决定在 Blog 上有限地与大家公开分享我为网友解答问题及排错的经验和心得。这里需要注意标题中的 Q&A&T,他们分别是 Question;Answer;TroubleShooting 的缩写,其中要多加个 T 意在表示这个问题解答中包含排错的经验和心得。
网友Q:一台 ISA 服务器为 AD 成员,之前 ISA 运行良好,最近 ISA 总报 RPC 错误,无法登录到 AD?
A&T:首选需要检查日志中是否有可疑的警告或错误事件报告,经过查阅发现一条来源:Winlogon,事件ID:1219的错误警告。
在描述中明确指出RPC服务不可用,说明RPC及相关的服务出现了故障,使用addiag、dcdiag、netdiag分别作了测试,其中netdiag中检测到了可疑信息。
D:\Support Tools>netdiag
...................................
Computer Name: ISA
DNS Host Name: isa.contoso.com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB911564
KB925398_WMP64
KB925876
KB925902
KB930178
KB931768
KB931784
KB931836
KB932168
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS 同步适配器' may not be working because it has no
t received any packets.
GetStats failed for '直接并口'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'WAN 微型端口 (PPTP)'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'WAN 微型端口 (PPPOE)'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'WAN 微型端口 (IP)' may not be working because it has
not received any packets.
GetStats failed for 'WAN 微型端口 (L2TP)'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Intel(R) PRO/1000 MT Network Connection' may not be
working.
Per interface results:
Adapter : contoso
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.145.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.194.145.5
10.194.145.8
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : Internet
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 202.202.202.2
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 202.202.202.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 202.202.202.202
IpConfig results . . . . . : Failed
[WARNING] Your default gateway is not on the same subnet as your IP
address.
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : VPDN
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.146.129
Subnet Mask. . . . . . . . : 255.255.255.192
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : DMZ
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 172.16.0.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : EP
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 172.18.145.18
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : JL
Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 0.0.0.0
Subnet Mask. . . . . . . . : 0.0.0.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
Adapter : {6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.146.65
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\contoso*MAILSLOTNETNETLOGON' vi
a redir. [ERROR_BAD_NETPATH]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
'contoso': No DCs are up.
Trust relationship test. . . . . . : Failed
'contoso': No DCs are up (Cannot run test).
Secure channel for domain 'contoso' is to '\WSUS.contoso.com'.
Kerberos test. . . . . . . . . . . : Skipped
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'fileserver.contoso.com'.
[WARNING] Failed to query SPN registration on DC 'WSUS.contoso.com'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
D:\Support Tools>
从上述错误中可以看到一些服务器因 NetBT 故障导致运行错误,运行"Services.msc"进入服务管理器检查并允许自动运行"TCP/IP NetBIOS helper"服务,之后发现问题依然存在。继续检查内网连接的网卡TCP/IP属性配置下“高级”-“WINS”-“NetBIOS 设置”,应确保内部网卡启用“默认”设置或“启用 TCP/IP 上的 NetBIOS”设置。
因管理员之前为了保证 ISA 的安全,禁用了“TCP/IP NetBIOS helper”服务,并且在TCP/IP高级属性中启用了“禁用 TCP/IP 上的 NetBIOS”(之前询问时管理员一直未回忆起进行过该项操作!:-)),导致 RPC 故障。经过恢复配置该问题得到了解决。建议,因为 ISA 为 AD 成员,所以因该保留内部网卡的TCP/IP配置,并为每个外部网卡单独配置“禁用 TCP/IP 上的 NetBIOS”,无须禁用“TCP/IP NetBIOS helper”服务。
支持。