Windows server 2003 AD 全局编录失效的处理<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

                           <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />2007-12 -20  

 
故障现象
JJ的门户系统登录是在域里面认证的。客户反应,在使用过程中不时弹出一个对话框,要求对输入用户名密码。检查可能是域的问题。
JJ站点的DC已经设置成GC,但用LDPreplmon工具软件查看GC的角色没有起作用。

 
测试:
 LDP测试isGlobalCatalogReady:FALSE; (这里为FALSE,与系统设置的不符)
 
ld = ldap_open("10.1.127.12", 389);
Established connection to 10.1.127.12.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:                                                                                       
>> Dn:
       1> currentTime: 12/22/2007 12:36:55  ;
       1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=GOOD,DC=net;
       1> dsServiceName: CN=NTDS Settings,CN=JJPDC001,CN=Servers,CN=jinjie,CN=Sites,CN=Configuration,DC=GOOD,DC=net;
       5> namingContexts: DC=GOOD,DC=net; CN=Configuration,DC=GOOD,DC=net; CN=Schema,CN=Configuration,DC=GOOD,DC=net; DC=ForestDnsZones,DC=GOOD,DC=net; DC=DomainDnsZones,DC=GOOD,DC=net;
       1> defaultNamingContext: DC=GOOD,DC=net;
       1> schemaNamingContext: CN=Schema,CN=Configuration,DC=GOOD,DC=net;
       1> configurationNamingContext: CN=Configuration,DC=GOOD,DC=net;
       1> rootDomainNamingContext: DC=GOOD,DC=net;
       23> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948;
       2> supportedLDAPVersion: 3; 2;
       12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
       1> highestCommittedUSN: 1550722;
       4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
       1> dnsHostName: JJPDC001.GOOD.net;
       1> ldapServiceName: GOOD.net:jjpdc001$@GOOD.NET;
       1> serverName: CN=JJPDC001,CN=Servers,CN=jinjie,CN=Sites,CN=Configuration,DC=GOOD,DC=net;
       3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
       1> isSynchronized: TRUE;
       1> isGlobalCatalogReady:FALSE;

       1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
       1> forestFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
       1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
 
处理过程

  对JJDC进行全备份;

  修改注册表,增添红色方框的内容
  修改后立即用LDP测试,结果还是isGlobalCatalogReady:FALSE;

        重新启动DC服务器(一定要重新启动)

  
LDP测试
            isGlobalCatalogReady:TRUE;(变成TRUE了)

 

经过这样处理,门户系统再也不出现认证对话框了