Привет Всем! Нужна помощь:
На Домен Контроллерах под Windows Server 2008 R2, не запускаются DNS (DNS интегрированный с АД), вылаиют ошибки 4000 и 4007, переустановка DNSа не помогла, та-же ошибка.
В нете на эту ошибку куча решений, переустановка ДНС, откат обновлений, добавление прав, ничего не помогло.
Сейчас временное решение: DNS поднята на другом сервере, прописал сервера решил на время проблему авторизации пользователей.


C:\Users\Administrator.MYDOMAIN>DCDIAG /test:DNS

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = server
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\server
Starting test: Connectivity
......................... SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... server failed test DNS

Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : mydomain
Running enterprise tests on : mydomain.oil
Starting test: DNS
Test results for domain controllers:

DC: SERVER.mydomain.oil
Domain: mydomain.oil


TEST: Basic (Basc)
Warning: adapter
[00000013] HP Network Teaming Virtual Miniport Driver has
invalid DNS server: 127.0.0.1 (SERVER)
Warning: adapter
[00000013] HP Network Teaming Virtual Miniport Driver has
invalid DNS server: 192.168.10.2 (SERVER)
Warning: adapter
[00000013] HP Network Teaming Virtual Miniport Driver has
invalid DNS server: 192.168.10.7 (<name unavailable>)
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.10.2 (SERVER)
2 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.mydomain.oil. failed
on the DNS server 192.168.10.2

DNS server: 192.168.10.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.10.7 Name resolution is not functional. _ldap._tc
p.mydomain.oil. failed on the DNS server 192.168.10.7

SERVER PASS WARN n/a n/a n/a n/a n/a
......................... mydomain.oil passed test DNS

Вывод ipconfig /all с сервера покажите.

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : mydomain.oil
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.oil
System Quarantine State . . . . . : Not Restricted


Ethernet adapter DUAL-LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-1F-29-C7-73-90
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.10.2
192.168.10.7
192.168.10.10
NetBIOS over Tcpip. . . . . . . . : Enabled

DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.10.2
192.168.10.7
192.168.10.10 »
Укажите в качестве предпочитаемого DNS адрес 192.168.10.2 и оставьте один альтернативный DNS сервер и снова запустите dcdiag /test:DNS и описание ошибок приведите.

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SERVER
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
The host abc63fb0-ab7e-4177-aaad-9df76fde4774._msdcs.mydomain.oil could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... SERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... SERVER failed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : mydomain

Running enterprise tests on : mydomain.oil
Starting test: DNS
Test results for domain controllers:

DC: SERVER.mydomain.oil
Domain: mydomain.oil


TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter
[00000013] HP Network Teaming Virtual Miniport Driver has
invalid DNS server: 192.168.10.2 (SERVER)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.10.2 (SERVER)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.mydomain.oil. failed
on the DNS server 192.168.10.2

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mydomain.oil
SERVER PASS FAIL n/a n/a n/a n/a n/a

......................... mydomain.oil failed test DNS

C:\>

Что за ошибки появляются при запуске DNS службы?

ПРи запуске службы появляются ошибки 4000 и 4007, сама служба DNS стартует (статус "работает"), но сервис DNS в оснастке администрирования помечен красным крестиком не работает.

Домен Контроллер после перехода с 2003-го месяца 3-4 работал нормально, 1 июля начились траблы..

В свойствах службы DNS на закладке Зависимости посмотрите все службы из списка работают. Покажите вывод dnscmd /EnumDirectoryPartitions с сервера.

C:\>dnscmd /EnumDirectoryPartitions
Directory partition enumeration failed
status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5
C:\>

Да, все зависимости работают, (ADDS, DCOM, RPC)

Command failed: ERROR_ACCESS_DENIED 5 0x5 »
Запускали от имени Администратора?

Да!

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.>dnscmd /EnumDirectoryPartitions

Directory partition enumeration failed
status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5


C:\Users\Administrator.>

ошибки 4000 »
Посмотрите Kb316685 (http://support.microsoft.com/kb/316685).

Видел, делал, не помогло ! ((

Народ, есть еще идеи?????????????

Sabarak,
Покажите вывод DCDIAG /test:DNS /v, DCDIAG /test:services /v и net share.

D:\>DCDIAG /test:DNS /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERVER, is a Directory Server.
Home Server = SERVER
* Connecting to directory service on server SERVER.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=oil,
LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=M-BAZA,CN=Sites,CN=Co
nfiguration,DC=mydomain,DC=oil
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=GOROD,CN=Sites,CN=Conf
iguration,DC=mydomain,DC=oil
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=oil,
LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BAZA,CN=Servers,CN=M
-BAZA,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=GRD,CN=Servers,CN=GOROD,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER failed test DNS

Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running enterprise tests on : mydomain.oil
Starting test: DNS
Test results for domain controllers:

DC: SERVER.mydomain.oil
Domain: mydomain.oil


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Enterprise (Service Pack lev
el: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000013] HP Network Teaming Virtual Miniport Driver:
MAC address is 33:3F:33:C3:33:33
IP Address is static
IP address: 192.168.10.2
DNS servers:
192.168.10.10 (<name unavailable>) [Valid]
Warning:
192.168.10.2 (SERVER) [Invalid]
Warning: adapter
[00000013] HP Network Teaming Virtual Miniport Driver
has invalid DNS server: 192.168.10.2 (SERVER)
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
[Error details: 5 (Type: Win32 - Description: Access is denied
.)]

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.10.2 (SERVER)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.mydomain.oil. failed
on the DNS server 192.168.10.2
[Error details: 1460 (Type: Win32 - Description: This operation r
eturned because the timeout period expired.)]

DNS server: 192.168.10.10 (<name unavailable>)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mydomain.oil
SERVER PASS WARN n/a n/a n/a n/a n/a

......................... mydomain.oil passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

D:\>


D:\>DCDIAG /test:services /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERVER, is a Directory Server.
Home Server = SERVER
* Connecting to directory service on server SERVER.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=oil,
LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=M-BAZA,CN=Sites,CN=Co
nfiguration,DC=mydomain,DC=oil
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=GOROD,CN=Sites,CN=Conf
iguration,DC=mydomain,DC=oil
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=oil,
LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BAZA,CN=Servers,CN=M
-BAZA,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=GRD,CN=Servers,CN=GOROD,CN=Sites,CN=Configuration,DC=mydomain,DC=oil
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER passed test Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS
Test omitted by user request: DNS

Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running enterprise tests on : mydomain.oil
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

D:\>

D:\>net share

Share name Resource Remark

-------------------------------------------------------------------------------
ADMIN$ C:\Windows Remote Admin
IPC$ Remote IPC
C$ C:\ Default share
D$ D:\ Default share
F$ F:\ Default share
print$ C:\Windows\system32\spool\drivers
Printer Drivers
NETLOGON C:\Windows\SYSVOL\sysvol\mydomain.oil\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.


D:\>