Se o IPV6 estiver habilitado, os clientes deverão ter entradas DNS de controlador de domínio válidas nas propriedades do adaptador de rede.
Eu instalei o Windows Server 2016 Datacenter em uma máquina física chamada LOKI
. É alocado o IP estático 192.168.1.77
pelo roteador. Também é definido manualmente em TCP/IPv4
na NIC. O gateway está configurado para 192.168.1.1
(o roteador). O servidor DNS primário está definido como 127.0.0.1
. O servidor DNS secundário está em branco. Ao adicionar os Serviços de Domínio do Active Directory e as funções de DNS - optei por criar uma nova floresta: acme.com
(estou usando isso como exemplo, mas na verdade é definido como um domínio válido que possuo). O nome de domínio NetBIOS foi definido como ACME
.
Eu tentei ingressar em um servidor físico ( BALDER
) no domínio, assim como as VMs estão executando em BALDER
. Eu tenho o servidor DNS primário de BALDER
em TCP/IPv4
definido como 192.168.1.77
. Tem um IP estático atribuído pelo roteador de 192.168.1.75
. Eu também tentei configurá-lo manualmente em TCP/IPv4
com um gateway de 192.168.1.1
.
Ao ingressar no domínio, estou usando o domínio completo, com o TLD: acme.com
.
Ocasionalmente, são solicitadas credenciais. Eu tentei os seguintes usuários:
acme\administrator
acme.com\administrator
acme\db
acme.com\db
(onde db
é um administrador corporativo). Ao entrar em qualquer credencial, eu recebo:
---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "acme.com":
The specified domain either does not exist or could not be contacted.
---------------------------
OK
---------------------------
... mas na maioria das vezes eu recebo imediatamente essa mensagem de erro, sem precisar de credenciais:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "acme.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.acme.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.77
- One or more of the following zones do not include delegation to its child zone:
acme.com
com
. (the root zone)
Eu corri dcdiag /fix
em LOKI
. Todos os testes passam.
Eu corri o seguinte:
nslookup
set type=all
_ldap._tcp.dc._msdcs.acme.com
Em LOKI
(o DC) eu recebo:
Server: UnKnown
Address: ::1
_ldap._tcp.dc._msdcs.acme.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = LOKI.acme.com
LOKI.acme.com internet address = 192.168.1.77
LOKI.acme.com AAAA IPv6 address = 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
LOKI.acme.com AAAA IPv6 address = fdc6:f573:1ff9:0:8dce:ebee:6510:b61c
Em BALDER
, obtenho:
Server: UnKnown
Address: fdc6:f573:1ff9:0:7250:afff:fe35:beec
*** UnKnown can't find _ldap._tcp.dc._msdcs.acme.com: Non-existent domain
Eu tentei executar isso em LOKI
, que é concluído com êxito:
dcdiag /test:registerindns /dnsdomain:acme.com /v
Eu também reiniciei o servidor DNS e reiniciei o NetLogon
service.
Eu tentei executar ipconfig /flushdns
nos dois LOKI
e BALDER
.
Eu posso pingar com êxito o DC ( LOKI
) de BALDER
, assim como minhas VMs. Não sei se é importante que esteja respondendo com um endereço IPv6 em vez de um IPv4. Endereços IPv6 são definidos dinamicamente pelo DHCP no roteador. De qualquer maneira, está resolvendo com sucesso o FQDN.
C:\Windows\system32>ping loki
Pinging loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c] with 32 bytes of data:
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time=1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Reply from 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c: time<1ms
Ping statistics for 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
As máquinas são conectadas por um único switch GigE (rodando isso em BALDER
):
C:\Windows\system32>tracert loki
Tracing route to loki.acme.com [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms LOKI [2a02:c7d:894d:6d00:8dce:ebee:6510:b61c]
Trace complete.
Por comentário de Greg, executei este comando:
nltest /dsgetdc:acme.com
A saída parece ser a mesma do DC e de um servidor de junção.
Aqui está a saída de LOKI
(o DC):
DC: \LOKI.acme.com
Address: \2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
Aqui está a saída de BALDER
(um servidor de junção):
DC: \LOKI.acme.com
Address: \2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
Dom Guid: b0408a6c-7960-4908-9fbf-1b4ca506a31e
Dom Name: acme.com
Forest Name: acme.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
Apenas para misturar um pouco, executei o PortQueryUI a partir de um servidor diferente - ODIN
(uma VM em BALDER
). Eu digitei LOKI
no campo IP / FQDN de destino para consultar e deixei o restante das opções como padrões ( Serviço para consulta: Domínios e Relações de Confiança ). / p>
A minha publicação está a exceder o limite de carateres, pelo que carreguei os resultados para o Pastebin.
Eu executei ipconfig /all
em alguns servidores de junção - um servidor físico ( BALDER
) e uma VM ( ODIN
). Aqui estão os resultados.
BALDER
:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BALDER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : QLogic BCM5708C Gigabit Ethernet (NDIS VBD Client) #50
Physical Address. . . . . . . . . : 00-22-19-61-D7-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter vEthernet (INTERNET):
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-22-19-61-D7-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:15f2:deb5:93d3:460d(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:15f2:deb5:93d3:460d(Preferred)
Link-local IPv6 Address . . . . . : fe80::15f2:deb5:93d3:460d%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 June 2017 23:05:03
Lease Expires . . . . . . . . . . : 13 June 2017 23:05:02
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%17
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 335553049
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:146b:3e88:3f57:feb4(Preferred)
Link-local IPv6 Address . . . . . : fe80::146b:3e88:3f57:feb4%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201326592
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-AD-3F-C1-00-22-19-61-D7-D3
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {8620C56F-EB4F-484B-A9DA-5C135F83D4F6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{91D42D6A-0FF8-4541-AF50-FE8AB4C11F3D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ODIN
:
Windows IP Configuration
Host Name . . . . . . . . . . . . : ODIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-4C-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2a02:c7d:894d:6d00:6912:438f:9808:ad47(Preferred)
IPv6 Address. . . . . . . . . . . : fdc6:f573:1ff9:0:6912:438f:9808:ad47(Preferred)
Link-local IPv6 Address . . . . . : fe80::6912:438f:9808:ad47%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::7250:afff:fe35:beec%10
192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 50337117
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
DNS Servers . . . . . . . . . . . : fdc6:f573:1ff9:0:7250:afff:fe35:beec
192.168.1.77
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c7e:2db:fd81:f39(Preferred)
Link-local IPv6 Address . . . . . : fe80::c7e:2db:fd81:f39%15(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BF-D2-65-00-15-5D-01-4C-05
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {16673442-3677-41AD-94B2-86C728C55B62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Eu também tentei configurar o sufixo DNS para acme.com
, mas isso não ajudou.
O que está me impedindo de ingressar em qualquer computador no domínio?
Defina seu up estático manualmente no servidor para usar a máquina do Controlador de Domínio como o Gateway e defina o DNS manualmente, bem como o controlador de domínio. Em seguida, tente ingressar no domínio.
Defina-os de volta para dinâmicos depois de ingressar no domínio.