Herramientas de diagnóstico para un Controlador de Dominio ( Capitulo II Primera Parte )

Realizar un diagnóstico del DC

Ante algún posible fallo relacionado con el AD, lo primero que podemos mirar es el resultado que se produce al ejecutar las siguientes herramientas de diagnóstico para el servicio de directorio (para poder hacer uso de ellas es necesario instalar las support tools del CD de Windows 2003):

 1. DCDIAG
Esta herramienta sirve para hacer una serie de test a los DC’s del dominio o bosque con el fin de poder encontrar algún error entre ellos. Un ejemplo de un dcdiag de un DC que esté funcionando correctamente puede ser el siguiente:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCLAB1
Starting test: Connectivity
……………………. DCLAB1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCLAB1
Starting test: Replications
……………………. DCLAB1 passed test Replications
Starting test: NCSecDesc
……………………. DCLAB1 passed test NCSecDesc
Starting test: NetLogons
……………………. DCLAB1 passed test NetLogons
Starting test: Advertising
……………………. DCLAB1 passed test Advertising
Starting test: KnowsOfRoleHolders
……………………. DCLAB1 passed test KnowsOfRoleHolders
Starting test: RidManager
……………………. DCLAB1 passed test RidManager
Starting test: MachineAccount
……………………. DCLAB1 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [DCLAB1]
……………………. DCLAB1 failed test Services
Starting test: ObjectsReplicated
……………………. DCLAB1 passed test ObjectsReplicated
Starting test: frssysvol
……………………. DCLAB1 passed test frssysvol
Starting test: frsevent
……………………. DCLAB1 passed test frsevent
Starting test: kccevent
……………………. DCLAB1 passed test kccevent
Starting test: systemlog
……………………. DCLAB1 passed test systemlog
Starting test: VerifyReferences
……………………. DCLAB1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom

Running partition tests on : laboratorio
Starting test: CrossRefValidation
……………………. laboratorio passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. laboratorio passed test CheckSDRefDom

Running enterprise tests on : laboratorio.test
Starting test: Intersite
……………………. laboratorio.test passed test Intersite
Starting test: FsmoCheck
……………………. laboratorio.test passed test FsmoCheck

Una opción interesante para chequear con ésta herramienta es que el DC haya registrado correctamente en los DNS los registros necesarios para que sea reconocido y anunciado en el AD como un DC válido:

dcdiag /test:registerindns /dnsdomain:FQDN /v
ej:
dcdiag /test:registerindns /dnsdomain:Laboratorio.test /v

La salida del comando si está correcto será:

controladominio1

En caso de que el resultado no sea correcto habría que repasar los DNS que tiene configurado a nivel de la conexión de red para verificar que son los adecuados.

2. NETDIAG
Esta herramienta sirve para hacer una serie de test a nivel de red y conexiones en el DC que se lanza. Un ejemplo de un netdiag puede ser el siguiente:
>

    Computer Name: DCLAB1
    DNS Host Name: dclab1.laboratorio.test
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB824151
        KB825119
        KB828035
        KB828741
        KB833987
        KB834707
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB840374
        KB840987
        KB841356
        KB841533
        KB867460
        KB867801
        KB873376
        Q147222
        Q828026

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : LAN-Desarrollo

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : dclab1
        IP Address . . . . . . . . : 192.168.102.101
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.102.1
        Dns Servers. . . . . . . . : 213.163.5.137

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Failed
            No gateway reachable for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> ‘WorkStation Service’, <03> ‘Messenger Service’, <20> ‘WINS’ names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Virtual_Interna

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : dclab1
        IP Address . . . . . . . . : 10.1.1.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.1.1.1
                                     10.1.1.2

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> ‘WorkStation Service’, <03> ‘Messenger Service’, <20> ‘WINS’ names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{91873FE9-2F61-4E21-947C-E99F39ABF65E}
        NetBT_Tcpip_{B8D698CD-89BC-4E98-B2A6-B5F1616783EE}
    2 NetBt transports currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don’t have a single interface with the <00> ‘WorkStation Service’, <03> ‘Messenger Service’, <20> ‘WINS’ names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            ‘dclab1.laboratorio.test.’. [ERROR_TIMEOUT]
            The name ‘dclab1.laboratorio.test.’ may not be registered in DNS.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 213.163.5.137, ERROR_TIMEOUT.
    PASS – All the DNS entries for DC are registered on DNS server ‘10.1.1.1’ and other DCs also have some of the names registered.
    PASS – All the DNS entries for DC are registered on DNS server ‘10.1.1.2’ and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{91873FE9-2F61-4E21-947C-E99F39ABF65E}
        NetBT_Tcpip_{B8D698CD-89BC-4E98-B2A6-B5F1616783EE}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{91873FE9-2F61-4E21-947C-E99F39ABF65E}
        NetBT_Tcpip_{B8D698CD-89BC-4E98-B2A6-B5F1616783EE}
    The browser is bound to 2 NetBt transports.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run “netsh ipsec dynamic show /?” for more detailed information

The command completed successfully

 3. REPADMIN
Esta herramienta sirve para comprobar las réplicas entre los servidores. A continuación se muestra un ejemplo en el que se ven las réplicas establecidas y llevadas a cabo por el servidor “server1”:

repadmin /showrepl server1.microsoft.com
Press Enter and the following output is displayed:

repadmin /showrepl server1.microsoft.com
Building7a\server1
DC Options : IS_GC
Site OPtions: (none)
DC object GUID : 405db077-le28-4825-b225-c5bb9af6f50b
DC invocationID: 405db077-le28-4825-b225-c5bb9af6f50b

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=microsoft,Dc=com
    Building7b\server2 via RPC
         objectGuid: e55c6c75-75bb-485a-a0d3-020a44c3afe7
         last attempt @ 2002-09-09 12:25.35 was successful.

 

CN=Configuration,DC=microsoft,Dc=com
    Building7b\server2 via RPC
          objectGuid: e55c6c75-75bb-485a-a0d3-020a44c3afe7
         last attempt @ 2002-09-09 12:25.10 was successful.

 

DC=microsoft,Dc=com
     Building7b\server2 via RPC
          objectGuid: e55c6c75-75bb-485a-a0d3-020a44c3afe7
          last attempt @ 2001-09-09 12:25.11 was successful

Etiquetas: , , ,

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s


A %d blogueros les gusta esto: