Escolar Documentos
Profissional Documentos
Cultura Documentos
1: Define The Problem Precisely state what the problem is and what it isnt
No Troubleshoot From The Wire Up. Physical, network, name resolution, OS, authentication/ authorization, application
2: Gather Detailed Information What doesnt work? What does work? What changed? Do others have this problem?
Have you exhausted the most likely (i.e. Occams) causes? 5: Observe The Test Results
6: Success? 3: Consider Probable Cause For The Failure Yes 8: Document Changes Hold post mortem, update production docs
No
End
Wire
Trust Errors?
Network
Name Resoluti on
Is this a Client?
End A
DC experiencing Error
DS Replication?
Network Issues
Windows XP? Y
Success?
Check subnet mask and default gateway DHCP client & 169.254.x.x IP address? N Y
Success?
Y N Confirm Host IP, Subnet / DG, DNS config Not receiving IP address from DHCP
Network Troubleshooting
Y Does the clients DNS server respond to pings? DNS Server Problem (already passed network tests) Check SRV records for the domain (nslookup -q=srv _ldap._tcp.dc._msdcs.<FQDN>)
N N Y
Return
AD Service Troubleshooting
Kerberos Errors?
Netlogon event?
SceCli Event?
Sysvol?
On Your Own!
NTDS Replication?
N N Y AD Database Troubleshooting Replication Issues Did that fix the problem? N On Your Own!
NTDS General?
N On Your Own! N
Global Catalog?
Y End
AD Service Troubleshooting
Client-DC Troubleshooting
Slow logon?
Kerberos Issues
Y N Fix it!
On Your Own!
Success?
Success?
End
Rejoin to domain
Replication Issues
Y Fail any primary tests?
Y Verify site topology (all sites connected by site links, site bridging disabled or accounted for, etc.) Trigger replication with failed partner (repadmin /replicate for single partner, or repadmin /syncall for all partners)
Run verbose failed test (DCDIAG /TEST:<test> /V) & correct problem(s)
Check this (target) DCs DNS configuration (dcdiag /test:dns /v) & correct errors
Y Kerberos Issues Y
Serious errors?
Server OS Issues
Did that fix the problem? Y N Check the source DCs OS and DS
Any other DCs not getting updates from the source DC?
Run DCDIAG
N Y
N Check source DCs DNS configuration (dcdiag /test:dns /v) & correct errors
AD Replication Troubleshooting
AD Database Troubleshooting
Success? Y Windows 2008? Y Net Stop NTDS Perform database recovery: NTDSUTIL, FILES, RECOVER Rebuild
End
Success? Run semantic database analysis with fixup: NTDSUTIL, SEMANTIC DATABASE ANALYSIS, VERBOSE ON, GO FIXUP N Y
Y Run semantic database analysis: NTDSUTIL, SEMANTIC DATABASE ANALYSIS, VERBOSE ON, GO
Success?
Recoverable Errors?
AD Database Troubleshooting
Y Y
Check: - Security Filtering - Disabled GPO - Inaccessible Data - Empty GPO - WMI Filter
Check: - GPO Inheritance - Replication - Group Policy Refresh - Asynchronous Processing - Client Side Extensions - Loopback Processing
Check: - Replication - Group Policy Refresh -Operating System Support - Slow Link
End
Kerberos Issues
Y Match passwords between NT & Unix See NTLM Fallback in Troubleshooting Kerberos Errors document
Have a TGT?
Y Y
SPN Issue?
Examine system log to determine why you cant get a session ticket
Setspn.exe
End
Kerberos Troubleshooting
http://go.microsoft.com/fwlink/?LinkId=23043