hotonsell |
Wysłany: Pią 13:10, 05 Lis 2010 Temat postu: ghd straightener Moved from the original log space |
|
Today, PDC crashed 2007-03-15 12:55:25
not been here a long time, has been busy in clearing the virus within the network and maintenance.
this morning said that many users can not access the internal network, and after examination found unreasonable PING DNS server, and that is the server being down, went to restart the engine room. But after a reboot, or unreasonable as PING, ARP addresses began to suspect there is cheating, using MAC address scan found no abnormalities,ghd straightener, began to sweat out the back. Then more and more users within the network called to say can not access.
my DNS server and the PDC here is on the same machine, this machine also has a COM + services. The machine hung up, the unit will not run in a lot of business up. Now profusely.
better done before a backup DNS server, by RTX broadcast to all internal network users to manually add a backup DNS server address. Recovered along with the Internet. But no more than 5 minutes, and someone called to say can not get online, do a backup DNS server is also wrong? It was found by scanning the machine's IP address to replace the backup DNS server address, causing IP address conflicts. Profusely. Rushed to grab the address with that station machine. 2 minutes later, the Internet resumed.
Internet access is restored, problems began to slowly check that the server platform, and 30 minutes of test results, to give up this machine, with VM rebuilding a DC out. Inspection process and tried to reinstall the IP protocol network card driver.
busy now, one would then write
PDC crashed today 22007-03-16 10:29:50
first and then I wrote yesterday to talk about here, the topological I here the domain is composed of two DC, PDC is WIN2000ADSIP is XXX200, BDC is WIN2003EESIP is XXX201, linked to the machine 200. I build a new W2K3 VM in the mirror, and then changed his name to the name of the original PDC, IP has changed to 200, and then promoted to domain controller, error, say that there exists a same machine, try a lot of times, or useless, and finally he added to the domain first, and then successfully exit the domain, and then the AD at the BDC computer and forced to delete 200 user management inside the machine. Finally, the new 200 was finally promoted to domain controller. Then add the DNS service, COM + services and IIS services. After installation of IIS service that requires authentication to open a Web page. Through multiple reinstall IIS, and the problem is still there, finally found a newly installed 2003SER can not add new users to the area, so the IIS default ISUE_XXX not add the user. Khan and down. Finally, find online proxy server, IIS, found a tool called NETBOX, follow the instructions to configure successfully. 16:45 pm has been basically completed the afternoon return to work.
arp spoofing, annoying ah. 2007-03-16 10:33:06
is now recognized within the network is the network does not normally cause the arp spoofing. (The following are Links) appreciation, \
1, Antiarp software download
2, NbtScan 1.5.1 software download
issues related to handling of ARP virus description:
failure phenomenon: the machine used to be normal access to the Internet, suddenly there can be certified , the phenomenon can not access (can not ping through the gateway), restart the machine or run the command in the MSDOS window, ARP-d after the resumption of the Internet can be for some time.
Failure: This is the result of spoofing attacks the virus APR.
cause of the problem is usually carried by the legendary ARP plug Trojan attacks. When using the plug in the LAN, the plug of the virus in the machine's MAC address will be mapped to the gateway's IP address, to send a large number of ARP packets within the LAN, thus resulting in the same segment address mistook the other machines within As a gateway, which is why the network is interconnected when dropped, the computer can not access reasons.
temporary processing measures:
step one. are able to go online, enter the MS-DOS window, enter the command: arp? a view corresponding to the correct gateway IP MAC address, to record it.
Note: If you have not Internet access, you first run a command arp? d will delete the contents of the arp cache space, the computer may be temporarily restored the Internet (if you do not stop, then attack ), once able to access the network immediately cut off (disable the card or unplug the network cable), then run the arp? a.
Step II. If you already have the correct MAC address of the gateway, the Internet can not,2010-10-20, the hand will be the gateway IP and MAC binding correctly, can ensure that your computer will not be attacked in. Hand-bound in the MS-DOS window, run the following command: arp? S Gateway IP Gateway MAC
example: Suppose the segment in which gateway computer is 218.197.192.254, the local address is 218.197 .192.1 running on your computer arp? a then output as follows:
C: \ Documents and Settings> arp-a
Interface: 218.197.192.1 --- 0x2
Internet Address Physical Address Type
218.197.192.254 00-01-02-03-04-05 dynamic
which is the gateway 218.197.192.254 00-01-02-03-04-05 corresponding MAC address, the type is dynamic ( dynamic), and therefore can be changed.
after being attacked, and then the command, you will find that the MAC has been replaced by attacks on the machine MAC, if you want to find out the attack machine, the complete eradication of attacks, the MAC can be recorded at this time, Find prepare for the future.
hand-bound command:
arp? s 218.197.192.254 00-01-02-03-04-05
binding finish, reusable arp? a View arp cache,
C: \ Documents and Settings> arp-a
Interface: 218.197.192.1 --- 0x2
Internet Address Physical Address Type
218.197.192.254 00-01-02-03 - 04-05 static
Then, type into a static (static), will not be further attacks on impact. However, a description is bound to hand off the computer will reboot after the failure, need to bind. Therefore, to the complete eradication of attack, only to find out the virus infected computer network segment to make it anti-virus, be resolved. Computer methods to identify virus:
If you already have the MAC address of the computer virus can be used to identify network segment NBTSCAN software with the MAC address of the corresponding IP, the IP address of the computer virus can then be reported school Center closed down its network.
NBTSCAN to use:
Download nbtscan.rar to extract the hard disk and then copy the cygwin1.dll and nbtscan.exe two documents to the c: \ windows \ system32 (or system), enter MSDOS window can enter the command:
nbtscan-r 218.197.192.0/24 (assuming the machine in which the segment is 218.197.192, mask 255.255.255.0; the actual use of the command, should be in italics to the right segment).
Note: Use nbtscan, sometimes because some firewall software installed on the computer, nbtscan output was incomplete, but the arp cache in the computer was able to respond, so use nbtscan, you can also simultaneously view the arp cache network segment can be more complete IP and MAC computer correspondence.
add:
Anti ARP Sniffer instructions
a functional description:
use Anti ARP Sniffer technology can prevent the use of ARP data intercept and prevent the use of ARP packets for sending the data packet address conflicts.
Second, the use of:
1, ARP spoofing:
enter the gateway IP address, Click [access gateway mac address] will show the gateway's MAC address. Click the [Auto-Protect] to protect the current communications network card and the gateway will not be a third party monitoring.
Note: In case of ARP spoofing tips, indicating that the attacker sends a packet to ARP spoofing packets for the network card, if you want to track the attacker remember the source of attack the MAC address, MAC address using IP scanner can identify the corresponding MAC address.
2, IP address conflicts
first click on \
such as IP address conflicts occur frequently, indicating that ARP spoofing attacks are frequently sent packets, IP conflicts appear warning, the use of Anti ARP Sniffer can prevent such attacks.
First you need to know the MAC address conflicts, Windows will log these errors. View the specific methods are as follows:
Right-click [My Computer ]-->[ Management] -> click on the [Event Viewer] -> click [System ] -> View Source to [TcpIP ]---> double-click the event displayed the address conflict can be seen, and record the MAC address, please copy the MAC address and fill in the Anti ARP Sniffer local MAC address entry (please note that will: convert -), the input is complete click on the [protection address conflicts], in order to disable the MAC address of entry into force of the local network card and then enable the card, the command line, type in CMD Ipconfig / all, see the current MAC address is MAC address with the local MAC address matches the input box, if the change fails, please contact me. If successful, will no longer display the address conflict.
Note: If you want to restore the default MAC address, click [Restore Defaults], in order to take effect, disable the local MAC address and then enable the network adapter card.
Windows 2000/XP tested!
qq2007-03-23 16:30:59
100MSDCF
my daughter. Last month, the PDC down
machine, today made a field re-allocation of roles 2007-04-09 12:48:35
the PDC goes down, how much better the servers have been before Upgrade to the backup domain. So I just SERVER2003 newly installed after the upgrade to a domain controller. This process is very smooth. But subsequently found not to add new users, the new DC also can not install IIS, (in fact, can not be created for internal network access account.) Thought is to rebuild the DC itself is a problem, today you are free to build one. This problem can not be created is also building users. Error prompt \Suspected by the FSMO role of chaos system.
found Mr. Huang Yihui wrote, \That I should be in the old PDC is down after upgrading PDC BDC is not specified, caused. In accordance with the above mentioned ntdsutil.exe command that use manual recovery.
attached to the original:
multi-domain controller environment, Active Directory Disaster Recovery
Abstract This paper describes the environment in a multi-domain controller, primary domain controller due to hardware failure suddenly damage, but they did not do a backup beforehand, how to make an additional domain controller take over its work, so that normal operation of Active Directory, and fix the hardware, how to restore the damaged primary domain controller.
directory
Active Directory operations master role in environmental analysis outlined
removed from the AD domain controller DC-01.test.com primary object
by the additional domain controller ntdsutil.exe tool performs operation
set to win five FMSO additional domain controller for the GC (Global Catalog)
reinstall and restore the damage with the primary domain controller
: for the detection of AD in the five operations master the role of the script introduced
reference information
one, Active Directory operations master roles outlined
Active Directory defines five operations master roles (also known as FSMO):
Schema Master schema master,
domain naming master domain naming master
relative identifier (RID) master RID master
primary domain controller emulator (PDCE)
infrastructure master and each infrastructure master
the burden of operations master roles different jobs, have different functions:
schema master DC has the schema master role can update the directory structure is the only DC. The schema updates will be copied from the forest schema master to all other domain controllers. Schema Master is based on the forest, the forest is only one schema master.
with the domain naming master domain naming master role can perform the following tasks DC is the only DC:
add new fields to the forest.
from the forest to delete the existing domain.
description of the external directory to add or remove cross-reference objects.
relative ID (RID) operations master host
The DC is responsible for distribution to other RID pool. Only one server to perform this task. Create a security principal (such as a user,
group, or computer), you need to RID identifiers within the domain are combined to create a unique security identifier (SID). Each
Windows 2000 DC will receive the RID pool is used to create the object (the default is 512). RID master pools by assigning a different ID to ensure that these
on each DC are unique. Through the RID master, but also in the same forest all the objects to move between different domains.
domain naming master is based on the forest, the forest is only one domain naming master. Relative ID (RID) master is based on the domain, each domain in the forest has its own relative identifier (RID) master
PDCE
primary domain controller emulator provides the following key features:
backward compatible low-level client and server, allowing Windows NT4.0 backup domain controller (BDC) to the new Windows 2000 environment. Native Windows 2000 environment will be forwarded to the password change PDCE. Verify the password every time after the failure of DC, it will get in touch with the PDCE to see where the password can be verified, and perhaps the reason is that the password change has not been replicated to verify the DC.
time synchronization in all domains in the forest and forest PDCE are the root domain to synchronize PDCE.
PDCE is based on the domain, each domain in the forest has its own PDCE.
infrastructure master
infrastructure to ensure that all inter-domain operations master object consistency. When an object reference to another domain, this reference contains the object's
globally unique identifier (GUID), security identifier (SID) and the distinguished name (DN). If the referenced object moves,columbia men jacket, the bear in the domain structure of the host role
when DC will be responsible for updating the cross-domain object reference in the domain SID and DN.
is based on the infrastructure master domain, every forest has its own infrastructure domain host
default, these five FMSO exist in the first forest root domain DC (primary domain controller) , while the sub-domain relative identification number (RID) master, PDCE, the infrastructure exists in the sub-domain hosting the first DC.
Second, the environmental analysis
company Test.com (virtual) have a primary domain controller DC-01.test.com,ugg classic mini, there is one additional domain controller DC-02.test.com. Is the primary domain controller (DC-01.test.com) suddenly damaged due to hardware failure, there is no DC-01.test.com prior system state backup, no way to repair the primary domain controller through the back (DC-01.test . com), how do we make an additional domain controller (DC-02.test.com) substitute the primary domain controller, so Acitvie Directory to continue normal operation, and damage to the primary domain controller hardware fix,spyder jackets, how to make damaged restore the primary domain controller.
If your first DC is broken, there are additional domain controller correctly,monster headset, you need a additional domain controller to win the five FMSO, and the need for the additional domain controller to GC.
III AD removed from the primary domain controller DC-01.test.com object
3.1 of the additional domain controller (DC-02.test.com) on the main tool through ntdsutil.exe domain controller (DC-01.test.com) to remove from AD;
c:> ntdsutilntdsutil: metadata cleanupmetadata cleanup: select operation targetselect operation target: connectionsserver connections: connect to domain test.comselect operation target: list sitesFound 1 site (s) 0 - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comselect operation target: select site 0Site - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comNo current domainNo current serverNo current Naming Contextselect operation target: List domains in siteFound 1 domain (s) 0 - DC = test, DC = comFound 1 domain (s) 0 - DC = test, DC = comselect operation target: select domain 0Site - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comDomain - DC = test, DC = comNo current serverNo current Naming Contextselect operation target: List servers for domain in siteFound 2 server (s) 0 - CN = DC-01, CN = Servers, CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = com1 - CN = DC-02, CN = Servers, CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comselect operation target: select server 0select operation target: quitmetadata cleanup: Remove selected server dialog box appears,louboutin boot An old Chinese medicine prescriptio, click \metadata cleanup: quitntdsutil: quit
3.2 using ADSI EDIT tool to remove the Active Directory users and computers in the Domain controllers in the DC-01 server object,
ADSI EDIT is the Windows 2000 support tools in the tools you need to install Windows 2000 support tool, windows 2000 installation CD in the support \ tools directory. Open the ADSI EDIT tool, expand Domain NC [DC-02.test.com], expand OU = Domain controllers, right-click CN = DC-01, and then select Delete, to remove the DC-01 server object, as shown in Figure 1:
3.3 in the Active Directory Sites and Service DC-01 to remove the server object
open the Administrative tools in the Active Directory Sites and Service, expand Sites, expand Default-First-Site-Name, expand Servers, right-click the DC-01, Select Delete, click the Yes button, as shown in Figure 2:
Fourth, the additional domain controller to win by five FMSO ntdsutil.exe tool to perform operations
c:> ntdsutilntdsutil: rolesfsmo maintenance: Select operation targetselect operation target: connectionsserver connections: connect to domain test.comselect operation target: list sitesFound 1 site (s) 0 - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comselect operation target: select site 0Site - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comNo current domainNo current serverNo current Naming Contextselect operation target: List domains in siteFound 1 domain ( s) 0 - DC = test, DC = comselect operation target: select domain 0Site - CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comDomain - DC = test, DC = comNo current serverNo current Naming Contextselect operation target: List servers for domain in siteFound 1 server (s) 0 - CN = DC-02, CN = Servers, CN = Default-First-Site-Name, CN = Sites, CN = Configuration, DC = test, DC = comselect operation target: select server 0select operation target: quitfsmo maintenance: Seize domain naming master dialog box appears, click \dialog box appears, click \when online operation, if the original FSMO online, you need to use the Transfer operation)
five, set an additional control (DC-02.test.com) for the GC (Global Catalog)
open the Administrative Tools in the Active Directory Sites and Services, expand Sites, expand Default-First-Site-Name, expand Servers, expand the DC-02.test.com (extra controller), right-click NTDS Settings select Properties, then on the \tick, click \
six, reinstall and restore the damage to the primary domain controller
DC-01.test.com repaired after damage to the hardware in the DC-01.test.com server re-install Windows 2000 Server, install the After a good Windows 2000 Server, and then rose into the running Dcpromo additional domain controller; If you need to make the DC-01.test.com as five FMSO role ntdsutil tools through role reversal, the Transfer operation on the line (caution: by Seize). And through the Active Directory Sites and Services to set DC-01.test.com as GC, cancel DC-02.test.com the GC function.
recommended not to domain naming master RID master on a DC, while the domain naming master must also GC.
laws: for the detection of the five operations master roles in AD script
give us a script for the detection of the five FSMO roles in AD, the following code, save it as FSMO.VBS, and then execute it.
Set ōbjRootDSE = GetObject (\= objSchema.Get (\; objComputer.Name & vbCrLf Set ōbjNtds = NothingSet ōbjComputer = Nothing 'Domain Naming MasterSet ōbjPartitions = GetObject (\Get (\; objComputer.Name & vbCrLf Set ōbjNtds = NothingSet ōbjComputer = Nothing 'PDC EmulatorSet ōbjDomain = GetObject (\ Set ōbjNtds = GetObject (\ōbjNtds = NothingSet ōbjComputer = Nothing 'RID MasterSet ōbjRidManager = GetObject (\; fSMORoleOwner \vbCrLf Set ōbjNtds = NothingSet ōbjComputer = Nothing 'Infrastructure MasterSet ōbjInfrastructure = GetObject (\Set ōbjNtds = GetObject (\& vbCrLf & \> Huang Yihui (coolnetboy@hotmail.com), holds MCSE, MCDBA certificate, good at Windows 2000,vibram five fingers kso, AD, Exchange 2000 Server, ISA 2000 Server, SQL Server and other systems planning, deployment and management. |
|