問題:一臺 ISA 服務器爲 AD 成員,之前 ISA 運行良好,最近 ISA 總報 RPC 錯誤,無法登錄到 AD?
解決:首選需要檢查日誌中是否有可疑的警告或錯誤事件報告,經過查閱發現一條來源:Winlogon,事件ID:1219的錯誤警告。
在描述中明確指出RPC服務不可用,說明RPC及相關的服務出現了故障,使用addiag、dcdiag、netdiag分別作了測試,其中netdiag中檢測到了可疑信息。
D:\Support Tools>netdiag
...................................
Computer Name: ISA
DNS Host Name: isa.contoso.com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB911564
KB925398_WMP64
KB925876
KB925902
KB930178
KB931768
KB931784
KB931836
KB932168
Q147222
DNS Host Name: isa.contoso.com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB911564
KB925398_WMP64
KB925876
KB925902
KB930178
KB931768
KB931784
KB931836
KB932168
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS 同步適配器' may not be working because it has no
t received any packets.
GetStats failed for '直接並口'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'WAN 微型端口 (PPTP)'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'WAN 微型端口 (PPPOE)'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'WAN 微型端口 (IP)' may not be working because it has
not received any packets.
GetStats failed for 'WAN 微型端口 (L2TP)'. [ERROR_NOT_SUPPORTED]
[WARNING] The net card 'Intel(R) PRO/1000 MT Network Connection' may not be
working.
Per interface results:
Adapter : contoso
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.145.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.194.145.5
10.194.145.8
IP Address . . . . . . . . : 10.194.145.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.194.145.5
10.194.145.8
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
NetBT is disable on this interface. [Test skipped].
Adapter : Internet
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 202.202.202.2
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 202.202.202.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 202.202.202.202
IP Address . . . . . . . . : 202.202.202.2
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 202.202.202.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 202.202.202.202
IpConfig results . . . . . : Failed
[WARNING] Your default gateway is not on the same subnet as your IP
address.
address.
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
NetBT is disable on this interface. [Test skipped].
Adapter : VPDN
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.146.129
Subnet Mask. . . . . . . . : 255.255.255.192
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
IP Address . . . . . . . . : 10.194.146.129
Subnet Mask. . . . . . . . : 255.255.255.192
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
NetBT is disable on this interface. [Test skipped].
Adapter : DMZ
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 172.16.0.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
IP Address . . . . . . . . : 172.16.0.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
NetBT is disable on this interface. [Test skipped].
Adapter : EP
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 172.18.145.18
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
IP Address . . . . . . . . : 172.18.145.18
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
NetBT is disable on this interface. [Test skipped].
Adapter : JL
Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 0.0.0.0
Subnet Mask. . . . . . . . : 0.0.0.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
IP Address . . . . . . . . : 0.0.0.0
Subnet Mask. . . . . . . . : 0.0.0.0
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
Adapter : {6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : isa
IP Address . . . . . . . . : 10.194.146.65
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
IP Address . . . . . . . . : 10.194.146.65
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\contoso*MAILSLOTNETNETLOGON' vi
a redir. [ERROR_BAD_NETPATH]
NetBT_Tcpip_{6981CD9A-AA04-4FEE-8986-0B672B1A35BE}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\contoso*MAILSLOTNETNETLOGON' vi
a redir. [ERROR_BAD_NETPATH]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
'contoso': No DCs are up.
Trust relationship test. . . . . . : Failed
'contoso': No DCs are up (Cannot run test).
Secure channel for domain 'contoso' is to '\WSUS.contoso.com'.
Kerberos test. . . . . . . . . . . : Skipped
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'fileserver.contoso.com'.
[WARNING] Failed to query SPN registration on DC 'WSUS.contoso.com'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
D:\Support Tools>
從上述錯誤中可以看到一些服務器因 NetBT 故障導致運行錯誤,運行"Services.msc"進入服務管理器檢查並允許自動運行"TCP/IP
NetBIOS helper"服務,之後發現問題依然存在。繼續檢查內網連接的網卡TCP/IP屬性配置下“高級”-“WINS”-“NetBIOS 設置”,應確保內部網卡啓用“默認”設置或“啓用 TCP/IP 上的 NetBIOS”設置。![]()
因我之前爲了保證 ISA 的安全,禁用了“TCP/IP NetBIOS helper”服務,並且在TCP/IP高級屬性中啓用了“禁用 TCP/IP 上的 NetBIOS”(之前詢問時管理員一直未回憶起進行過該項操作!:-)),導致 RPC 故障。經過恢復配置該問題得到了解決。建議,因爲 ISA 爲 AD 成員,所以因該保留內部網卡的TCP/IP配置,併爲每個外部網卡單獨配置“禁用 TCP/IP 上的 NetBIOS”,無須禁用“TCP/IP NetBIOS helper”服務。