Stratégie de sécurité du domaine inaccessible

[foufur]

Bonjour,

J'essaye de faire fonctionner les GPO. Rien n'était donc configuré avant sur les serveurs.

lorsque je lance le gestionnaire de stratégie de sécurité du domaine, une petite fenêtre apparait m'indiquant que le chemin spécifié est introuvable.
Je ferme cette fenêtre et la fenêtre du gestionnaire de stratégie de sécurité du domaine apparait mais sans que je puisse modifier quoi que ce soit.

Avez vous une idée du problème?

 

[Membre supprimé 1]

problème DNS, ou pire ton AD qui merdoie.

Dans les 2 cas, tu es dans le mouise. Parce que si ton dns foire, ton AD va pas tarder à suivre et si c'est ton AD qui foire alors tu es vraiment dedans. J'espère pour toi que tu as un bon backup.

 

[foufur]

......

j'ai fait un dcdiag pour voir les problemes.
voici le résultat:


DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Site1\SERVEUR
Starting test: Connectivity
......................... SERVEUR passed test Connectivity

Doing primary tests

Testing server: Site1\SERVEUR
Starting test: Replications
......................... SERVEUR passed test Replications
Starting test: NCSecDesc
......................... SERVEUR passed test NCSecDesc
Starting test: NetLogons
......................... SERVEUR passed test NetLogons
Starting test: Advertising
......................... SERVEUR passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVEUR passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVEUR passed test RidManager
Starting test: MachineAccount
......................... SERVEUR passed test MachineAccount
Starting test: Services
......................... SERVEUR passed test Services
Starting test: ObjectsReplicated
......................... SERVEUR passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVEUR passed test frssysvol
Starting test: kccevent
......................... SERVEUR passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40011006
Time Generated: 10/17/2005 12:07:31
Event String: The connection was aborted by the remote WINS.

......................... SERVEUR failed test systemlog

Running enterprise tests on : MonDomaine.be
Starting test: Intersite
......................... MonDomaine.be passed test Intersite
Starting test: FsmoCheck
......................... MonDomaine.be passed test FsmoCheck


L'erreur parle du service WINS...
Est ce possible?
Le serveur WINS n'est utile que pour quelques machines mais est quand meme utile

 

[Membre supprimé 1]

cherche pas plus loin, c'est lié à ton erreur sysvol, qui contient tes groupes policies.

Rien de plus précis dans tes logs?

 

[foufur]

je dois chercher quoi au juste dans les logs?
J'ai rien sur sysvol
voici le resultat dcdiag du deuxieme DC (y'en a 2):


DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Site2\SERVEUR2
Starting test: Connectivity
......................... SERVEUR2 passed test Connectivity

Doing primary tests

Testing server: Site2\SERVEUR2
Starting test: Replications
......................... SERVEUR2 passed test Replications
Starting test: NCSecDesc
......................... SERVEUR2 passed test NCSecDesc
Starting test: NetLogons
......................... SERVEUR2 passed test NetLogons
Starting test: Advertising
......................... SERVEUR2 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVEUR2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVEUR2 passed test RidManager
Starting test: MachineAccount
......................... SERVEUR2 passed test MachineAccount
Starting test: Services
......................... SERVEUR2 passed test Services
Starting test: ObjectsReplicated
......................... SERVEUR2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVEUR2 passed test frssysvol
Starting test: kccevent
......................... SERVEUR2 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0011093
Time Generated: 10/17/2005 17:53:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0011093
Time Generated: 10/17/2005 17:53:50
(Event String could not be retrieved)
......................... SERVEUR2 failed test systemlog

Running enterprise tests on : MonDomaine.be
Starting test: Intersite
......................... MonDomaine.be passed test Intersite
Starting test: FsmoCheck
......................... MonDomaine.be passed test FsmoCheck

J'ai regardé le répertoire sysvol, il y a bien un dossier policies avec un dossier ID et 3 sous-dossiers (admn, user et machine).

 

[Membre supprimé 1]

dans ton dcdiag, on vois déjà des erreurs "0x40011006 " et "0xC0011093" peux-tu mettre le résultat d'un netdiag.

Vérifie aussi la topologie de ton réseau pour la réplication.

 

[foufur]

voici le netdiag du serveur1:


.......................................

Computer Name: serveur1
DNS Host Name: serveur1.MonDomaine.be
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB823980
KB824105
KB824146
KB825119
KB826232
KB828035
KB828741
KB828749
KB830352
KB834707-IE6SP1-20040929.091901
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB867282-IE6SP1-20050127.163319
KB870763
KB871250
KB873333
KB873339
KB883939-IE6SP1-20050428.125228
KB885250
KB885834
KB885835
KB885836
KB888113
KB890046
KB890047
KB890175
KB890859
KB890923-IE6SP1-20050225.103456
KB891711
KB891781
KB893066
KB893086
KB893756
KB893803
KB893803v2
KB894320
KB896358
KB896422
KB896423
KB896727-IE6SP1-20050719.165959
KB897715-OE6SP1-20050503.210336
KB899587
KB899588
KB899591
KB901214
Q147222
Q816093
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : serveur1
IP Address . . . . . . . . : 10.0.0.3
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.250
Primary WINS Server. . . . : 10.0.0.3
Dns Servers. . . . . . . . : 10.0.0.3


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8762FB1A-22A8-408C-829E-1B4BEB4A76ED}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.3' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8762FB1A-22A8-408C-829E-1B4BEB4A76ED}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8762FB1A-22A8-408C-829E-1B4BEB4A76ED}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'serveur1.MonDomaine.be'.
[WARNING] Failed to query SPN registration on DC 'serveur2.MonDomaine.be'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully




voici le netdiag du serveur2:


......................................

Computer Name: serveur2
DNS Host Name: serveur2.MonDomaine.be
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 5 Stepping 2, GenuineIntel
List of installed hotfixes :
KB828741
KB835732
KB837001
Q147222


Netcard queries test . . . . . . . : Passed
GetStats failed for 'Parallèle direct'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Miniport réseau étendu (IP) - Miniport d'ordonnancement de paquets' may not be working because it has not received any packets.
GetStats failed for 'Miniport réseau étendu (PPTP)'. [ERROR_GEN_FAILURE]
[WARNING] The net card 'Miniport réseau étendu (IP)' may not be working because it has not received any packets.
GetStats failed for 'Miniport réseau étendu (L2TP)'. [ERROR_NOT_SUPPORTED]



Per interface results:

Adapter : Connexion au réseau local

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : serveur2
IP Address . . . . . . . . : 192.168.0.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.254
Dns Servers. . . . . . . . : 192.168.0.10
192.168.0.3


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{FF029F03-8B2A-4B3C-8A79-A7D9CE5BFDC3}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.10' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.3' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{FF029F03-8B2A-4B3C-8A79-A7D9CE5BFDC3}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FF029F03-8B2A-4B3C-8A79-A7D9CE5BFDC3}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'PBB' is to '\\serveur1.MonDomaine.be'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'serveur2.MonDomaine.be'.
[WARNING] Failed to query SPN registration on DC 'serveur1.MonDomaine.be'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but test failed to get current policy information.


The command completed successfully


Pour la réplication, j'ai fait plusieurs tests de créations de users et de changement de script. tout me parrait ok à ce niveau

 

[foufur]

au fait, les deux serveurs sont dans des batiments différents, séparés par des routers.
Cela explique les différents rang d'adresse IP!

Dans le dcdiag, les tests de replications sont OK. Cela répond-il a ta question, goud???

Merci pour le temps que tu me consacres

 

[foufur]

j'ai modifié les informations DNS du serveur1 voici maintenant son dcdiag:

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: site1\serveur1
Starting test: Connectivity
......................... serveur1 passed test Connectivity

Doing primary tests

Testing server: site1\serveur1
Starting test: Replications
......................... serveur1 passed test Replications
Starting test: NCSecDesc
......................... serveur1 passed test NCSecDesc
Starting test: NetLogons
......................... serveur1 passed test NetLogons
Starting test: Advertising
......................... serveur1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... serveur1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... serveur1 passed test RidManager
Starting test: MachineAccount
......................... serveur1 passed test MachineAccount
Starting test: Services
......................... serveur1 passed test Services
Starting test: ObjectsReplicated
......................... serveur1 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... serveur1 passed test frssysvol
Starting test: kccevent
......................... serveur1 passed test kccevent
Starting test: systemlog
......................... serveur1 passed test systemlog

Running enterprise tests on : MonDomaine.be
Starting test: Intersite
......................... MonDomaine.be passed test Intersite
Starting test: FsmoCheck
......................... MonDomaine.be passed test FsmoCheck


c'est quoi l'erreur frssysvol?

 

[Membre supprimé 1]

je cherche, mais je vois pas. Tu pourrais peut-être également poster sur ce forum

Vous devez être connecté pour voir les liens.