Windows server 2003 AD 全局编录失效的处理

Windows server 2003 AD 全局编录失效的处理

                           2007-12  -20   

 

故障现象 ：

JJ的门户系统登录是在域里面认证的。客户反应，在使用过程中不时弹出一个对话框，要求对输入用户名密码。检查可能是域的问题。

JJ 站点的DC已经设置成GC，但用LDP和replmon工具软件查看GC的角色没有起作用。

 

测试：

  用LDP 测试 isGlobalCatalogReady:FALSE; (这里为FALSE,与系统设置的不符）

 

ld = ldap_open("10.1.127.12", 389);

Established connection to 10.1.127.12.

Retrieving base DSA information...

Result <0>: (null)

Matched DNs:

Getting 1 entries:                                                                                       

>> Dn:

       1> currentTime: 12/22/2007 12:36:55  ;

       1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=GOOD,DC=net;

       1> dsServiceName: CN=NTDS Settings,CN=JJPDC001,CN=Servers,CN=jinjie,CN=Sites,CN=Configuration,DC=GOOD,DC=net;

       5> namingContexts: DC=GOOD,DC=net; CN=Configuration,DC=GOOD,DC=net; CN=Schema,CN=Configuration,DC=GOOD,DC=net; DC=ForestDnsZones,DC=GOOD,DC=net; DC=DomainDnsZones,DC=GOOD,DC=net;

       1> defaultNamingContext: DC=GOOD,DC=net;

       1> schemaNamingContext: CN=Schema,CN=Configuration,DC=GOOD,DC=net;

       1> configurationNamingContext: CN=Configuration,DC=GOOD,DC=net;

       1> rootDomainNamingContext: DC=GOOD,DC=net;

       23> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948;

       2> supportedLDAPVersion: 3; 2;

       12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;

       1> highestCommittedUSN: 1550722;

       4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;

       1> dnsHostName: JJPDC001.GOOD.net;

       1> ldapServiceName: GOOD.net:[email protected];

       1> serverName: CN=JJPDC001,CN=Servers,CN=jinjie,CN=Sites,CN=Configuration,DC=GOOD,DC=net;

       3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;

       1> isSynchronized: TRUE;

       1 > isGlobalCatalogReady:FALSE;

       1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );

       1> forestFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );

       1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );

 

处理过程

  对JJ的DC进行全备份；

  修改注册表,增添红色方框的内容

  修改后立即用LDP测试，结果还是isGlobalCatalogReady:FALSE;

        重新启动DC服务器（一定要重新启动）

  

再LDP测试

            isGlobalCatalogReady:TRUE；（变成TRUE了）

 

经过这样处理，门户系统再也不出现认证对话框了