервер проверки: Default-First-Site-NameDC1
Запуск проверки: DNS
Проверки DNS выполняются без зависания. Подождите несколько минут…
……………………. DC1 — пройдена проверка DNS
Выполнение проверок разделов на: ForestDnsZones
Выполнение проверок разделов на: DomainDnsZones
Выполнение проверок разделов на: Schema
Выполнение проверок разделов на: Configuration
Выполнение проверок разделов на: int
Выполнение проверок предприятия на: int.dmn.ru
Запуск проверки: DNS
Результаты проверки контроллеров домена:
Контроллер домена: dc1.int.dmn.ru
Домен: int.dmn.ru
TEST: Basic (Basc)
Внимание! У адаптера
[00000010] Сетевое подключение Intel(R) 82574L Gigabit
неверный DNS-сервер: 127.0.0.1 (dc1.int.dmn.ru.)
TEST: Delegations (Del)
Ошибка: DNS-сервер: dc1.int.dmn.ru. IP-адрес:192.168.0.5
[Broken delegated domain _msdcs.int.dmn.ru.]
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:
DNS-сервер: 192.168.0.5 (dc1.int.dmn.ru.)
2 — проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.0.5 Name resolution is not functional. _ldap._tcp
.int.dmn.ru. failed on the DNS server 192.168.0.5
Отчет по результатам проверки DNS:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Домен: int.dmn.ru
dc1 PASS WARN PASS FAIL PASS PASS n/a
……………………. int.dmn.ru — не пройдена проверка DNS
C:UsersАдминистратор>
-
Изменено
1 декабря 2017 г. 11:55
I demoted the old server yesterday, and the dns tests on the domain show that all is fine except delegation. How can I fix that? Below is my dns diag
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:Usersadministrator.IFDC>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = MainSrv2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameMAINSRV2
Starting test: Connectivity
……………………. MAINSRV2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameMAINSRV2
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes…
……………………. MAINSRV2 passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ifdc
Running enterprise tests on : ifdc.local
Starting test: DNS
Test results for domain controllers:
DC: MainSrv2.ifdc.local
Domain: ifdc.local
TEST: Delegations (Del)
Error: DNS server: mainsrv.ifdc.local. IP:192.168.1.5
[Broken delegated domain _msdcs.ifdc.local.]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.5 (mainsrv.ifdc.local.)
1 test failure on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: ifdc.local
MainSrv2 PASS PASS PASS FAIL PASS PASS n/a
……………………. ifdc.local failed test DNS
C:Usersadministrator.IFDC>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:Usersadministrator.IFDC>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:Usersadministrator.IFDC>ipconfig /registerdns
Windows IP Configuration
Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.
C:Usersadministrator.IFDC>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:Usersadministrator.IFDC>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:Usersadministrator.IFDC>ipconfig /registerdns
Windows IP Configuration
Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.
C:Usersadministrator.IFDC>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = MainSrv2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameMAINSRV2
Starting test: Connectivity
……………………. MAINSRV2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameMAINSRV2
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes…
……………………. MAINSRV2 passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ifdc
Running enterprise tests on : ifdc.local
Starting test: DNS
Test results for domain controllers:
DC: MainSrv2.ifdc.local
Domain: ifdc.local
TEST: Delegations (Del)
Error: DNS server: mainsrv.ifdc.local. IP:192.168.1.5
[Broken delegated domain _msdcs.ifdc.local.]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.5 (mainsrv.ifdc.local.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.5
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: ifdc.local
MainSrv2 PASS PASS PASS FAIL PASS PASS n/a
……………………. ifdc.local failed test DNS
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:Usersadministrator.IFDC>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MainSrv2
Primary Dns Suffix . . . . . . . : ifdc.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ifdc.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : A4-BA-DB-0D-11-B7
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.11
192.168.1.7
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{AB04D484-A085-431F-9D6D-4E51ED08DEA2}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:Usersadministrator.IFDC>
Hello,
Please help resolve errors od dcdiag /test:dns
====================================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = dc39-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: CentralSiteDC39-01
Starting test: Connectivity
……………………. DC39-01 passed test Connectivity
Doing primary tests
Testing server: CentralSiteDC39-VIP01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes…
……………………. DC39-01 passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : domainname
Running partition tests on : Schema
Running partition tests on : Configuration
Running enterprise tests on :company.ru
Starting test: DNS
Test results for domain controllers:
DC: dc39-01.domainname.company.ru
Domain: domainname.company.ru
TEST: Delegations (Del)
[Broken delegated domain domainname.company.ru.domainname.company.ru.]
Error: DNS server: cb2.company.ru IP:xx.xx.xx.xx
[Broken delegated domain domainname.company.ru.domainname.company.ru.]
Error: DNS server: dc01-m02.domainname.company.ru IP:xx.xx.xx.xx
[Broken delegated domain domainname.company.ru.domainname.company.ru.]
Error: DNS server: dc01-m04.domainname.company.ru. IP:xx.xx.xx.xx
[Broken delegated domain domainname.company.ru.domainname.company.ru.]
……
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone domainname.ru
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.xx.xx.xx (cb2.company.ru.)
1 test failure on this DNS server
DNS server: 10.xx.xx.xx (dc01-m02.domainname.company.ru)
1 test failure on this DNS server
DNS server: 10.xx.xx.xx (dc01-m04.domainname.company.ru)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server xx.xx.xx.xx
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: domainname.company.ru
dc39-01 PASS PASS PASS FAIL WARN PASS n/a
=============
Thank you for any help!
I have a DNS issue on my hands that I’ve never encountered before, and have been thus far unable to resolve.
Server A is the primary domain controller 10.17.0.2
Server B is a secondary domain controller 10.18.0.3
Server B cannot connect to the DNS server, active directory, or GPO on Server A. However, on server A’s DNS manager, it can connect to and browse the DNS server on Server B.
The dcdiag /test:dns results of server B:
Text
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server-b
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: mysiteserver-b
Starting test: Connectivity
......................... server-b passed test Connectivity
Doing primary tests
Testing server: mysiteserver-b
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... server-b passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : mydomain
Running enterprise tests on : mydomain.local
Starting test: DNS
Test results for domain controllers:
DC: server-b.mydomain.local
Domain: mydomain.local
TEST: Basic (Basc)
Warning: adapter
[00000007] Broadcom NetXtreme 57xx Gigabit Controller has
invalid DNS server: 10.17.0.2 (server-a.mydomain.local.)
TEST: Delegations (Del)
Error: DNS server: server-a.mydomain.local. IP:10.17.0.2
[Broken delegated domain _msdcs.mydomain.local.]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.17.0.2 (server-a.mydomain.local.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.17.0.2
Name resolution is not functional. _ldap._tcp.mydomain.local. failed on the DNS server 10.17.0.2
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mydomain.local
server-b PASS WARN PASS FAIL PASS PASS n/a
......................... mydomain.local failed test DNS
The dcdiag /test:dns on server-a:
Text
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server-a
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Nameserver-a
Starting test: Connectivity
......................... server-a passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Nameserver-a
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... server-a passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : mydomain
Running enterprise tests on : mydomain.local
Starting test: DNS
......................... mydomain.local passed test DNS
Any ideas? Thanks
check
Best Answer
After quite a lot of troubleshooting, it seems I found the cause of the issue.
The firmware on the firewall was updated a few weeks back, however, some of the rules weren’t being applied as expected after the update. I added new source/destination rules, and all traffic was able to flow from server B to server A again.
This was a bizzare situation. The packet capture diagnostic tool in the firewall usually notes when packets are blocked, but there were simply no records of these packets. I only figured it out because of seeing nslookup DNS requests leaving server B’s firewall, and never arriving at server A’s firewall.
Was this post helpful?
thumb_up
thumb_down
View Best Answer in replies below
Read these next…
WINDOWS 10 «glitch» — file explorer
Windows
Hi.I have been experiencing a black line (glitch) on my file explorer which comes for milliseconds then it goes away. See screen grab. Is there anyone who has experienced such and how were they able to solve it?Thank you.
Are you updating workstations to Windows 11?
Windows
Has anyone started updating workstations on a AD domain to Windows 11? what type of issues are you facing?What is the user reaction been?Thanks!
Snap! — Psyche Probe, DIY Gene Editing, RaiBo, AI handwriting, Metric Pirates
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: January 27, 1880: Thomas Edison receives patent for the Electric Lamp. (Read more HERE.)
Bonus Flashback: January 27, 1967: Apollo 1 Tragedy (Read more HERE.)
You …
NEC Inmail Email doesn’t Change
Collaboration
Hey Everyone,Recently a client of mine wanted to change the email to their QA extension to her email as to help keep voicemails consolidated instead of spread out among different emails. Normally this wouldn’t be a huge deal. Logged in to to Webpro, hoppe…
I inherited some really cool equipment. I just have no clue how to use it!
Hardware
So I’ve got some switches, and some servers. The switches seem pretty straight forward, plug in packet go zoom, but I have no clue how these servers work. They’re headless rack servers. I know there must be a way to get some kind of UI going with a monito…
Hi all,
I have a parent domain (company.local) and a child domain (europe.company.local)
In the company.local domain there are two servers acting as DNS servers:
svr3.company.local (Windows Server 2008 R2 SP1 Standard)
svr9.company.local (Windows Server 2008 R2 SP1 Standard)
In the europe.company.local domain there are also two servers acting as DNS servers:
svr1.europe.company.local (Windows Server 2008 SP2 Standard)
svr6.europe.company.local (Windows Server 2008 R2 SP1 Standard)
When I run «DCDIAG /test:DNS» on either of the DNS servers in the company.local domain, I get some errors:
TEST: Delegations (Del)
Error: DNS server: svr1.europe.company.local. IP:172.24.0.16
[Broken delegated domain europe.company.local.]
Error: DNS server: svr6.europe.company.local. IP:172.24.0.120
[Broken delegated domain europe.company.local.]
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone company.local
Should I be worried about these errors? (Nothing seems to be malfunctioning)
What can I do to fix these errors?
svr3.company.local-DCDIAG-DNS-re.txt
svr9.company.local-DCDIAG-DNS-re.txt
Здравствуйте товарищи,пришёл в компанию набраться опыта и застрял сразу же на проблеме DNS сервером и контроллером домена. У меня 3 физические машины на них крутятся 4 виртуалки на Hyper-V. На первой физ машине крутиться на виртуалки SRV1 у него подняты роли AD, DCHP, DNS. Контроллер домена не запускается. Новые компьютеры не могу зависти в домен выдает ошибку Произошла ошибка: «DNS-имя не существует.»(код ошибки: 0x0000232B RCODE_NAME_ERROR). Кто может проконсультировать как я могу победить это проблемы без опыта. Подскажите какие тесты лучше использовать и что вообщем делать с этим можно. Скажу большое спасибо и отблагодарю за помощь!
Добавлено через 1 час 45 минут
Выполнение проверок предприятия на: LUKBELOIL.COM
Запуск проверки: DNS
Результаты проверки контроллеров домена:
Контроллер домена: SRV1.LUKBELOIL.COM
Домен: LUKBELOIL.COM
TEST: Basic (Basc)
Внимание! У адаптера
[00000011] Сетевой адаптер Hyper-V (Майкрософт) неверный
DNS-сервер: 127.0.0.1 (srv1.lukbeloil.com.)
Внимание! У адаптера
[00000011] Сетевой адаптер Hyper-V (Майкрософт) неверный
DNS-сервер: 192.168.1.1 (srv1.lukbeloil.com.)
Ошибка: все DNS-серверы недействительны
TEST: Delegations (Del)
Ошибка: DNS-сервер: srv1.lukbeloil.com. IP-адрес:192.168.1.1
[Broken delegated domain _msdcs.LUKBELOIL.COM.]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in z
one LUKBELOIL.COM
TEST: Records registration (RReg)
Ошибка. Не удается найти регистрации записей для всех сетевых
адаптеров
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:
DNS-сервер: 192.168.1.1 (srv1.lukbeloil.com.)
3 — проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.1 Name resolution is not functional. _ldap._tcp
.LUKBELOIL.COM. failed on the DNS server 192.168.1.1
Отчет по результатам проверки DNS:
Auth Basc Forw Del Dyn RReg Ext
__________________________________________________ _______________
Домен: LUKBELOIL.COM
SRV1 PASS FAIL PASS FAIL WARN FAIL n/a
……………………. LUKBELOIL.COM — не пройдена проверка DNS
Добавлено через 3 минуты
Выполнение проверок предприятия на: LUKBELOIL.COM
Запуск проверки: DNS
Результаты проверки контроллеров домена:
Контроллер домена: SRV1.LUKBELOIL.COM
Домен: LUKBELOIL.COM
TEST: Authentication (Auth)
Тест проверки подлинности: завершен успешно
TEST: Basic (Basc)
ОС
Microsoft Windows Server 2012 R2 Standard (Service Pack level:
0.0)
поддерживается.
NETLOGON служба запущена.
kdc служба запущена.
DNSCACHE служба запущена.
DNS служба запущена.
DC является DNS-сервером
Сведения о сетевых адаптерах:
Адаптер [00000011] Сетевой адаптер Hyper-V (Майкрософт):
MAC address is 00:15:5D:01:66:05
IP-адрес является статическим
IP address: 192.168.1.1
DNS-серверы:
Внимание!
127.0.0.1 (srv1.lukbeloil.com.) [Invalid (unreachable)]
Внимание! У адаптера
[00000011] Сетевой адаптер Hyper-V (Майкрософт)
неверный DNS-сервер: 127.0.0.1 (srv1.lukbeloil.com.)
Внимание!
192.168.1.1 (srv1.lukbeloil.com.) [Invalid (unreachable)
]
Внимание! У адаптера
[00000011] Сетевой адаптер Hyper-V (Майкрософт)
неверный DNS-сервер: 192.168.1.1 (srv1.lukbeloil.com.)
Ошибка: все DNS-серверы недействительны
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found prim
ary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
8.8.8.8 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: LUKBELOIL.COM.
Delegated domain name: _msdcs.LUKBELOIL.COM.
Warning: Delegation of DNS server srv1.lukbeloil.com. is
broken on IP:192.168.1.1
Ошибка: DNS-сервер: srv1.lukbeloil.com.
IP-адрес:192.168.1.1 [Broken delegation]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in z
one LUKBELOIL.COM
[Error details: 1460 (Type: Win32 — Description: Возврат из оп
ерации произошел из-за превышения времени ожидания.)]
Test record dcdiag-test-record deleted successfully in zone LU
KBELOIL.COM
TEST: Records registration (RReg)
Ошибка. Не удается найти регистрации записей для всех сетевых
адаптеров
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:
DNS-сервер: 192.168.1.1 (srv1.lukbeloil.com.)
3 — проверка на данном DNS-сервере не пройдена
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.1 [Error details: 1460 (Type: Win32 — Descripti
on: Возврат из операции произошел из-за превышения времени ожидания.)]
Name resolution is not functional. _ldap._tcp.LUKBELOIL.COM. fail
ed on the DNS server 192.168.1.1
[Error details: 1460 (Type: Win32 — Description: Возврат из опера
ции произошел из-за превышения времени ожидания.)]
DNS delegation for the domain _msdcs.LUKBELOIL.COM. is broken on
IP 192.168.1.1
[Error details: 1460 (Type: Win32 — Description: Возврат из опера
ции произошел из-за превышения времени ожидания.)]
DNS-сервер: 8.8.8.8 (<name unavailable>)
Все проверки для данного DNS-сервера пройдены
Отчет по результатам проверки DNS:
Auth Basc Forw Del Dyn RReg Ext
__________________________________________________ _______________
Домен: LUKBELOIL.COM
SRV1 PASS FAIL PASS FAIL WARN FAIL n/a
……………………. LUKBELOIL.COM — не пройдена проверка DNS
Проверка пропущена по запросу пользователя: LocatorCheck
Проверка пропущена по запросу пользователя: Intersite
__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь
-
#1
Привет. Помогите, Понизил последний 2003 контроллер домена в лесу (msk-dc1.mydomain.local),
после этого перестала проходить проверка днс на основном контроллере домена 2008r2 (PDC.mydomain.local). Политики работают, сетевые диски подключаются, т.е. с виду как бы все работает….
Вот вывод dcdiag /test:dns
Код:
Диагностика сервера каталогов
Выполнение начальной настройки:
Выполняется попытка поиска основного сервера...
Основной сервер = PDC
* Идентифицирован лес AD.
Сбор начальных данных завершен.
Выполнение обязательных начальных проверок
Сервер проверки: SitePDC
Запуск проверки: Connectivity
......................... PDC - пройдена проверка Connectivity
Выполнение основных проверок
Сервер проверки: SitePDC
Запуск проверки: DNS
Проверки DNS выполняются без зависания. Подождите несколько минут...
......................... PDC - пройдена проверка DNS
Выполнение проверок разделов на: ForestDnsZones
Выполнение проверок разделов на: DomainDnsZones
Выполнение проверок разделов на: Schema
Выполнение проверок разделов на: Configuration
Выполнение проверок разделов на: MyDomain
Выполнение проверок предприятия на: MyDomain.Local
Запуск проверки: DNS
Результаты проверки контроллеров домена:
Контроллер домена: PDC.MyDomain.Local
Домен: MyDomain.Local
TEST: Delegations (Del)
Ошибка: Сервер DNS: msk-dc1.MyDomain.local. IP-адрес:172.30.0.15
[Broken delegated domain _msdcs.MyDomain.Local.]
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone Mydomain.Local
Отчет о результатах проверки DNS-серверов, используемых приведенными
выше контроллерами домена:
DNS-сервер: 172.30.0.15 (msk-dc1.MyDomain.local.)
1 - проверка на данном DNS-сервере не пройдена
Отчет по результатам проверки DNS:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Домен: MyDomain.Local
PDC PASS PASS PASS FAIL WARN PASS n/a
......................... MyDomain.Local - не пройдена проверка DNSPS. Роль днс сервера я убрал с msk-dc1.
— -Подумал и добавил — —
Разобрался сам. Вот решение в самом конце https://community.spiceworks.com/to…l-shows-as-delegated-server-how-do-i-fix-that
Так же необходимо было почистить метаданные по статье http://support.microsoft.com/kb/216498
Loading
I have a Windows 2008 domain with 2 DCs. Many moons ago this was actually a Windows 2003 domain which was upgraded to 2008 as per MS’s instructions. Pre-upgrade the ‘main’ DC/DNS server was a box called OLDSERVER.
Running DCDIAG /TEST:DNS on both 2008 DCs there are a couple of errors shown — same 2 on each server — and I don’t know what they mean or how to resolve them. They are
1. Root zone on this DC/DNS server was not found
2. TEST: Delegations (Del)
Delegation information for the zone: domain.company.com.
Delegated domain name: _msdcs.domain.company.com.
Warning: Delegation of DNS server OLDSERVER.domain.company.com. is broken on IP:<OLDSERVER’s IP>
Error: DNS server: OLDSERVER.domain.company.com.
IP:<OLDSERVER’s IP>[Broken delegation]
I used ADSI Edit to take a look around and if I go to Properties of the folder ‘DC=domain,DC=company,DC=com’ under Default Naming Context I see that there is a value in the Attribute Editor tab called ‘domainReplica’ which has the value ‘OLDSERvER’ — I’ve no idea if that is a clue but I’m guessing it should be there as OLDSERvER is (or should be) an old server acting as a file store and nothing else.
I might be stating the obvious but in the registry under HKLM-System—CurrentControlSet—Services—NTDS—Parameters there is also a key labelled ‘Src Root Domain Srv’ with the value of the FQDN of the OLDSERVER.
Can anyone advise on a suitable course of action to tidy this up a bit safely?
Thanks in advance.