HQY

WindowsServer2016主域和辅助域无法抄写及所有加入域的服务器客户端无法访问域

hqy 发表于2023-07-08 16:21:11 浏览826 评论0

WindowsServer2016主域和辅助域无法抄写及所有加入域的服务器客户端无法访问域

您好，

公司昨天中午开始，几台服务器莫名中招了木马病毒，其中就包括2台主辅AD域控服务器，所有带固定IP的服务器的DNS1,2都被修改为了8.8.8.8和9.9.9.9,手动改回正确的DNS后，没多久就会自动被修改回去。我们经过使用企业版火绒安全扫描后，发现了木马病毒，并进行了清理，同时我们还发现不明的任务排程，也一并删除了。删除后，截止到今天，服务器的DNS都正常，不会被篡改了。但同时，我们两台域控服务器出现了异常，所有之前加入网域的客户端，均无法和网域服务器联系了，还有加入过域控的服务器，包括文件服务器，查看之前分享的文件，文件夹的安区页也都无法正常显示之前设置的域组或者用户，都是问号等信息，无法显示了。但2台域服务器本身基本操作均正常，包括服务器本身的某个文件夹查看属性-安区页，均能添加该域的用户信息。另外，我们尝试查询一些资料，发现这2台域控服务器也无法相互抄写。使用DCDIAG命令和DCDIAG /TEST:DNS /V /E诊断，均报错和RPC Bind失败有关，麻烦协助一下，该如何处理？谢谢。

DCDIAG诊断结果如下，是在辅助域DCSSH2上运行的结果：

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DCSSH2
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: HX-SH\DCSSH2
Starting test: Connectivity
......................... DCSSH2 passed test Connectivity

Doing primary tests

Testing server: HX-SH\DCSSH2
Starting test: Advertising
......................... DCSSH2 passed test Advertising
Starting test: FrsEvent
......................... DCSSH2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... DCSSH2 failed test DFSREvent
Starting test: SysVolCheck
......................... DCSSH2 passed test SysVolCheck
Starting test: KccEvent
......................... DCSSH2 passed test KccEvent
Starting test: KnowsOfRoleHolders
[DCSSH1] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: DCSSH1 is the Schema Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
......................... DCSSH2 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DCSSH2 passed test MachineAccount
Starting test: NCSecDesc
......................... DCSSH2 passed test NCSecDesc
Starting test: NetLogons
......................... DCSSH2 passed test NetLogons
Starting test: ObjectsReplicated
......................... DCSSH2 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DCSSH2] A recent replication attempt failed:
From DCSSH1 to DCSSH2
Naming Context: DC=ForestDnsZones,DC=hx,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2021-07-06 10:50:41.
The last success occurred at 2021-07-05 14:57:33.
21 failures have occurred since the last success.
[Replications Check,DCSSH2] A recent replication attempt failed:
From DCSSH1 to DCSSH2
Naming Context: DC=DomainDnsZones,DC=hx,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2021-07-06 10:50:41.
The last success occurred at 2021-07-05 15:20:57.
21 failures have occurred since the last success.
[Replications Check,DCSSH2] A recent replication attempt failed:
From DCSSH1 to DCSSH2
Naming Context: CN=Schema,CN=Configuration,DC=hx,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2021-07-06 10:52:05.
The last success occurred at 2021-07-05 14:45:05.
21 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DCSSH2] A recent replication attempt failed:
From DCSSH1 to DCSSH2
Naming Context: CN=Configuration,DC=hx,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2021-07-06 10:51:23.
The last success occurred at 2021-07-05 15:09:08.
21 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DCSSH2] A recent replication attempt failed:
From DCSSH1 to DCSSH2
Naming Context: DC=hx,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2021-07-06 10:54:53.
The last success occurred at 2021-07-05 15:21:29.
22 failures have occurred since the last success.
The source remains down. Please check the machine.
......................... DCSSH2 failed test Replications
Starting test: RidManager
......................... DCSSH2 failed test RidManager
Starting test: Services
......................... DCSSH2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x000003F8
Time Generated: 07/06/2021 11:06:45
Event String: The DHCP service encountered the following error when backing up the database:
An error event occurred. EventID: 0x000003F8
Time Generated: 07/06/2021 11:07:05
Event String: The DHCP service encountered the following error when backing up the database:
An error event occurred. EventID: 0x000003F2
Time Generated: 07/06/2021 11:07:05
Event String: The DHCP service encountered the following error while cleaning up the database:
......................... DCSSH2 failed test SystemLog
Starting test: VerifyReferences
......................... DCSSH2 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : hx
Starting test: CheckSDRefDom
......................... hx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... hx passed test CrossRefValidation

Running enterprise tests on : hx.com
Starting test: LocatorCheck
......................... hx.com passed test LocatorCheck
Starting test: Intersite
......................... hx.com passed test Intersite

6 июля 2021 г. 9:35

Michael.ZZZ

0 Баллы

Ответы

netsh ipsec static show policy all

netsh ipsec static show filterlist all level=verbose如果执行完出现带有关键字为“netbc ” 的安全策略

或运行gpedit 直接访问安全策略，查看详细信息

如果确认服务器有此项，则建议通过以下命令或者直接访问删除策略：

netsh ipsec static delete policy name=netbc

然后创建一个GPO，执行以下脚本，应用至所有服务器、计算机OU（每5分钟运行一次）

powershell.exe -command "Get-WMIObject -Query \"select * from CommandLineEventConsumer where name='Windows Events Consumer' \" -Namespace 'root/subscription' | remove-wmiobject"powershell.exe -command "Get-WMIObject -Query \"select * from __EventFilter where name='Windows Events Filter' \" -Namespace 'root/subscription' | remove-wmiobject"powershell.exe -command "Remove-WmiObject -Class System_Anti_Virus_Core -Namespace root\DEFAULT "schtasks /Delete /TN "WindowsLogTasks" /Fschtasks /Delete /TN "System Log Security Check" /Fnetsh ipsec static delete policy netbcpowershell.exe -command "(Get-WmiObject win32_process -filter \"Name='powershell.exe' AND CommandLine LIKE '%%W Hidden -E JABwAGkAbgAgAD0A%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='powershell.exe' AND CommandLine LIKE '%%System_Anti_Virus_Core%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='cmd.exe' AND CommandLine LIKE '%%W Hidden -E JABwAGkAbgAgAD0A%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='cmd.exe' AND CommandLine LIKE '%%System_Anti_Virus_Core%%'\")| ForEach-Object {$_.terminate()}"

后期建议修改2-3次域管理员密码以及部署LAPS客户端，并确保所有的机器安装了最新的安全补丁，特别是MS17-010, 这一类恶意软件的传播方式会利用SMBV1的漏洞，此漏洞已经在MS17-010中修复.

9 июля 2021 г. 8:32

Huang, Jason

105 Баллы

Предложено в качестве ответа Huang, Jason 21 июля 2021 г. 9:20
Помечено в качестве ответа Michael.ZZZ 9 августа 2021 г. 8:44

Все ответы

0
Нужно войти
再补充DNS的诊断结果：

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine DCSSH2, is a Directory Server.
Home Server = DCSSH2

* Connecting to directory service on server DCSSH2.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hx,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hx,DC=com
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=HX-SH,CN=Sites,CN=Configuration,DC=hx,DC=com
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=HX-CC,CN=Sites,CN=Configuration,DC=hx,DC=com
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hx,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DCSSH1,CN=Servers,CN=HX-SH,CN=Sites,CN=Configuration,DC=hx,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DCSSH2,CN=Servers,CN=HX-SH,CN=Sites,CN=Configuration,DC=hx,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DCSCC1,CN=Servers,CN=HX-CC,CN=Sites,CN=Configuration,DC=hx,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DCSCC2,CN=Servers,CN=HX-CC,CN=Sites,CN=Configuration,DC=hx,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 4 DC(s). Testing 4 of them.

Done gathering initial info.

Doing initial required tests

Testing server: HX-SH\DCSSH1

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
[DCSSH1] DsBindWithSpnEx() failed with error 1722,

The RPC server is unavailable..
RPC Extended Error Info not available. Use group policy on the local machine at "Computer

Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.

Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

......................... DCSSH1 failed test Connectivity

Testing server: HX-SH\DCSSH2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DCSSH2 passed test Connectivity

Testing server: HX-CC\DCSCC1

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DCSCC1 passed test Connectivity

Testing server: HX-CC\DCSCC2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DCSCC2 passed test Connectivity

Doing primary tests

Testing server: HX-SH\DCSSH1

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Testing server: HX-SH\DCSSH2

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Testing server: HX-CC\DCSCC1

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Testing server: HX-CC\DCSCC2

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Starting test: DNS

Starting test: DNS

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...

Starting test: DNS

See DNS test in enterprise tests section for results
......................... DCSCC1 passed test DNS

See DNS test in enterprise tests section for results
......................... DCSSH2 passed test DNS

See DNS test in enterprise tests section for results
......................... DCSCC2 passed test DNS

See DNS test in enterprise tests section for results
......................... DCSSH1 failed test DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : hx

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : hx.com

Starting test: DNS

Test results for domain controllers:

DC: DCSSH2.hx.com

Domain: hx.com

TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported.

NETLOGON service is running

kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

MAC address is D0:94:66:84:29:AD
IP Address is static
IP address: 10.7.1.2
DNS servers:

10.7.1.1 (dcssh1.hx.com.) [Valid]
10.7.1.2 (DCSSH2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.7.1.253 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: hx.com.
Delegated domain name: _msdcs.hx.com.
DNS server: dcssh1.hx.com. IP:10.7.1.1 [Valid]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone hx.com
Test record dcdiag-test-record deleted successfully in zone hx.com

TEST: Records registration (RReg)
Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

Matching CNAME record found at DNS server 10.7.1.1:
ae935d44-6aeb-4575-809d-ea91d819a8d6._msdcs.hx.com

Matching A record found at DNS server 10.7.1.1:
DCSSH2.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.e826a4f8-d401-4838-a512-09a93e68a2e1.domains._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kerberos._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kerberos._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kerberos._udp.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kpasswd._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kerberos._tcp.HX-SH._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.HX-SH._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_kerberos._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.gc._msdcs.hx.com

Matching A record found at DNS server 10.7.1.1:
gc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_gc._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.1:
_ldap._tcp.HX-SH._sites.gc._msdcs.hx.com

Matching CNAME record found at DNS server 10.7.1.2:
ae935d44-6aeb-4575-809d-ea91d819a8d6._msdcs.hx.com

Matching A record found at DNS server 10.7.1.2:
DCSSH2.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.e826a4f8-d401-4838-a512-09a93e68a2e1.domains._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kerberos._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kerberos._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kerberos._udp.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kpasswd._tcp.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kerberos._tcp.HX-SH._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.HX-SH._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_kerberos._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.gc._msdcs.hx.com

Matching A record found at DNS server 10.7.1.2:
gc._msdcs.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_gc._tcp.HX-SH._sites.hx.com

Matching SRV record found at DNS server 10.7.1.2:
_ldap._tcp.HX-SH._sites.gc._msdcs.hx.com

DC: DCSCC2.hx.com

Domain: hx.com

TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported.

NETLOGON service is running

kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

MAC address is 2C:EA:7F:5A:01:9A
IP Address is static
IP address: 10.8.1.2
DNS servers:

10.8.1.1 (DCSCC1) [Valid]
10.8.1.2 (DCSCC2) [Valid]
127.0.0.1 (DCSCC2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.7.1.253 (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: hx.com.
Delegated domain name: _msdcs.hx.com.
DNS server: dcssh1.hx.com. IP:10.7.1.1 [Valid]

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone hx.com
Test record dcdiag-test-record deleted successfully in zone hx.com

TEST: Records registration (RReg)
Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

Matching CNAME record found at DNS server 10.8.1.1:
d58a98f7-9c72-44c8-8f37-f51f6e181428._msdcs.hx.com

Matching A record found at DNS server 10.8.1.1:
DCSCC2.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.e826a4f8-d401-4838-a512-09a93e68a2e1.domains._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kerberos._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kerberos._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kerberos._udp.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kpasswd._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kerberos._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_kerberos._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.gc._msdcs.hx.com

Matching A record found at DNS server 10.8.1.1:
gc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_gc._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.1:
_ldap._tcp.HX-CC._sites.gc._msdcs.hx.com

Matching CNAME record found at DNS server 10.8.1.2:
d58a98f7-9c72-44c8-8f37-f51f6e181428._msdcs.hx.com

Matching A record found at DNS server 10.8.1.2:
DCSCC2.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.e826a4f8-d401-4838-a512-09a93e68a2e1.domains._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._udp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kpasswd._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.gc._msdcs.hx.com

Matching A record found at DNS server 10.8.1.2:
gc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_gc._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.gc._msdcs.hx.com

Matching CNAME record found at DNS server 10.8.1.2:
d58a98f7-9c72-44c8-8f37-f51f6e181428._msdcs.hx.com

Matching A record found at DNS server 10.8.1.2:
DCSCC2.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.e826a4f8-d401-4838-a512-09a93e68a2e1.domains._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._udp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kpasswd._tcp.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.dc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_kerberos._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.gc._msdcs.hx.com

Matching A record found at DNS server 10.8.1.2:
gc._msdcs.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_gc._tcp.HX-CC._sites.hx.com

Matching SRV record found at DNS server 10.8.1.2:
_ldap._tcp.HX-CC._sites.gc._msdcs.hx.com

6 июля 2021 г. 9:39
Ответить
|
Цитировать
Michael.ZZZ
0 Баллы
0
Нужно войти
看到上面的错误主要集中在下面这块，该如何处理呢？
Starting test: KnowsOfRoleHolders
[DCSSH1] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: DCSSH1 is the Schema Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DCSSH1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
6 июля 2021 г. 9:40
Ответить
|
Цитировать
Michael.ZZZ
0 Баллы
Ответить
|
Цитировать
Michael.ZZZ
0 Баллы

0 Баллы

0 Баллы

Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

6 июля 2021 г. 23:11

flingmin

Wicresoft

(MSFT CSG)

7,785 Баллы

Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

8 июля 2021 г. 23:34

flingmin

Wicresoft

(MSFT CSG)

7,785 Баллы

flingmin 的建议，查看下相关端口号。

我建议端口修复完成后，对域控进行完整体检，同时检查下服务或者计划任务中是否有植入的异常计划任务，希望能够给你带来帮助。

9 июля 2021 г. 0:48

Bryan丶Song

360 Баллы

netsh ipsec static show policy all

netsh ipsec static show filterlist all level=verbose如果执行完出现带有关键字为“netbc ” 的安全策略

或运行gpedit 直接访问安全策略，查看详细信息

如果确认服务器有此项，则建议通过以下命令或者直接访问删除策略：

netsh ipsec static delete policy name=netbc

然后创建一个GPO，执行以下脚本，应用至所有服务器、计算机OU（每5分钟运行一次）

powershell.exe -command "Get-WMIObject -Query \"select * from CommandLineEventConsumer where name='Windows Events Consumer' \" -Namespace 'root/subscription' | remove-wmiobject"powershell.exe -command "Get-WMIObject -Query \"select * from __EventFilter where name='Windows Events Filter' \" -Namespace 'root/subscription' | remove-wmiobject"powershell.exe -command "Remove-WmiObject -Class System_Anti_Virus_Core -Namespace root\DEFAULT "schtasks /Delete /TN "WindowsLogTasks" /Fschtasks /Delete /TN "System Log Security Check" /Fnetsh ipsec static delete policy netbcpowershell.exe -command "(Get-WmiObject win32_process -filter \"Name='powershell.exe' AND CommandLine LIKE '%%W Hidden -E JABwAGkAbgAgAD0A%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='powershell.exe' AND CommandLine LIKE '%%System_Anti_Virus_Core%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='cmd.exe' AND CommandLine LIKE '%%W Hidden -E JABwAGkAbgAgAD0A%%'\")| ForEach-Object {$_.terminate()}" powershell.exe -command "(Get-WmiObject win32_process -filter \"Name='cmd.exe' AND CommandLine LIKE '%%System_Anti_Virus_Core%%'\")| ForEach-Object {$_.terminate()}"

9 июля 2021 г. 8:32

Huang, Jason

105 Баллы