SBS 2011 “Todos os GCs estão inativos” após a migração

3

Eu tinha um servidor SBS 2008 que estava em sua última etapa, então fiz uma migração do SBS 2008 para o SBS 2011.

Tudo estava indo muito bem, até que cheguei na última etapa e fiz um dcpromo na antiga máquina do SBS 2008 para retirá-lo da rede. Ele se recusou a se desconectar da rede (tinha ... problemas), então eu segui as instruções do technet para fazer um dcpromo /forceremoval e depois fiz uma limpeza depois de remover forçadamente um controlador de domínio da rede.

Agora a diversão realmente começa. Eu não pareço ter nenhum problema de autenticação contra a rede para fazer login, o Exchange está funcionando para todos, compartilhamentos de rede são OK, redirecionamento de pasta é bom, mas quando eu vou para qualquer uma das configurações de nível de domínio (como sites e Serviços ou modificar um GPO):

Naming information cannot be located because:

The specified domain either does not exist or could not be contacted.

Contact your system administrator to verify that your domain is properly configured and is currently online.

ipconfig /all :

C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EPPINGSBS2011
   Primary Dns Suffix  . . . . . . . : epping.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : epping.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
pter
   Physical Address. . . . . . . . . : 00-15-5D-A1-85-02
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::40a5:9698:961:869b%11(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cb10:e7e2:95aa:a038%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 234886493
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-35-19-31-00-15-5D-02-02-06

   DNS Servers . . . . . . . . . . . : fe80::cb10:e7e2:95aa:a038%11
                                       192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F662EDAB-23E8-433D-89E8-0832059C3278}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

E aqui está o nltest /server:eppingsbs2011 /dsgetdc:epping.local :

C:\Windows\system32>nltest /server:eppingsbs2011 /dsgetdc:epping.local
           DC: \EPPINGSBS2011.epping.local
      Address: \192.168.2.1
     Dom Guid: c36db7ef-81b9-4487-93ad-f582e745f27a
     Dom Name: epping.local
  Forest Name: epping.local
 Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SI
TE FULL_SECRET WS
The command completed successfully

Como você pode ver, parece que tudo está em ordem, até chegar ao dcdiag (em toda a sua horrenda glória):

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = EPPINGSBS2011

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests


   Testing server: Default-First-Site-Name\EPPINGSBS2011

      Starting test: Connectivity

         ......................... EPPINGSBS2011 passed test Connectivity



Doing primary tests


   Testing server: Default-First-Site-Name\EPPINGSBS2011

      Starting test: Advertising

         Fatal Error:DsGetDcName (EPPINGSBS2011) call failed, error 1355

         The Locator could not find the server.

         ......................... EPPINGSBS2011 failed test Advertising

      Starting test: FrsEvent

         ......................... EPPINGSBS2011 passed test FrsEvent

      Starting test: DFSREvent

         ......................... EPPINGSBS2011 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... EPPINGSBS2011 passed test SysVolCheck

      Starting test: KccEvent

         A warning event occurred.  EventID: 0x80000B46

            Time Generated: 11/21/2011   20:47:41

            Event String:

            The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 


         An error event occurred.  EventID: 0xC0000837

            Time Generated: 11/21/2011   20:48:12

            Event String:

            The Active Directory Domain Services database has been restored using an unsupported restoration procedure. 


         ......................... EPPINGSBS2011 failed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... EPPINGSBS2011 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... EPPINGSBS2011 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... EPPINGSBS2011 passed test NCSecDesc

      Starting test: NetLogons

         ......................... EPPINGSBS2011 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... EPPINGSBS2011 passed test ObjectsReplicated

      Starting test: Replications

         ......................... EPPINGSBS2011 passed test Replications

      Starting test: RidManager

         ......................... EPPINGSBS2011 passed test RidManager

      Starting test: Services

            w32time Service is stopped on [EPPINGSBS2011]

            NETLOGON Service is paused on [EPPINGSBS2011]

         ......................... EPPINGSBS2011 failed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:00:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:05:26

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:05:26

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:05:27

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:10:15

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:10:15

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:15:20

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:15:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:15:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:20:37

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:20:37

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:25:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:25:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/21/2011   20:38:12

            Event String:

            The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/21/2011   20:38:12

            Event String:

            The Link-Layer Topology Discovery Responder service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B59

            Time Generated: 11/21/2011   20:38:22

            Event String:

            The Kerberos Key Distribution Center service depends on the Active Directory Domain Services service which failed to start because of the following error: 


         An error event occurred.  EventID: 0xC0001B59

            Time Generated: 11/21/2011   20:38:48

            Event String:

            The DNS Server service depends on the Active Directory Domain Services service which failed to start because of the following error: 


         An error event occurred.  EventID: 0x0000040B

            Time Generated: 11/21/2011   20:38:49

            Event String:

            The DHCP service was unable to create or lookup the DHCP Users local group on this computer.  The error code is in the data.

         An error event occurred.  EventID: 0x0000040C

            Time Generated: 11/21/2011   20:38:49

            Event String:

            The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer.  The error code is in the data.

         An error event occurred.  EventID: 0xC0001B59

            Time Generated: 11/21/2011   20:38:49

            Event String:

            The Intersite Messaging service depends on the Active Directory Domain Services service which failed to start because of the following error: 


         An error event occurred.  EventID: 0xC0001B70

            Time Generated: 11/21/2011   20:41:20

            Event String:

            The Microsoft Exchange Forms-Based Authentication service service terminated with service-specific error %%-2147467259.

         An error event occurred.  EventID: 0xC0001B70

            Time Generated: 11/21/2011   20:41:22

            EvtFormatMessage failed (second call), error 15030 The description string for parameter reference (%1) could not be found..
            (Event String (event log = System) could not be retrieved, error

            0x3ab6)

         An error event occurred.  EventID: 0xC0001B7E

            Time Generated: 11/21/2011   20:41:33

            Event String:

            The SPTimerV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/21/2011   20:41:33

            Event String:

            The SharePoint 2010 Timer service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B7E

            Time Generated: 11/21/2011   20:41:34

            Event String:

            The SPWriterV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/21/2011   20:41:34

            Event String:

            The SharePoint 2010 VSS Writer service failed to start due to the following error: 


         A warning event occurred.  EventID: 0x80001421

            Time Generated: 11/21/2011   20:41:37

            Event String:

            The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group.  There may be problems in viewing and setting security permissions with the IIS_IUSRS group.  This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain.  Please see the online help for more information and solutions to this problem.  The data field contains the error number.

         An error event occurred.  EventID: 0xC0001B83

            Time Generated: 11/21/2011   20:45:57

            Event String:

            The Group Policy Client service did not shut down properly after receiving a preshutdown control.

         An error event occurred.  EventID: 0xC0001B83

            Time Generated: 11/21/2011   20:46:17

            Event String:

            The Microsoft Exchange Replication service did not shut down properly after receiving a preshutdown control.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/21/2011   20:48:13

            Event String:

            Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.epping.local timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x0000A001

            Time Generated: 11/21/2011   20:48:17

            Event String:

            The Security System could not establish a secured connection with the server ldap/epping.local/[email protected]. No authentication protocol was available.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:48:37

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:48:52

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:49:07

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:49:22

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:49:37

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:49:52

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x0000002E

            Time Generated: 11/21/2011   20:49:53

            Event String:

            The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.


         An error event occurred.  EventID: 0xC0001B6F

            Time Generated: 11/21/2011   20:49:53

            Event String:

            The Windows Time service terminated with the following error: 


         An error event occurred.  EventID: 0x0000002E

            Time Generated: 11/21/2011   20:49:54

            Event String:

            The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.


         An error event occurred.  EventID: 0xC0001B6F

            Time Generated: 11/21/2011   20:49:54

            Event String:

            The Windows Time service terminated with the following error: 


         An error event occurred.  EventID: 0xC2000001

            Time Generated: 11/21/2011   20:49:56

            Event String: Unexpected failure. Error code: 490@01010004

         An error event occurred.  EventID: 0x00000469

            Time Generated: 11/21/2011   20:49:56

            Event String:

            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:50:07

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:50:24

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:50:25

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:50:33

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:50:33

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:50:39

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2011   20:50:50

            Event String:

            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2011   20:50:51

            Event String:

            Driver HP Officejet 6500 E710n-z required for printer HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2011   20:50:52

            Event String:

            Driver Fax - HP Officejet 6500 E710n-z required for printer Fax - HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2011   20:50:54

            Event String:

            Driver HP psc 2100 Series required for printer HP psc 2100 Series is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:50:54

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/21/2011   20:51:09

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 11/21/2011   20:52:05

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/EPPINGSBS2011.epping.local; WSMAN/EPPINGSBS2011. 


         An error event occurred.  EventID: 0xC000042B

            Time Generated: 11/21/2011   20:55:10

            Event String:

            The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.


         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:55:29

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 11/21/2011   20:55:29

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         ......................... EPPINGSBS2011 failed test SystemLog

      Starting test: VerifyReferences

         ......................... EPPINGSBS2011 passed test VerifyReferences



   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation


   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation


   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation


   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation


   Running partition tests on : epping

      Starting test: CheckSDRefDom

         ......................... epping passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... epping passed test CrossRefValidation


   Running enterprise tests on : epping.local

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

         A KDC could not be located - All the KDCs are down.

         ......................... epping.local failed test LocatorCheck

      Starting test: Intersite

         ......................... epping.local passed test Intersite

    
por Mark Henderson 21.11.2011 / 09:19

1 resposta

6

Hoje não é o meu dia . Se eu tivesse lido meu dcdiag de perto:

NETLOGON Service is paused on [EPPINGSBS2011]

Pausou o serviço e, pronto, todo mundo está feliz. Agora - para descobrir por que foi pausado em primeiro lugar.

    
por 21.11.2011 / 11:10