Domain error no such domain

Error no such domain 1355

Если у вас не работает один из способов авторизации, сконвертируйте свой аккаунт по ссылке

Авторизуясь в LiveJournal с помощью стороннего сервиса вы принимаете условия Пользовательского соглашения LiveJournal

• October 2022

1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

РЕШЕНИЕ: проблема была в файерволе, блокирующем запросы к контроллерам домена.

Имеется домен win 2008, my.domain.local, с двумя домен контроллерами, один из которых ad1.my.domain.local — по совместительству DNS сервер
Все работало хорошо, пока в один день на всех серверах сети в логах не стали появляться ошибки о невозможности соединения с контролларами домена.
Действительно, на всех серверах команда nltest /dclist:my.domain.local дает результат:
Cannot find DC to get DC list from.Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
При этом если запускать ту же команду на самом контроллере домена, то все находится нормально:
nltest /dclist:my.domain.local
Get list of DCs in domain ‘my.domain.local’ from ‘\ad1.my.domain.local’.
ad1.my.domain.local [PDC] [DS] Site: mysite
AD2.my.domain.local [DS] Site: mysite
The command completed successfully

dcdiag ошибок не выдает.

DNS для домена, вроде, работает нормально: на всех серверах если запустить nslookup _ldap._tcp.mysite._sites.my.domain.local
То получится

_ldap._tcp.mysite._sites.my.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ad2.my.domain.local
_ldap._tcp.mysite._sites.my.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ad1.my.domain.local
ad2.my.domain.local internet address = xxx.xxx.xxx.xxx
ad2.my.domain.local AAAA IPv6 address = xxxx:xxxx:xxxx::xxxx:xxxx
ad1.my.domain.local internet address = xxx.xxx.xxx.xxx

Как бы еще понять, в чем может быть проблема?

Источник

Error no such domain 1355

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

I get the
following error (I_NetLogonControlfailed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN) on our PDC when
running the NLTEST Command. As mentioned before all the forums I’ve read
relating to this error, is that we have numerous domain controllers and this
fault/error only pops up on the PDC.

I have disabled
all firewall settings within the OS and the AV End Point. However highly doubt
that this is the problem, as these are set by policies that apply to all DC.

We have a
trust with one of our Subsidiaries in South Africa, where our Exchange is hosted;
they report that this is causing issues on their side. I would like to confirm
this, is this error related to the DC hosting the PDC Role or is this somewhere
else I need to start investigating. Other individuals stated in the forums that
when the move the PDC role, the error moves with it.

Make sure DC Is not multihomed. Please disable unused NIC’s from DC.

Also make sure DNS is setup properly and there is no name resolution problem. Verify SRV Records are registred in DNS properly — http://support.microsoft.com/kb/241515

If nothing helps post DCDiag /q results from your PDC.

MCSA|MCITP SA|Microsoft Exchange 2003 Blog — http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

please exclude http://support.microsoft.com/kb/253096 as you didn’t mention the OS version. Please post the complete command you use, no porblem to change domain names, BUT keep the format.

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP — Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

COMMAND>nltest /server:SERVER (PDC) /sc_QUERY:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

OS Version in Post : Server 2008 R2

DCDIAG /Q Results run on PDC , with elevated rights

C:>dcdiag /q
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
CN=Schema,CN=Configuration,DC=fnb,DC=root
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=x,DC=x
. server failed test NCSecDesc
An error event occurred. EventID: 0x0000165B
Time Generated: 07/11/2012 11:30:35
Event String:
The session setup from computer ‘x’ failed because the se
curity database does not contain a trust account ‘x$’ referenced by t
he specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 07/11/2012 11:32:59
Event String:
The session setup from the computer x failed to authentic
ate. The following error occurred:
. x failed test SystemLog

Источник

Error no such domain 1355

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

We have two Active directory domain forest. We need to enable two way trust between both the domains so as to enable resource sharing. Below is the details:

1. Domain 1- Functional level 2003- All DC are on 2008 R2 OS

2. Domain 2- Functional level 2003- All DC are on Win 2003.

Below ports are open bi-directionally as these domains are separated by a Firewall

389 UDP+TCP,445 TCP,88 UDP+TCP,135 TCP,53 TCP+UDP, 3268 TCP

Conditional forwarder is being added on both domain DNS and is pointing to respective Domain controller IP.

While creating domain trust after entering the domain name, only two options is coming 1. To create realm trsut and other Trust with windows domain. This option should not come ideally as both my domains are Window domain. Also on clicking next teh trust wizard is finishing saying cannot continue. While running NLTEST /dsgetdc: domain FQDN from either domain getting below error:

Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Just to mention, while creating trust we have checked for the connection log in the firewall and only the above mentioned ports was getting hit from one DC IP to other DC Ip and teh connection was successful. This was to get sure i am not missing any ports which is required and communication is not opened.

Источник

Error no such domain 1355

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

I have a domain with two Windows Server 2008 DCs, let’s say it’s DC01 and DC02. Both DCs are DNS servers authoritative for the domain. DC01 holds all FSMO roles, incuding PDC Emulator.

The problem is sometimes one can’t access various domain-related resources: two examples are frequent lags when opening domain DFS shares and failed Exchange 2010 SP1 installation that logged «DC is no longer available» but later succedeed on another installation attempt (and the DC was up all the time). I think I narrowed the problem down to the PDC Emulator role which simply doesn’t seem to respond properly. I was able to transfer PDC Emulator role from DC01 to DC02 to test whether the problem is related to the underlying server but it seems the problem just moved with the role.

Here is an excert from nltest command (DC02 is the PDC here):

You also can’t find PDC Emulator using /dcname switch:

There are no suspicious entries in either DC’s event logs. In spite of the PDC problem it seems that PDC role itself works fine because users can change passwords, login on a workstation for the first time etc. Nonetheless I believe something is wrong now. I checked DNS domain zone and all important entries, including SRVs, are in place.

I’d appreciate any suggestions about where to start troubleshooting.

Answers

I would like to confirm that can you read any error message from the Event Viewer?

According to our internal material, this behavior is expected when this command is issued on the PDC for its own domain. The PDC is the source of the secure channel.

Sometimes, high load on domain controllers and firewalls can cause some network connectivity lags. You may read the following Microsoft TechNet articles for configuring Windows Firewall and troubleshooting network connectivity.

Active Directory Replication over Firewalls

I also would like to collect the following information to check if the domain controllers are health. For your convenience, I have created a workspace for you. You can upload the information files to the following link. (Please choose «Send Files to Microsoft»)

Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between ‘(‘ and ‘)’ when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding.

dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt

If you have any feedback on our support, please contact tngfb@microsoft.com .

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I would like to confirm that can you read any error message from the Event Viewer?

According to our internal material, this behavior is expected when this command is issued on the PDC for its own domain. The PDC is the source of the secure channel.

Sometimes, high load on domain controllers and firewalls can cause some network connectivity lags. You may read the following Microsoft TechNet articles for configuring Windows Firewall and troubleshooting network connectivity.

Active Directory Replication over Firewalls

I also would like to collect the following information to check if the domain controllers are health. For your convenience, I have created a workspace for you. You can upload the information files to the following link. (Please choose «Send Files to Microsoft»)

Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between ‘(‘ and ‘)’ when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding.

dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt

If you have any feedback on our support, please contact tngfb@microsoft.com .

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you for your time! I uploaded the text files containing dcdiag, repadmin and dnslint output. DC02 is the PDC there.

Regarding the rest of your post:

1. I can read all event logs without issues.

2. Firewalls are disabled on DCs and member servers.

3. Quick note: running nltest /dcname:contoso.com gets NERR_DCNotFound as I said, but running /dcname:CONTOSO (with NetBIOS name) gets correct results. Also the behavior of using nltest /sc_verify against PDC that you mentioned seems to explain the ERR_NO_SUCH_DOMAIN error.

4. I wouldn’t say I have highly loaded DCs as there is about 10 member web servers and about 20 workstations. I’d say it’s relatively small environment.

There are in fact some warnings and errors in dcdiag and dnslint outputs. I’m looking forward to hearing from you about them!

if you upload the files also to Windows Sky drive we can also follow them and help you.

The PDCEmulaor role is not used to access resources on domain servers, so this can’t be the reason for your problem. An unedited ipconfig /all can also help for starting to exclude some problems.

Is the second DC also Global catalog server, this is essential for Exchange, this requires access to GCs?

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

I have uploaded the log files “Wojciech Kowasz” provided to my SkyDrive for our further research. Here is the public link: http://cid-49401e22fd9c1bd2.office.live.com/self.aspx/.Public/tests.zip.

Here are the error message I find in dcdiag.txt:

Summary of test results for DNS servers used by the above domain

DNS server: 198.32.64.12 (l.root-servers.net.)

2 test failure on this DNS server

PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 — Description: This operation returned because the timeout period expired.)]

Total query time:0 min. 12 sec., Total WMI connection

time:0 min. 0 sec.

DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235 [Error details: 1460 (Type: Win32 — Description: This operation returned because the timeout period expired.)]

Total query time:0 min. 12 sec., Total WMI connection

time:0 min. 0 sec.

DNS server: 2001:500:2f::f (f.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f [Error details: 1460 (Type: Win32 — Description: This operation returned because the timeout period expired.)]

Total query time:0 min. 12 sec., Total WMI connection

time:0 min. 0 sec.

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30 [Error details: 1460 (Type: Win32 — Description: This operation returned because the timeout period expired.)]

Total query time:0 min. 12 sec., Total WMI connection

time:0 min. 0 sec.

DNS server: 2001:7fe::53 (i.root-servers.net.)

1 test failure on this DNS server

PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53 [Error details: 1460 (Type: Win32 — Description: This operation returned because the timeout period expired.)]

Total query time:0 min. 12 sec., Total WMI connection

time:0 min. 0 sec.

Based on the current situation, I would like to suggest you clear the DNS server cache by the command: Dnscmd ServerName /clearcache and the client machines’ DNS cache by the command: ipconfig /flushdns. For more information, please refer to the following Microsoft TechNet articles:

Clear the server names cache

Flush and reset a client resolver cache using the ipconfig command

In addition, please also disable IPv6 to test the issue. For the detailed steps, please refer to the following Microsoft KB article:

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008

If it does not work, please also upload the output of the command: ipconfig /all of the domain controllers and client machine to SkyDrive as “Meinolf Weber” required for our further research.

If you have any feedback on our support, please contact tngfb@microsoft.com .

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Edited by Arthur_Li Microsoft contingent staff Monday, January 3, 2011 5:12 AM add signature

please make sure the correct values exist «Missing Expected Value» according to:

Also you should run adprep /rodcprep to remove the error message in dcdaig about «Starting test: NCSecDesc», not a problem or required but keeps the output cleaner and doesn’t require to run RODCs.

Additional check the useraccountcontrol flag setting with:

Keep in mind that you use the public iprange on the DCs and you are open for attackers that way. Better reconfigure your design and use private iprange on them and connect via a router/firewall to the internet. Why is the public iprange used on them? At least you have to configure the firewall properly.

Which ip addresses does your domain members use? If they are in the private ip range you have the problem with DNS i assume, so please post an unedited ipconfig /all from a domain machine with problems.

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Sorry for the delay. I uploaded ipconfigs on my SkyDrive: http://cid-8bda2ed637ed7df5.office.live.com.

Some quick facts:

— all servers use public IP addresses
— IPv6 is already disabled on all servers
— firewall is disabled as well
— both DCs are Global Catalogs
— UAC is configured so that Admin-Approval is disabled (maybe this is why useraccountcontrol flag setting is incorrect?)

I don’t know what do you mean about the attackers part? The fact that I use public IP address on DCs with firewall disabled does not necessary mean that there is no firewall above. There is, of course, and only DNS traffic is allowed to DCs from the Internet. DNS is also the reason why the public addresses are there.

I’ll look into your suggestions with FRS parameter, RODC-related schema extensions and DNS cache clearing.

edit:

About «Missing expected value» error in dcdiag:

I did find out that msDFSR-ComputerReferenceBL attribute on both DCs here is Not Set so I guess that’s why the error pops out. I also found this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/2ce07c3f-9956-4bec-ae46-055f311c5d96/ but unfortunately there is no guide on how to change that attribute because it’s read only.

As a side note, I use FRS for SYSVOL replication and never tried to migrate it to DFS-R. I have some DFS-R groups in the domain but DCs are not members of any of them. Is this parameter really needed then and why it’s Not Set (I assume it’s a default value).

to modify the «Missing expected value» settings make sure to use RUNAS or an elevated command prompt to change them. Also make sure the used account is member of enterprise admins.

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Unfortunately, although I ran dsa.msc and adsiedit.msc as an administrator, the Add field is grayed out so I cannot modify this parameter.

The error message “Missing expected value” on msDFSR-ComputerReferenceBL mostly can be caused due to the DC is using NTFRS to replicate SYSVOL instead of DFSR.

To fix this issue, I would like to suggest you use DSFR for replication of SYSVOL. For the detailed steps, please refer to the following Microsoft TechNet article:

SYSVOL Replication Migration Guide: FRS to DFS Replication

If you have any feedback on our support, please contact tngfb@microsoft.com .

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

can you describe exactly the negative symptoms you are seeing that prompted you to search for help? What exactly made you conclude that this is related to PDC Emulator?

As Arthur has pointed out, the nltest behavior you mentioned is expected when being run on the PDC Emulator itself. In regard to DFS delay, are you using domain-based DFS implementation? Have you tried running network trace to determine what exactly is happening when a client attempts to contact a DFS target?

There is no single symptom that prompted me to search for help.

I see my applications failing from time to time and want to troubleshoot it. The most important symptom is my IIS application that fails several times a week (I mean, the application pool itself fails and w3wp.exe is terminated) due to being unable to access shared folders located on other servers. I don’t think it’s DFS-related because when I changed UNC path to point directly to the underlying file servers, the issue was still there. Then I saw another errors like Exchange setup that failed with «DC01 is no longer available» error when it was up and running all the time and even 10 minutes later the installation succeeded when run for the second time. I also saw some strange errors in DC’s Security event logs that stated «account doesn’t exist» for my IIS application’s context that was successfully logged in a few minutes back and later on. That makes me think that Active Directory problem is the root issue here.

So, as you can see, there are a few «weird» situations and I just want to look into them and see if it can improve. It’s hard to troubleshoot by, say, network trace because I would have to capture all-day-long network traffic to catch just the exact moment when the issues occur. It may be seconds that matter here.

I tied the whole problem with PDC Emulator because I observed the ERR_NO_SUCH_DOMAIN on PDC server but didn’t know it’s a «by design» behavior. That was something (easy to explain) I could escalate on the forums and I did. By the way, it really should be documented somewhere. I did google it extensively and had no luck finding any information that it’s ok to see such an error on PDC.

So, to sum up this thread, my question actuallly was answered (I marked it) even though it didn’t help. I don’t think that following the advices like rodcprep or migrate to DFSR replication could really help here. At the same time, however, I don’t expect more because I know it’s hard to help when you don’t know what the problem exactly is 🙂 So I think we should stop here. Thank you for your time! 🙂 I think maybe I will open up another thread on IIS forums to see if we can debug the failing apppool issue (maybe it’s not AD, after all).

Источник

Приветствую!
Заранее извиняюсь за сумбур.
Случилась беда. Лежит весь домен.
Всего 3 контроллера домена. DC1, DC4 в одном сайте, DC3 — в другом.
Началось с того, что основной контроллер (DC1) внезапно и безнадежно канул в лету. После тщетных попыток его восстановить из единственного систем-стэйта, было решено поднять новый по этой инструкции https://technet.microsoft.com/ru-ru/library/cc785849.aspx
Роли захватывал DC4. Всё прошло отлично до пункта с SYSVOL. NTFRS-репликация на вновь поднятый DC1 почему-то не шла и неудачные попытки ее оживить привели к полной неработоспособности вообще всего домена.
Признаюсь честно, пробовал рецепт из первого комментария отсюда http://eventid.net/display.asp?eventid=13568&eventno=1743&source=NtFrs&phase=1
Сначала исчезли ошибки и пошли нормальные сообщения, и потом я вернул «Enable Journal Wrap Automatic Restore» в 0 на всех доменах. Возможно после этого всё и началось.
При попытке залогиниться пользователь получает сообщение «The system cannot log you on due to the following error: The specified domain either does not exist or could not be contacted.»
DC4 (основной, на который были переданы все основные роли):
C:Documents and Settingsadmin>netdiag

…………………………………

Computer Name: DC4
DNS Host Name: dc4.concord.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 5, GenuineIntel
List of installed hotfixes :
KB2570791
KB2998527
KB3013410
KB957097
KB958644
KB958687
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : dc4
IP Address . . . . . . . . : 192.168.0.14
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . : 192.168.0.1
Primary WINS Server. . . . : 192.168.0.10
Secondary WINS Server. . . : 192.168.0.14
Dns Servers. . . . . . . . : 192.168.0.14
192.168.0.10

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.

Global results:

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DCDCBD18-BEB6-425A-A017-B97CFEC98B49}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS — All the DNS entries for DC are registered on DNS server ‘192.168.0.14
‘ and other DCs also have some of the names registered.
PASS — All the DNS entries for DC are registered on DNS server ‘192.168.0.10
‘ and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DCDCBD18-BEB6-425A-A017-B97CFEC98B49}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DCDCBD18-BEB6-425A-A017-B97CFEC98B49}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain ‘CONCORD’. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
‘CONCORD’: Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
‘CONCORD’: Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain ‘CONCORD’. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run «netsh ipsec dynamic show /?» for more detailed information

The command completed successfully

C:Documents and Settingsadmin>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
FRS DomainControllerName: (null)
Computer Name : DC4
Computer DNS Name : dc4.concord.com

BINDING TO THE DS:
ldap_connect : dc4.concord.com
DsBind : dc4.concord.com

NAMING CONTEXTS:
SitesDn : CN=Sites,cn=configuration,dc=concord,dc=com
ServicesDn : CN=Services,cn=configuration,dc=concord,dc=com
DefaultNcDn: DC=concord,DC=com
ComputersDn: CN=Computers,DC=concord,DC=com
DomainCtlDn: OU=Domain Controllers,DC=concord,DC=com
Fqdn : CN=DC4,OU=Domain Controllers,DC=concord,DC=com
Searching : Fqdn

COMPUTER: DC4
DN : cn=dc4,ou=domain controllers,dc=concord,dc=com
Guid : a7f4fd77-6f6b-491d-8ac256fab14c9a88
UAC : 0x00082000
Server BL : CN=DC4,CN=Servers,CN=Akonit,CN=Sites,CN=Configuration,DC=concord,
DC=com
Settings : cn=ntds settings,cn=dc4,cn=servers,cn=akonit,cn=sites,cn=configur
ation,dc=concord,dc=com
DNS Name : dc4.concord.com
WhenCreated : 2/12/2009 9:20:44 Russia TZ 2 Standard Time Russia TZ 2 Standa
rd Time [-180]
WhenChanged : 10/3/2015 19:32:52 Russia TZ 2 Standard Time Russia TZ 2 Stand
ard Time [-180]

SUBSCRIPTION: NTFRS SUBSCRIPTIONS
DN : cn=ntfrs subscriptions,cn=dc4,ou=domain controllers,dc=concord,dc=c
om
Guid : cfb61ea1-34c8-4979-8ea72df65283a7f3
Working : c:windowsntfrs
Actual Working: c:windowsntfrs
WhenCreated : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2 St
andard Time [-180]
WhenChanged : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2 St
andard Time [-180]

SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
=dc4,ou=domain controllers,dc=concord,dc=com
Guid : 450298ae-e734-4abf-9e4fc3f47d6baee2
Member Ref: CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Repli
cation Service,CN=System,DC=concord,DC=com
Root : c:windowssysvoldomain
Stage : c:windowssysvolstagingdomain
WhenCreated : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]
WhenChanged : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]
Subscriber Member Back Links:
cn=dc4,cn=domain system volume (sysvol share),cn=file replication service,
cn=system,dc=concord,dc=com

SETTINGS: FILE REPLICATION SERVICE
DN : cn=file replication service,cn=system,dc=concord,dc=com
Guid : 2c15400f-6070-44be-90293824d8c1648e
WhenCreated : 11/10/2001 20:28:33 Russia TZ 2 Standard Time Russia TZ 2 Stan
dard Time [-180]
WhenChanged : 2/12/2009 10:14:6 Russia TZ 2 Standard Time Russia TZ 2 Standa
rd Time [-180]

SET: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=file replication service,
cn=system,dc=concord,dc=com
Guid : d2f74eee-9985-48b1-b5d7dcb5b56d77ea
Type : 2
Primary Member: (null)
File Filter : *.tmp, *.bak, ~*
Dir Filter : (null)
FRS Flags : (null)
WhenCreated : 11/10/2001 20:35:47 Russia TZ 2 Standard Time Russia TZ 2 S
tandard Time [-180]
WhenChanged : 2/12/2009 10:15:8 Russia TZ 2 Standard Time Russia TZ 2 Sta
ndard Time [-180]

MEMBER: DC1
DN : cn=dc1,cn=domain system volume (sysvol share),cn=file replicatio
n service,cn=system,dc=concord,dc=com
Guid : 030f326e-540a-4fe5-910893e83caac413
Server Ref : CN=NTDS Settings,CN=DC1,CN=Servers,CN=Akonit,CN=Sites,
CN=Configuration,DC=concord,DC=com
Computer Ref : cn=dc1,ou=domain controllers,dc=concord,dc=com
Cracked Domain : concord.com
Cracked Name : 00000002 CONCORDDC1$
Cracked Domain : concord.com
Cracked Name : fffffff4 S-1-5-21-1304569826-626877892-1847928074-1758
6
Computer’s DNS : dc1.concord.com
WhenCreated : 10/9/2015 22:1:55 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]
WhenChanged : 10/9/2015 22:2:32 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]

CXTION: 27A9F25E-5F90-4F2D-A9F8-920AFD54D41F
DN : cn=27a9f25e-5f90-4f2d-a9f8-920afd54d41f,cn=ntds settings,cn=d
c1,cn=servers,cn=akonit,cn=sites,cn=configuration,dc=concord,dc=com
Guid : 70be9b5b-18b1-4068-94d30f3d8436e007
Partner Dn : cn=ntds settings,cn=dc4,cn=servers,cn=akonit,cn=sites
,cn=configuration,dc=concord,dc=com
Partner Rdn : NTDS SETTINGS
Enabled : TRUE
WhenCreated : 10/9/2015 22:6:54 Russia TZ 2 Standard Time Russia TZ
2 Standard Time [-180]
WhenChanged : 10/9/2015 22:37:32 Russia TZ 2 Standard Time Russia T
Z 2 Standard Time [-180]
Options : 0x00000001 [AutoGenCxtion ]
Schedule
Day 1: 111111111111111111111111
Day 2: 111111111111111111111111
Day 3: 111111111111111111111111
Day 4: 111111111111111111111111
Day 5: 111111111111111111111111
Day 6: 111111111111111111111111
Day 7: 111111111111111111111111

MEMBER: DC3
DN : cn=dc3,cn=domain system volume (sysvol share),cn=file replicatio
n service,cn=system,dc=concord,dc=com
Guid : d1330c13-8dfe-41ac-aa99f911e0951e9a
Server Ref : CN=NTDS Settings,CN=DC3,CN=Servers,CN=Farmproekt,CN=Si
tes,CN=Configuration,DC=concord,DC=com
Computer Ref : cn=dc3,ou=domain controllers,dc=concord,dc=com
Cracked Domain : concord.com
Cracked Name : 00000002 CONCORDDC3$
Cracked Domain : concord.com
Cracked Name : fffffff4 S-1-5-21-1304569826-626877892-1847928074-1534
9
Computer’s DNS : dc3.concord.com
WhenCreated : 3/26/2008 12:34:47 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]
WhenChanged : 2/12/2009 10:15:58 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]

CXTION: F8FDF71C-636F-42FA-BFD3-789EB493614D
DN : cn=f8fdf71c-636f-42fa-bfd3-789eb493614d,cn=ntds settings,cn=d
c3,cn=servers,cn=farmproekt,cn=sites,cn=configuration,dc=concord,dc=com
Guid : cc83954c-ec7e-4ee0-abc31ad9d5b743af
Partner Dn : cn=ntds settings,cn=dc4,cn=servers,cn=akonit,cn=sites
,cn=configuration,dc=concord,dc=com
Partner Rdn : NTDS SETTINGS
Enabled : TRUE
WhenCreated : 10/9/2015 1:9:54 Russia TZ 2 Standard Time Russia TZ
2 Standard Time [-180]
WhenChanged : 10/9/2015 21:28:15 Russia TZ 2 Standard Time Russia T
Z 2 Standard Time [-180]
Options : 0x00000005 [AutoGenCxtion OverrideNotifyDefault ]
Schedule
Day 1: ffffffffffffffffffffffff
Day 2: ffffffffffffffffffffffff
Day 3: ffffffffffffffffffffffff
Day 4: ffffffffffffffffffffffff
Day 5: ffffffffffffffffffffffff
Day 6: ffffffffffffffffffffffff
Day 7: ffffffffffffffffffffffff

MEMBER: DC4
DN : cn=dc4,cn=domain system volume (sysvol share),cn=file replicatio
n service,cn=system,dc=concord,dc=com
Guid : db9b3e11-0804-4a55-a37f3aded21aa45a
Server Ref : CN=NTDS Settings,CN=DC4,CN=Servers,CN=Akonit,CN=Sites,
CN=Configuration,DC=concord,DC=com
Computer Ref : cn=dc4,ou=domain controllers,dc=concord,dc=com
Cracked Domain : concord.com
Cracked Name : 00000002 CONCORDDC4$
Cracked Domain : concord.com
Cracked Name : fffffff4 S-1-5-21-1304569826-626877892-1847928074-1580
9
Computer’s DNS : dc4.concord.com
WhenCreated : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]
WhenChanged : 2/12/2009 10:20:38 Russia TZ 2 Standard Time Russia TZ 2
Standard Time [-180]

CXTION: B9410A0F-1C4B-4E81-9E23-19A174FD89F8
DN : cn=b9410a0f-1c4b-4e81-9e23-19a174fd89f8,cn=ntds settings,cn=d
c4,cn=servers,cn=akonit,cn=sites,cn=configuration,dc=concord,dc=com
Guid : da19afff-5f7c-4c28-a08298c16bdad88d
Partner Dn : cn=ntds settings,cn=dc3,cn=servers,cn=farmproekt,cn=s
ites,cn=configuration,dc=concord,dc=com
Partner Rdn : NTDS SETTINGS
Enabled : TRUE
WhenCreated : 10/9/2015 1:18:38 Russia TZ 2 Standard Time Russia TZ
2 Standard Time [-180]
WhenChanged : 10/9/2015 1:34:20 Russia TZ 2 Standard Time Russia TZ
2 Standard Time [-180]
Options : 0x00000005 [AutoGenCxtion OverrideNotifyDefault ]
Schedule
Day 1: ffffffffffffffffffffffff
Day 2: ffffffffffffffffffffffff
Day 3: ffffffffffffffffffffffff
Day 4: ffffffffffffffffffffffff
Day 5: ffffffffffffffffffffffff
Day 6: ffffffffffffffffffffffff
Day 7: ffffffffffffffffffffffff

CXTION: DD46D695-73A5-4356-A76C-F640558EB472
DN : cn=dd46d695-73a5-4356-a76c-f640558eb472,cn=ntds settings,cn=d
c4,cn=servers,cn=akonit,cn=sites,cn=configuration,dc=concord,dc=com
Guid : 82f15a02-b94e-4e52-849b14d1abf9b88b
Partner Dn : cn=ntds settings,cn=dc1,cn=servers,cn=akonit,cn=sites
,cn=configuration,dc=concord,dc=com
Partner Rdn : NTDS SETTINGS
Enabled : TRUE
WhenCreated : 10/9/2015 22:2:31 Russia TZ 2 Standard Time Russia TZ
2 Standard Time [-180]
WhenChanged : 10/9/2015 22:40:41 Russia TZ 2 Standard Time Russia T
Z 2 Standard Time [-180]
Options : 0x00000001 [AutoGenCxtion ]
Schedule
Day 1: 111111111111111111111111
Day 2: 111111111111111111111111
Day 3: 111111111111111111111111
Day 4: 111111111111111111111111
Day 5: 111111111111111111111111
Day 6: 111111111111111111111111
Day 7: 111111111111111111111111

C:Documents and Settingsadmin>dcdiag /q
[Replications Check,DC4] A recent replication attempt failed:
From DC1 to DC4
Naming Context: CN=Schema,CN=Configuration,DC=concord,DC=com
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2015-10-10 00:49:44.
The last success occurred at 2015-10-10 00:14:25.
1 failures have occurred since the last success.
The guid-based DNS name 5d8285c5-071e-4968-8c56-cd91925ba31c._msdcs.
concord.com
is not registered on one or more DNS servers.
[Replications Check,DC4] A recent replication attempt failed:
From DC1 to DC4
Naming Context: CN=Configuration,DC=concord,DC=com
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2015-10-10 00:49:47.
The last success occurred at 2015-10-10 00:29:47.
1 failures have occurred since the last success.
The guid-based DNS name 5d8285c5-071e-4968-8c56-cd91925ba31c._msdcs.
concord.com
is not registered on one or more DNS servers.
Unable to connect to the NETLOGON share! (\DC4netlogon)
[DC4] An net use or LsaPolicy operation failed with error 1203, Win32 E
rror 1203.
……………………. DC4 failed test NetLogons
Fatal Error:DsGetDcName (DC4) call failed, error 1355
The Locator could not find the server.
……………………. DC4 failed test Advertising
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. DC4 failed test frsevent
An Error Event occured. EventID: 0xC00038BB
Time Generated: 10/10/2015 00:48:52
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00110CD
Time Generated: 10/10/2015 00:49:00
Event String: The computer running the WINS server does not
An Error Event occured. EventID: 0x00000411
Time Generated: 10/10/2015 00:49:07
Event String: The DHCP service is not servicing any clients
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 10/10/2015 00:50:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B70
Time Generated: 10/10/2015 00:50:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 10/10/2015 00:55:17
Event String: The DHCP service failed to see a directory server
……………………. DC4 failed test systemlog
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located — All GC’s are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located — All the KDCs are down.
……………………. concord.com failed test FsmoCheck

Ситуация усугубляется еще тем, что еще и Exchange 2010 с самого падения DC1 стоит колом. Очень надеюсь на вашу скорейшую помощь, вплоть до денежного вознаграждения, иначе мне край

UPD: Проблема решилась следующим образом:
1. Выравнивание SOA DNS-серверов исправлением настроек
2. Восстановление SYSVOL при помощи burflag D4 — на основном и затем D2 — на вторичных.
Всем спасибо за советы!
Отдельное спасибо poor_sysadm !

Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору Товарищи из Microsoft об этом говорят так: Ссылка

Проверьте соединения DC вообще: Ссылка

И в заключение есть похожая тема в новостных группах: Ссылка

Источник

0x54b error no such domain

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

I get the
following error (I_NetLogonControlfailed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN) on our PDC when
running the NLTEST Command. As mentioned before all the forums I’ve read
relating to this error, is that we have numerous domain controllers and this
fault/error only pops up on the PDC.

I have disabled
all firewall settings within the OS and the AV End Point. However highly doubt
that this is the problem, as these are set by policies that apply to all DC.

We have a
trust with one of our Subsidiaries in South Africa, where our Exchange is hosted;
they report that this is causing issues on their side. I would like to confirm
this, is this error related to the DC hosting the PDC Role or is this somewhere
else I need to start investigating. Other individuals stated in the forums that
when the move the PDC role, the error moves with it.

All replies

Make sure DC Is not multihomed. Please disable unused NIC’s from DC.

Also make sure DNS is setup properly and there is no name resolution problem. Verify SRV Records are registred in DNS properly — http://support.microsoft.com/kb/241515

If nothing helps post DCDiag /q results from your PDC.

MCSA|MCITP SA|Microsoft Exchange 2003 Blog — http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

please exclude http://support.microsoft.com/kb/253096 as you didn’t mention the OS version. Please post the complete command you use, no porblem to change domain names, BUT keep the format.

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP — Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

COMMAND>nltest /server:SERVER (PDC) /sc_QUERY:DOMAIN
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

OS Version in Post : Server 2008 R2

DCDIAG /Q Results run on PDC , with elevated rights

C:>dcdiag /q
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
CN=Schema,CN=Configuration,DC=fnb,DC=root
Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=x,DC=x
. server failed test NCSecDesc
An error event occurred. EventID: 0x0000165B
Time Generated: 07/11/2012 11:30:35
Event String:
The session setup from computer ‘x’ failed because the se
curity database does not contain a trust account ‘x$’ referenced by t
he specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 07/11/2012 11:32:59
Event String:
The session setup from the computer x failed to authentic
ate. The following error occurred:
. x failed test SystemLog

Источник

0x54b error no such domain

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

We have two Active directory domain forest. We need to enable two way trust between both the domains so as to enable resource sharing. Below is the details:

1. Domain 1- Functional level 2003- All DC are on 2008 R2 OS

2. Domain 2- Functional level 2003- All DC are on Win 2003.

Below ports are open bi-directionally as these domains are separated by a Firewall

389 UDP+TCP,445 TCP,88 UDP+TCP,135 TCP,53 TCP+UDP, 3268 TCP

Conditional forwarder is being added on both domain DNS and is pointing to respective Domain controller IP.

While creating domain trust after entering the domain name, only two options is coming 1. To create realm trsut and other Trust with windows domain. This option should not come ideally as both my domains are Window domain. Also on clicking next teh trust wizard is finishing saying cannot continue. While running NLTEST /dsgetdc: domain FQDN from either domain getting below error:

Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Just to mention, while creating trust we have checked for the connection log in the firewall and only the above mentioned ports was getting hit from one DC IP to other DC Ip and teh connection was successful. This was to get sure i am not missing any ports which is required and communication is not opened.

Источник

0x54b error no such domain

Если у вас не работает один из способов авторизации, сконвертируйте свой аккаунт по ссылке

Авторизуясь в LiveJournal с помощью стороннего сервиса вы принимаете условия Пользовательского соглашения LiveJournal

• October 2022

1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

РЕШЕНИЕ: проблема была в файерволе, блокирующем запросы к контроллерам домена.

Имеется домен win 2008, my.domain.local, с двумя домен контроллерами, один из которых ad1.my.domain.local — по совместительству DNS сервер
Все работало хорошо, пока в один день на всех серверах сети в логах не стали появляться ошибки о невозможности соединения с контролларами домена.
Действительно, на всех серверах команда nltest /dclist:my.domain.local дает результат:
Cannot find DC to get DC list from.Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
При этом если запускать ту же команду на самом контроллере домена, то все находится нормально:
nltest /dclist:my.domain.local
Get list of DCs in domain ‘my.domain.local’ from ‘\ad1.my.domain.local’.
ad1.my.domain.local [PDC] [DS] Site: mysite
AD2.my.domain.local [DS] Site: mysite
The command completed successfully

dcdiag ошибок не выдает.

DNS для домена, вроде, работает нормально: на всех серверах если запустить nslookup _ldap._tcp.mysite._sites.my.domain.local
То получится

_ldap._tcp.mysite._sites.my.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ad2.my.domain.local
_ldap._tcp.mysite._sites.my.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ad1.my.domain.local
ad2.my.domain.local internet address = xxx.xxx.xxx.xxx
ad2.my.domain.local AAAA IPv6 address = xxxx:xxxx:xxxx::xxxx:xxxx
ad1.my.domain.local internet address = xxx.xxx.xxx.xxx

Как бы еще понять, в чем может быть проблема?

Источник

Adblock
detector