در توسینسو تدریس کنید

و

با دانش خود درآمد کسب کنید

هادی ساده

عدم شناسایی یوزر در دامین

سلام

امروز متوجه یه مشکلی شدم که وقتی یوزر جدید در اکتیو تعریف میکنم. در بعضی از سرور ها اون یوزر شناسایی نمیشه. مثلا در فایل سرور میخوام یوزر جدید رو به یه پوشه دسترسی بدم. ولی سرور یوزر رو پیدا نمیکنه....

دوستان کسی با این مشکل روبرو شده تا به حال؟

لذت یادگیری با توسینسو
به عنوان شخصی که مدت هاست از سایت توسینسو استفاده می کنم باید بگم که واقعاً یکی از بهترین مرجع ها برای ارتقاء دانش شخصی هست. دوره های سایت، راهکارها و مطالب، همگی عالی هستند.

زمان سيستم و DNS ها اول بررسي كن ببين تغييري نكردن

** Update, Backup & Security رمز موفقیت ادمین و پایداری شبکه **
هادی ساده

اقای توسلی عزیز، بررسی کردم

همه چی درست بوده

تو DC های دیگه هم این مشکل رو دارین ؟

DC سالمه ؟ خروجی دستورات زیر رو ارسال کنید.

Hostname

Netdom query fsmo

DCDiag /c /v /e /q

لطفا خروجی ها رو در قالب code box ارسال کنید. متشکرم

AMIRHOSSEIN KARIMPOUR
هادی ساده

سرور از دامین خارج کردم و مجدد عوض دامین

تاثیری نداشت. حالا الان مشکل دیگهای پیدا کردم که سرور رو نمیتونم با computer name باز کنم.باید حتما ip بزنم

 

تو تنظیمات کارت شبکه چک کنید ببینید Primary DNS server به DC اشاره می کنه ؟ 

AMIRHOSSEIN KARIMPOUR
هادی ساده

به غیر از اکتیوی که تو این شبکه هست، یه اکتیو دیگه دارم که خارج از سازمانه و به اکتیو داخل سازمان وصله.

اکتیو میتونه فایل سرور رو با computer name  ببینه. چون تو یه رنج IP هستن ولی کلاینتم حتی زمانی که دستی dns رو تنظیم میکنم باز نمیتونه ببینه.

نکته جالب اینه که وقتی dns اکتیو دوم که خارج از سازمان هست میزنم. کلاینت فایل سرور رو میبینه

منظورتون از "اکتیو" چی هست ؟ DC یا یه دامین جدا که به دامین داخل سازمان Trust داره ؟

AMIRHOSSEIN KARIMPOUR
هادی ساده

بله منظور DC هست (اکتیو دایرکتوری که dns هم روی این سرور هست)

DC داخلی با DC خارج از سازمان با هم replication دارن

DC داخل سازمان نقش GC رو بر عهده داره یا DC خارج سازمان (همونی که کلاینت ها میتونن با اسم اونو Ping کنن) ؟

DNS ها رو چجوری ست کردید روی کارت شبکه DC ها ؟ توی DC-1 آدرس DNS اول(Primary) رو برابر آی پی DC-2 بزارید و آدرس DNS دوم(Alternate) رو برابر ۱۲۷.۰.۰.۱. توی DC-2 هم آدرس DNS اول رو برابر DC-1 و آدرس DNS دوم رو ۱۲۷.۰.۰.۱ ست کنید.

AMIRHOSSEIN KARIMPOUR
هادی ساده

dns ها همینجوری تنظیم شدن با این تفاوت که بجای 127.0.0.1 ip خود سرور وارد شده.

تصویر اول nslookup از DC داخل سازمان هست.

تصویر دوم DC خارج از سازمان

مشکل همینجاست که DC اول fileserver رو پیدا نمیکنه

پیشنهاد می کنم به جای آدرس خود سرور ، ۱۲۷.۰.۰.۱ رو ست کنید.

از DC-1 میتونید آدرس IP فایل سرور رو Ping کنید ؟

فایروال فایل سرور رو خاموش کنید و مجددا تست کنید.

AMIRHOSSEIN KARIMPOUR
هادی ساده

DC-1 ، فایل سرور رو هم ping میکنه و هم با Computer Name باز میکنه.

فایروال خاموشه. حتی آنتی ویروس رو هم غیرفعال کردم ولی تاثیری نداشت.

مشکل قطعا بر میگرده به DNS سرور DC-1

حتی سرویس DNS رو هم ریست کردم ولی نشد

 

"مشکل همینجاست که DC اول fileserver رو پیدا نمیکنه"

منظورتون از پیدا نکردن چیه ؟ هنگام اتصال به فایل سرور چه خطایی دریافت می کنید ؟

AMIRHOSSEIN KARIMPOUR
هادی ساده

DC-1 میتونه فایل سرور رو Ping , با Computer Name باز کنه ولی وقتی nslookup میگیرم میزنه که پیدا نمیکنه.

DC-2 که خارج از سازمانه ارتباط Replication با DC-1 داره، یعنی هرچی User در DC-1 ساخته میشه رو عینا در DC-2 ساخته میشه. nslookup فایل سرور رو پیدا میکنه.

کلاینت ها فایل سرور رو میتونن با IP باز کنن ولی وقتی DC-1، IP به عنوان DNS کلاینت قرار میدم. (از ابتدا هم اینطور بوده)، دیگه کلاینت ها نمیتونن فایل سرور رو با  Computer Name باز کنن. ولی وقتی DNS به سمت DC-2 میره، باز میشه.

الان که چک کردم دیدم Replication درست انجام نشده، یعنی طی این چند روز هرچی رو DC-1 ساخته شده به DC-2 کپی نشده

هادی ساده

سرویس IPSec Policy Agent رو Disable کنید. ظاهرا DC هاتون سالم نیستن. خروجی دستور DCDiag /c /v /e /q رو ارسال کنید. خروجی Repadmin /replsummary رو هم ارسال کنید. هر دوی این دستورات رو توی DC-1 اجرا کنید.

AMIRHOSSEIN KARIMPOUR
هادی ساده

مهندس مشکل File Server برطرف شده.

ولی همچنان DC ها نمیتونن Replication انجام بدن.

دستور اول

C:\Users\h.sadeh>Repadmin /replsummary
Replication Summary Start Time: 2019-10-06 10:46:16

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 BDC                       21m:47s    0 /   5    0
 SINA              38d.19h:23m:13s    5 /   5  100  (2148074274) The target prin
cipal name is incorrect.


Destination DSA     largest delta    fails/total %%   error
 BDC               38d.19h:22m:05s    5 /   5  100  (2148074274) The target prin
cipal name is incorrect.
 SINA                      21m:47s    0 /   5    0

دستور دوم

C:\Users\h.sadeh>DCDiag /c /v /e /q
            [SINA] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with error
            8453,
         [SINA] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         [SINA] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SINA failed test NetLogons
         ......................... SINA failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         [Replications Check,SINA] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Replication access was denied."
         ......................... SINA failed test Replications
            Could not open NTDS Service on SINA, error 0x5 "Access is denied."
         ......................... SINA failed test Services
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:39:41
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was ldap/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:39:59
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was LDAP/SINA. This indicates that the target s
erver failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the
 account the target service is using. Ensure that the target SPN is only registe
red on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Ke
y Distribution Center for that target service. Ensure that the service on the se
rver and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (SINNA.DCO) is different from th
e client domain (SINNA.DCO), check if there are identically named server account
s in these two domains, or use the fully-qualified name to identify the server.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:45:49
            Event String:
            The session setup from computer 'NIKDEL-PC' failed because the secur
ity database does not contain a trust account 'NIKDEL-PC$' referenced by the spe
cified computer.
         ......................... SINA failed test SystemLog
         Warning: BDC is not advertising as a time server.
         ......................... BDC failed test Advertising
         [BDC] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BDC failed test DFSREvent
         ......................... BDC failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=ForestDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:08.
            The last success occurred at 2019-08-28 16:23:03.
            936 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=DomainDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:09.
            The last success occurred at 2019-08-28 16:23:03.
            1154 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Schema,CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:09.
            The last success occurred at 2019-08-28 16:23:03.
            934 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:10.
            The last success occurred at 2019-08-28 16:23:03.
            938 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:11.
            The last success occurred at 2019-08-28 16:41:56.
            26963 failures have occurred since the last success.
         ......................... BDC failed test Replications
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:07:48
            Event String:
            The session setup from computer 'NIKDEL-PC' failed because the secur
ity database does not contain a trust account 'NIKDEL-PC$' referenced by the spe
cified computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 10/06/2019   09:13:42
            Event String:
            The session setup from the computer NIKDEL-PC failed to authenticate
. The following error occurred:
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:25:36
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/702ddc
cc-7e33-4c01-a606-7b27ae90c635/sinna.dco@sinna.dco. This indicates that the targ
et server failed to decrypt the ticket provided by the client. This can occur wh
en the target server principal name (SPN) is registered on an account other than
 the account the target service is using. Ensure that the target SPN is only reg
istered on the account used by the server. This error can also happen if the tar
get service account password is different than what is configured on the Kerbero
s Key Distribution Center for that target service. Ensure that the service on th
e server and the KDC are both configured to use the same password. If the server
 name is not fully qualified, and the target domain (SINNA.DCO) is different fro
m the client domain (SINNA.DCO), check if there are identically named server acc
ounts in these two domains, or use the fully-qualified name to identify the serv
er.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:26:01
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was ldap/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:27:51
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was cifs/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:28:59
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was SINNA\SINA$. This indicates that the target
 server failed to decrypt the ticket provided by the client. This can occur when
 the target server principal name (SPN) is registered on an account other than t
he account the target service is using. Ensure that the target SPN is only regis
tered on the account used by the server. This error can also happen if the targe
t service account password is different than what is configured on the Kerberos
Key Distribution Center for that target service. Ensure that the service on the
server and the KDC are both configured to use the same password. If the server n
ame is not fully qualified, and the target domain (SINNA.DCO) is different from
the client domain (SINNA.DCO), check if there are identically named server accou
nts in these two domains, or use the fully-qualified name to identify the server
.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:40:14
            Event String:
            The session setup from computer 'AMIRI-PC' failed because the securi
ty database does not contain a trust account 'AMIRI-PC$' referenced by the speci
fied computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 10/06/2019   09:43:43
            Event String:
            The session setup from the computer AMIRI-PC failed to authenticate.
 The following error occurred:
         ......................... BDC failed test SystemLog
                  ......................... SINA failed test DNS
         Test results for domain controllers:

            DC: BDC.sinna.dco
            Domain: sinna.dco


               TEST: Delegations (Del)
                  Error:
                  Failed to enumerate the records at the zone root on the server
 BDC.sinna.dco

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: sinna.dco
               BDC                          PASS PASS PASS FAIL WARN FAIL n/a

         ......................... sinna.dco failed test DNS
هادی ساده

دستور دوم

C:\Users\h.sadeh>DCDiag /c /v /e /q
            [SINA] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with error
            8453,
         [SINA] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         [SINA] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SINA failed test NetLogons
         ......................... SINA failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         [Replications Check,SINA] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Replication access was denied."
         ......................... SINA failed test Replications
            Could not open NTDS Service on SINA, error 0x5 "Access is denied."
         ......................... SINA failed test Services
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:39:41
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was ldap/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:39:59
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was LDAP/SINA. This indicates that the target s
erver failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the
 account the target service is using. Ensure that the target SPN is only registe
red on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Ke
y Distribution Center for that target service. Ensure that the service on the se
rver and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (SINNA.DCO) is different from th
e client domain (SINNA.DCO), check if there are identically named server account
s in these two domains, or use the fully-qualified name to identify the server.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:45:49
            Event String:
            The session setup from computer 'NIKDEL-PC' failed because the secur
ity database does not contain a trust account 'NIKDEL-PC$' referenced by the spe
cified computer.
         ......................... SINA failed test SystemLog
         Warning: BDC is not advertising as a time server.
         ......................... BDC failed test Advertising
         [BDC] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BDC failed test DFSREvent
         ......................... BDC failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=ForestDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:08.
            The last success occurred at 2019-08-28 16:23:03.
            936 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=DomainDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:09.
            The last success occurred at 2019-08-28 16:23:03.
            1154 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Schema,CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:09.
            The last success occurred at 2019-08-28 16:23:03.
            934 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:10.
            The last success occurred at 2019-08-28 16:23:03.
            938 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 09:45:11.
            The last success occurred at 2019-08-28 16:41:56.
            26963 failures have occurred since the last success.
         ......................... BDC failed test Replications
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:07:48
            Event String:
            The session setup from computer 'NIKDEL-PC' failed because the secur
ity database does not contain a trust account 'NIKDEL-PC$' referenced by the spe
cified computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 10/06/2019   09:13:42
            Event String:
            The session setup from the computer NIKDEL-PC failed to authenticate
. The following error occurred:
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:25:36
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/702ddc
cc-7e33-4c01-a606-7b27ae90c635/sinna.dco@sinna.dco. This indicates that the targ
et server failed to decrypt the ticket provided by the client. This can occur wh
en the target server principal name (SPN) is registered on an account other than
 the account the target service is using. Ensure that the target SPN is only reg
istered on the account used by the server. This error can also happen if the tar
get service account password is different than what is configured on the Kerbero
s Key Distribution Center for that target service. Ensure that the service on th
e server and the KDC are both configured to use the same password. If the server
 name is not fully qualified, and the target domain (SINNA.DCO) is different fro
m the client domain (SINNA.DCO), check if there are identically named server acc
ounts in these two domains, or use the fully-qualified name to identify the serv
er.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:26:01
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was ldap/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:27:51
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was cifs/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   09:28:59
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was SINNA\SINA$. This indicates that the target
 server failed to decrypt the ticket provided by the client. This can occur when
 the target server principal name (SPN) is registered on an account other than t
he account the target service is using. Ensure that the target SPN is only regis
tered on the account used by the server. This error can also happen if the targe
t service account password is different than what is configured on the Kerberos
Key Distribution Center for that target service. Ensure that the service on the
server and the KDC are both configured to use the same password. If the server n
ame is not fully qualified, and the target domain (SINNA.DCO) is different from
the client domain (SINNA.DCO), check if there are identically named server accou
nts in these two domains, or use the fully-qualified name to identify the server
.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   09:40:14
            Event String:
            The session setup from computer 'AMIRI-PC' failed because the securi
ty database does not contain a trust account 'AMIRI-PC$' referenced by the speci
fied computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 10/06/2019   09:43:43
            Event String:
            The session setup from the computer AMIRI-PC failed to authenticate.
 The following error occurred:
         ......................... BDC failed test SystemLog
                  ......................... SINA failed test DNS
         Test results for domain controllers:

            DC: BDC.sinna.dco
            Domain: sinna.dco


               TEST: Delegations (Del)
                  Error:
                  Failed to enumerate the records at the zone root on the server
 BDC.sinna.dco

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: sinna.dco
               BDC                          PASS PASS PASS FAIL WARN FAIL n/a

         ......................... sinna.dco failed test DNS

دوست عزیز خروجی هر دو دستور رو لطفا "در قالب code box" ارسال کنید. 

Repadmin /replsummary
DCdiag /c /v /e /q
AMIRHOSSEIN KARIMPOUR
هادی ساده

مهندس مشکل Code Box بر طرف شد

به نظر میاد DCdiag و Repadmin رو با سطح دسترسی ادمین اجرا نکردید. لطفا Command Prompt رو Run as administrator کنید بعد خروجی دستور DCdiag /c /v /e /q و دستور repadmin /replsum رو ارسال کنید.

AMIRHOSSEIN KARIMPOUR
هادی ساده

هر دو با Run as administrator اجرا شدن.

دستور اول

C:\Windows\system32>Repadmin /replsummary
Replication Summary Start Time: 2019-10-06 17:45:42

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 BDC                       03m:24s    0 /   5    0
 SINA              39d.02h:22m:39s    5 /   5  100  (2148074274) The target prin
cipal name is incorrect.


Destination DSA     largest delta    fails/total %%   error
 BDC               39d.02h:21m:30s    5 /   5  100  (2148074274) The target prin
cipal name is incorrect.
 SINA                      03m:24s    0 /   5    0

دستور دوم

C:\Windows\system32>DCDiag /c /v /e /q
         [SINA] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SINA failed test DFSREvent
         ......................... SINA failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         An error event occurred.  EventID: 0x0000272C
            Time Generated: 10/06/2019   17:42:54
            Event String:
            DCOM was unable to communicate with the computer 8.8.8.8 using any o
f the configured protocols; requested by PID      660 (C:\Windows\system32\dcdia
g.exe).
         An error event occurred.  EventID: 0x0000272C
            Time Generated: 10/06/2019   17:43:00
            Event String:
            DCOM was unable to communicate with the computer 192.168.101.1 using
 any of the configured protocols; requested by PID      660 (C:\Windows\system32
\dcdiag.exe).
         ......................... SINA failed test SystemLog
         Warning: BDC is not advertising as a time server.
         ......................... BDC failed test Advertising
         [BDC] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... BDC failed test DFSREvent
         ......................... BDC failed test ObjectsReplicated
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=ForestDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 17:48:13.
            The last success occurred at 2019-08-28 16:23:03.
            957 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=DomainDnsZones,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 17:48:14.
            The last success occurred at 2019-08-28 16:23:03.
            1183 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Schema,CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 17:48:14.
            The last success occurred at 2019-08-28 16:23:03.
            954 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: CN=Configuration,DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 17:48:15.
            The last success occurred at 2019-08-28 16:23:03.
            962 failures have occurred since the last success.
         [Replications Check,BDC] A recent replication attempt failed:
            From SINA to BDC
            Naming Context: DC=sinna,DC=dco
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2019-10-06 17:48:15.
            The last success occurred at 2019-08-28 16:41:56.
            27334 failures have occurred since the last success.
         ......................... BDC failed test Replications
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   17:29:50
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was ldap/sina.sinna.dco. This indicates that th
e target server failed to decrypt the ticket provided by the client. This can oc
cur when the target server principal name (SPN) is registered on an account othe
r than the account the target service is using. Ensure that the target SPN is on
ly registered on the account used by the server. This error can also happen if t
he target service account password is different than what is configured on the K
erberos Key Distribution Center for that target service. Ensure that the service
 on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (SINNA.DCO) is differe
nt from the client domain (SINNA.DCO), check if there are identically named serv
er accounts in these two domains, or use the fully-qualified name to identify th
e server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   17:29:51
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was DNS/sina.sinna.dco. This indicates that the
 target server failed to decrypt the ticket provided by the client. This can occ
ur when the target server principal name (SPN) is registered on an account other
 than the account the target service is using. Ensure that the target SPN is onl
y registered on the account used by the server. This error can also happen if th
e target service account password is different than what is configured on the Ke
rberos Key Distribution Center for that target service. Ensure that the service
on the server and the KDC are both configured to use the same password. If the s
erver name is not fully qualified, and the target domain (SINNA.DCO) is differen
t from the client domain (SINNA.DCO), check if there are identically named serve
r accounts in these two domains, or use the fully-qualified name to identify the
 server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   17:30:07
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/702ddc
cc-7e33-4c01-a606-7b27ae90c635/sinna.dco@sinna.dco. This indicates that the targ
et server failed to decrypt the ticket provided by the client. This can occur wh
en the target server principal name (SPN) is registered on an account other than
 the account the target service is using. Ensure that the target SPN is only reg
istered on the account used by the server. This error can also happen if the tar
get service account password is different than what is configured on the Kerbero
s Key Distribution Center for that target service. Ensure that the service on th
e server and the KDC are both configured to use the same password. If the server
 name is not fully qualified, and the target domain (SINNA.DCO) is different fro
m the client domain (SINNA.DCO), check if there are identically named server acc
ounts in these two domains, or use the fully-qualified name to identify the serv
er.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 10/06/2019   17:30:44
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver sina$. The target name used was SINNA\SINA$. This indicates that the target
 server failed to decrypt the ticket provided by the client. This can occur when
 the target server principal name (SPN) is registered on an account other than t
he account the target service is using. Ensure that the target SPN is only regis
tered on the account used by the server. This error can also happen if the targe
t service account password is different than what is configured on the Kerberos
Key Distribution Center for that target service. Ensure that the service on the
server and the KDC are both configured to use the same password. If the server n
ame is not fully qualified, and the target domain (SINNA.DCO) is different from
the client domain (SINNA.DCO), check if there are identically named server accou
nts in these two domains, or use the fully-qualified name to identify the server
.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 10/06/2019   17:39:04
            Event String:
            The session setup from computer 'LOLO-PC' failed because the securit
y database does not contain a trust account 'LOLO-PC$' referenced by the specifi
ed computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 10/06/2019   17:43:43
            Event String:
            The session setup from the computer LOLO-PC failed to authenticate.
The following error occurred:
         ......................... BDC failed test SystemLog

وقتی به صورت دستی میزنم تا Replication انجام این ارور رو میده

پسورد Computer account دامین کنترلری که این مشکل رو باهاش دارید رو Reset کنید.

https://support.microsoft.com/en-sg/help/288167/error-message-target-principal-name-is-incorrect-when-manually-replica

اگه مشکل برطرف نشد لینک زیر رو ببینید :

https://community.spiceworks.com/topic/1965599-target-principal-name-is-incorrect 

AMIRHOSSEIN KARIMPOUR
پاسخ شما
برای ارسال پاسخ خود وارد شوید.
از سرتاسر توسینسو
تنظیمات حریم خصوصی
تائید صرفنظر
×

تو می تونی بهترین نتیجه رو تضمینی با بهترین های ایران بدست بیاری ، پس مقایسه کن و بعد خرید کن : فقط توی جشنواره پاییزه می تونی امروز ارزونتر از فردا خرید کنی ....