Shulou(Shulou.com)05/31 Report--

This article introduces the solution of Windows Server 2008 R2 group policy error reporting, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Earlier, we introduced the combination of group policy and desktop management to protect user data security. In fact, in Windows Server 2008 R2, Microsoft has added more than 1000 Windows Server 2008 R2 and Windows 7 unique group policy objects and a number of new components to expand the core capabilities of Windows active directory group policy management. However, the basic functions of Group Policy remain unchanged, but there are more options and settings. The following event is a problem that occurs when Windows 2003 and Windows 2008 domain controllers coexist in my daily work.

Here's what happened:

The company needs to switch the existing Windows Server 2003 domain environment to the Windows Server 2008 R2 domain environment, so it needs to upgrade the domain by gradually adding Windows Server 2008 to the existing environment to replace the existing Windows Server 2003 domain controller to provide services.

Just as I happily promoted Windows Server 2008 R2 to a domain controller and grabbed five FSMO to become GC, the problem came.

Environment Topology:

Question:

After the Windows Server 2008 domain controller is installed and officially launched, the following errors are constantly reported in the event Viewer:

Seeing this error, I was shocked: it wasn't the new features added by Windows Server 2008 that made it incompatible with Windows Server 2003, was it?

The details tab in the viewing prompt is as follows:

# div_code img {border:0px }!-- Code highlighting produced by Actipro CodeHighlighter (freeware)-- >-System-Provider [Name] Microsoft-Windows-GroupPolicy [Guid] {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9} EventID 1006 Version 0 Level 2 Task 0 Opcode 1 Keywords 0x8000000000000000-TimeCreated [SystemTime] 2009-06-02T05:52:00.756Z EventRecordID 1294-Correlation [ActivityID] {61BEE069-2BC8-4CB5-87B5-FE33D9A1495D}-Execution [ProcessID] 272 [ThreadID] 3152 Channel System Computer XXX- Security [UserID] S Mel 1-5-18-EventData SupportInfo1 1 SupportInfo2 4934 ProcessingMode 0 ProcessingTimeInMilliseconds 6022 ErrorCode 81 ErrorDescription server is not working DCName

After looking at the details, I seem to have some clues. The ErrorDescription server is not working. Guess maybe it is because of the DNS parsing problem?

Switch to the directory service and find the following warning message:

# div_code img {border:0px;}!-- Code highlighting produced by Actipro CodeHighlighter (freeware)

In the past 24 hours, some clients have tried to perform the following types of LDAP bindings:

(1) SASL (negotiated, Kerberos, NTLM or abstract) LDAP binding that does not request a signature (integrity verification), or

(2) simple LDAP binding performed on plaintext (non-SSL/TLS encrypted) connections

This directory server is not currently configured to reject such bindings. The security of this directory server can be significantly enhanced by configuring it to reject such bindings. More information about how to make this configuration change to the server.

The summary information received in the past 24 hours about the number of these bindings is as follows.

You can enable other logging to log an event each time a client makes such a binding, including information about which client makes the binding. To do this, increase the setting of the LDAP interface event logging category to level 2 or higher.

Number of simple bindings performed without SSL/TLS: 1

Number of negotiated / Kerberos/NTLM/ summary bindings performed unsigned: 0

It seems that it still has something to do with the verification problem of LDAP, there is no way of thinking, we can only consult the great search engine.

PS: through the experience of troubleshooting search problems many times, Microsoft's official help and support center has relatively high accuracy, so it is recommended to use it when troubleshooting Microsoft product errors.

Although there is exactly the same error message, it seems to be out of tune with my question, but I can't find any other way. Do a good system backup and install the Windows Server 2003 in the domain with this KB. After restarting DCs, as I thought, the error message did not stop.

This is more in line with my idea, but suitable for non-Windows LDAP client verification problems, or a little worried, do a good backup, install KB, restart, the error is still flashing.

This is the solution to the error report of Windows Server 2008 R2 group policy. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.