标题:[Q&A&T] ISA 服务器遭遇 RPC 故障 出处:gOxiA=苏繁=SuFan Blog 时间:Tue, 04 Sep 2007 12:57:54 +0000 作者:gOxiA 地址:https://goxia.maytide.net/read.php/107.htm 内容: 决定在 Blog 上有限地与大家公开分享我为网友解答问题及排错的经验和心得。这里需要注意标题中的 Q&A&T,他们分别是 Question;Answer;TroubleShooting 的缩写,其中要多加个 T 意在表示这个问题解答中包含排错的经验和心得。 网友Q:一台 ISA 服务器为 AD 成员,之前 ISA 运行良好,最近 ISA 总报 RPC 错误,无法登录到 AD? A&T:首选需要检查日志中是否有可疑的警告或错误事件报告,经过查阅发现一条来源:Winlogon,事件ID:1219的错误警告。 在描述中明确指出RPC服务不可用,说明RPC及相关的服务出现了故障,使用addiag、dcdiag、netdiag分别作了测试,其中netdiag中检测到了可疑信息。 D:\Support Tools>netdiag ................................... Computer Name: ISA DNS Host Name: isa.contoso.com System info : Windows 2000 Server (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB911564 KB925398_WMP64 KB925876 KB925902 KB930178 KB931768 KB931784 KB931836 KB932168 Q147222 Netcard queries test . . . . . . . : Passed [WARNING] The net card 'RAS 同步适配器' may not be working because it has not received any packets. GetStats failed for '直接并口'. [ERROR_NOT_SUPPORTED] GetStats failed for 'WAN 微型端口 (PPTP)'. [ERROR_NOT_SUPPORTED] GetStats failed for 'WAN 微型端口 (PPPOE)'. [ERROR_NOT_SUPPORTED] [WARNING] The net card 'WAN 微型端口 (IP)' may not be working because it has not received any packets. GetStats failed for 'WAN 微型端口 (L2TP)'. [ERROR_NOT_SUPPORTED] [WARNING] The net card 'Intel(R) PRO/1000 MT Network Connection' may not beworking. Per interface results: Adapter : contoso Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 10.194.145.2 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : 10.194.145.5 10.194.145.8 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Skipped NetBT is disabled on this interface. [Test skipped] WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Adapter : Internet Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 202.202.202.2 Subnet Mask. . . . . . . . : 255.255.255.248 Default Gateway. . . . . . : 202.202.202.1 NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : 202.202.202.202 IpConfig results . . . . . : Failed [WARNING] Your default gateway is not on the same subnet as your IPaddress. AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Skipped NetBT is disabled on this interface. [Test skipped] WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Adapter : VPDN Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 10.194.146.129 Subnet Mask. . . . . . . . : 255.255.255.192 Default Gateway. . . . . . : NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Skipped NetBT is disabled on this interface. [Test skipped] WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Adapter : DMZ Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 172.16.0.1 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Skipped NetBT is disabled on this interface. [Test skipped] WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Adapter : EP Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 172.18.145.18 Subnet Mask. . . . . . . . : 255.255.255.248 Default Gateway. . . . . . : NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Skipped NetBT is disabled on this interface. [Test skipped] WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Adapter : JL Netcard queries test . . . : Failed NetCard Status: DISCONNECTED Some tests will be skipped on this interface. Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 0.0.0.0 Subnet Mask. . . . . . . . : 0.0.0.0 Default Gateway. . . . . . : NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : Adapter : {6981CD9A-AA04-4FEE-8986-0B672B1A35BE} Netcard queries test . . . : Passed Host Name. . . . . . . . . : isa IP Address . . . . . . . . : 10.194.146.65 Subnet Mask. . . . . . . . : 255.255.255.255 Default Gateway. . . . . . : Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed Redir and Browser test . . . . . . : Failed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE} The browser is bound to 1 NetBt transport. [FATAL] Cannot send mailslot message to '\contoso*MAILSLOTNETNETLOGON' via redir. [ERROR_BAD_NETPATH] DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Failed 'contoso': No DCs are up. Trust relationship test. . . . . . : Failed 'contoso': No DCs are up (Cannot run test). Secure channel for domain 'contoso' is to '\WSUS.contoso.com'. Kerberos test. . . . . . . . . . . : Skipped LDAP test. . . . . . . . . . . . . : Passed [WARNING] Failed to query SPN registration on DC 'fileserver.contoso.com'. [WARNING] Failed to query SPN registration on DC 'WSUS.contoso.com'. Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully D:\Support Tools> 从上述错误中可以看到一些服务器因 NetBT 故障导致运行错误,运行"Services.msc"进入服务管理器检查并允许自动运行"TCP/IP NetBIOS helper"服务,之后发现问题依然存在。继续检查内网连接的网卡TCP/IP属性配置下“高级”-“WINS”-“NetBIOS 设置”,应确保内部网卡启用“默认”设置或“启用 TCP/IP 上的 NetBIOS”设置。 因管理员之前为了保证 ISA 的安全,禁用了“TCP/IP NetBIOS helper”服务,并且在TCP/IP高级属性中启用了“禁用 TCP/IP 上的 NetBIOS”(之前询问时管理员一直未回忆起进行过该项操作!:-)),导致 RPC 故障。经过恢复配置该问题得到了解决。建议,因为 ISA 为 AD 成员,所以因该保留内部网卡的TCP/IP配置,并为每个外部网卡单独配置“禁用 TCP/IP 上的 NetBIOS”,无须禁用“TCP/IP NetBIOS helper”服务。 Generated by Bo-blog 2.1.1 Release