MCSE技术论坛

我今天在做实验的时候，出现了域登录的问题。

域：home.rock
操作系统：Windows Server 2003 R2
域帐户：rock_d
域管理员：root

客户端：mobile
操作系统：Windows Xp SP2 （英文版）
客户端帐户：rock
客户端管理员：root

在域控制器安全策略的用户权利分配的允许在本地登录里添加了Domain User组
在客户端的本地安全策略的用户权利分配的允许在本地登录里也添加了Domain User组

现在出现的问题是客户端能加入域，无法登录域。用域管理员帐户也无法登录。

客户端提示The system cannot log you on nowbecause the domain HOME is not avilable.

以下是用dcdiag得到的


Domain Controller Diagnosis

Performing initial setup:
  Done gathering initial info.

Doing initial required tests
 
  Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
        ......................... SERVER passed test Connectivity

Doing primary tests
 
  Testing server: Default-First-Site-Name\SERVER
      Starting test: Replications
        [Replications Check,SERVER] A recent replication attempt failed:
            From BK to SERVER
            Naming Context: DC=ForestDnsZones,DC=home,DC=rock
            The replication generated an error (1256):
            远程系统不可用。有关网络疑难解答，请参阅 Windows 帮助。
            The failure occurred at 2008-05-03 07:59:35.
            The last success occurred at 2008-04-29 23:05:36.
            80 failures have occurred since the last success.
        [BK] DsBindWithSpnEx() failed with error 1722,
        RPC 服务器不可用。.
        [Replications Check,SERVER] A recent replication attempt failed:
            From BK to SERVER
            Naming Context: DC=DomainDnsZones,DC=home,DC=rock
            The replication generated an error (1256):
            远程系统不可用。有关网络疑难解答，请参阅 Windows 帮助。
            The failure occurred at 2008-05-03 07:59:35.
            The last success occurred at 2008-04-29 23:05:36.
            80 failures have occurred since the last success.
        [Replications Check,SERVER] A recent replication attempt failed:
            From BK to SERVER
            Naming Context: CN=Schema,CN=Configuration,DC=home,DC=rock
            The replication generated an error (1722):
            RPC 服务器不可用。
            The failure occurred at 2008-05-03 08:00:18.
            The last success occurred at 2008-04-29 23:05:36.
            80 failures have occurred since the last success.
            The source remains down. Please check the machine.
        [Replications Check,SERVER] A recent replication attempt failed:
            From BK to SERVER
            Naming Context: CN=Configuration,DC=home,DC=rock
            The replication generated an error (1722):
            RPC 服务器不可用。
            The failure occurred at 2008-05-03 07:59:57.
            The last success occurred at 2008-04-29 23:05:46.
            80 failures have occurred since the last success.
            The source remains down. Please check the machine.
        [Replications Check,SERVER] A recent replication attempt failed:
            From BK to SERVER
            Naming Context: DC=home,DC=rock
            The replication generated an error (1722):
            RPC 服务器不可用。
            The failure occurred at 2008-05-03 07:59:35.
            The last success occurred at 2008-04-29 23:05:36.
            80 failures have occurred since the last success.
            The source remains down. Please check the machine.
        REPLICATION-RECEIVED LATENCY WARNING
        SERVER:  Current time is 2008-05-03 08:49:59.
            DC=ForestDnsZones,DC=home,DC=rock
              Last replication recieved from BK at 2008-04-29 23:05:36.
            DC=DomainDnsZones,DC=home,DC=rock
              Last replication recieved from BK at 2008-04-29 23:05:36.
            CN=Schema,CN=Configuration,DC=home,DC=rock
              Last replication recieved from BK at 2008-04-29 23:05:36.
            CN=Configuration,DC=home,DC=rock
              Last replication recieved from BK at 2008-04-29 23:05:46.
            DC=home,DC=rock
              Last replication recieved from BK at 2008-04-29 23:05:36.
        ......................... SERVER passed test Replications
      Starting test: NCSecDesc
        ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
        ......................... SERVER passed test NetLogons
      Starting test: Advertising
        ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
        ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
        ......................... SERVER passed test RidManager
      Starting test: MachineAccount
        ......................... SERVER passed test MachineAccount
      Starting test: Services
            NtFrs Service is stopped on [SERVER]
        ......................... SERVER failed test Services
      Starting test: ObjectsReplicated
        ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
        ......................... SERVER passed test frssysvol
      Starting test: frsevent
        ......................... SERVER passed test frsevent
      Starting test: kccevent
        ......................... SERVER passed test kccevent
      Starting test: systemlog
        An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 05/03/2008  07:58:32
            (Event String could not be retrieved)
        ......................... SERVER failed test systemlog
      Starting test: VerifyReferences
        ......................... SERVER passed test VerifyReferences
 
  Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
        ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... ForestDnsZones passed test CheckSDRefDom
 
  Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
        ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... DomainDnsZones passed test CheckSDRefDom
 
  Running partition tests on : Schema
      Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom
 
  Running partition tests on : Configuration
      Starting test: CrossRefValidation
        ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... Configuration passed test CheckSDRefDom
 
  Running partition tests on : home
      Starting test: CrossRefValidation
        ......................... home passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... home passed test CheckSDRefDom
 
  Running enterprise tests on : home.rock
      Starting test: Intersite
        ......................... home.rock passed test Intersite
      Starting test: FsmoCheck
        ......................... home.rock passed test FsmoCheck

再次解释一下，域内还有一台windows XP SP3的客户机，可以用域帐户rock登录。只有这台英文SP2的客户机无法登录，用域管理员帐户也无法登录。

其实在之前是可以登录的，但就是无法漫游用户配置文件，所以就改成用户组模式了。今天又试着改成域模式，就出现了无法登录的情况了。

在域控制器安全策略的用户权利分配的允许在本地登录里添加了Domain User组
在客户端的本地安全策略的用户权利分配的允许在本地登录里也添加了Domain User组

你把这2个权力分配删了试试吧。感觉你设得有问题。domain users怎么能本地登陆呢？

引用: 原帖由 rock6626 于 2008-5-3 9:02:00 发表 再次解释一下，域内还有一台windows XP SP3的客户机，可以用域帐户rock登录。只有这台英文SP2的客户机无法登录，用域管理员帐户也无法登录。 其实在之前是可以登录的，但就是无法漫游用户配置文件，所以就改成用户组模式了。今天又试着改成模式，就出现了无法登录的情况了。

你这里的用户组模式是什么意思？？？

又试着改成模式又是什么意思？？？

试试看把PC迁回workgroup组再加入域试试，那2条安全策略应该不影响域登陆。。

退出域，在加域，就可以了