尝试将VM(Windows Server 2019)加入域并将其提升为DC时遇到问题。使用DSC扩展的ARM模板正在关闭部署。这是一个模板,可同时部署两个VM并将它们配置为DC,因此它们都使用相同的凭据等。我尝试从here开始使用更新的Active Directory DSC。
我得到的错误是:
"DSC Configuration 'CreateADBDC' completed with error(s). Following are the first few: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running. PowerShell DSC resource MSFT_xADDomainController failed to execute Set-TargetResource functionality with error message: Domain 'DOMAIN.CO.UK' could not be found. The SendConfigurationApply function did not succeed
奇怪的是,我可以登录到VM并通过UI加入域,并且运行良好,同样,我可以通过UI进行推广,然后再次运行。 DNS设置正确,并且主DC是可解析的。
从我所看到的是该命令正在MSFT_xADDomainController.psm1中的“ Set-TargetResource”功能运行:
Get-ADDomain -Identity $DomainName -Credential $DomainAdministratorCredential
如果我在要升级的虚拟机上运行此命令失败,则失败的输出为:
Get-ADDomain : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running
这看起来与DSC扩展程序输出的错误非常相似,这使我想知道实际问题是否与PowerShell Active Directory模块有关。
其他信息:
DSC扩展程序段
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(variables('dc2name'), '/CreateADBDC')]",
"apiVersion": "2019-03-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', variables('dc2name'))]",
"[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('dc1name'), 'CreateADForest')]"
],
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.77",
"autoUpgradeMinorVersion": true,
"settings": {
"WMFVersion": "latest",
"configuration": {
"url": "[concat(parameters('Artifacts Location'), '/dsc/CreateADBDC.zip')]",
"script": "CreateADBDC.ps1",
"function": "CreateADBDC"
},
"configurationArguments": {
"DomainName": "[parameters('Domain Name')]",
"DNSServer": "[variables('dc1ipaddress')]"
}
},
"protectedSettings": {
"configurationArguments": {
"adminCreds": {
"UserName": "[parameters('Administrator User')]",
"Password": "[parameters('Administrator Password')]"
},
"SafeModeAdminCreds" :{
"UserName": "[parameters('Administrator User')]",
"Password": "[parameters('SafeMode Password')]"
}
},
"configurationUrlSasToken": "[parameters('Artifacts Location SAS Token')]"
}
}
}
]
CreateADBDC.ps1
configuration CreateADBDC {
Param (
# Get deployment details
[Parameter(Mandatory)]
[String]$DNSServer,
[Parameter(Mandatory)]
[String]$DomainName,
# Credentials
[Parameter(Mandatory)]
[System.Management.Automation.PSCredential]$Admincreds,
[Parameter(Mandatory)]
[System.Management.Automation.PSCredential]$SafeModeAdminCreds,
[Int]$RetryCount = 500,
[Int]$RetryIntervalSec = 3
)
Import-DscResource -ModuleName PSDesiredStateConfiguration, xStorage, xNetworking, xActiveDirectory, xPendingReboot
$Interface = Get-NetAdapter | Where-Object { $_.Name -Like "Ethernet*" } | Select-Object -First 1
[System.Management.Automation.PSCredential]$DomainCreds = New-Object System.Management.Automation.PSCredential ("${DomainName}\$($Admincreds.UserName)", $Admincreds.Password)
$features = @("AD-Domain-Services", "RSAT-ADDS-Tools", "RSAT-AD-AdminCenter")
Node localhost {
LocalConfigurationManager {
ActionAfterReboot = 'ContinueConfiguration'
ConfigurationMode = 'ApplyOnly'
RebootNodeIfNeeded = $true
}
xWaitforDisk Disk2 {
DiskNumber = 2
RetryIntervalSec = $RetryIntervalSec
RetryCount = $RetryCount
}
xDisk ADDataDisk {
DiskNumber = 2
DriveLetter = "F"
DependsOn = "[xWaitForDisk]Disk2"
}
WindowsFeatureSet Prereqs {
Name = $features
Ensure = "Present"
IncludeAllSubFeature = $true
}
xDnsServerAddress DnsServerAddress {
Address = $DNSServer
InterfaceAlias = $Interface.Name
AddressFamily = "IPv4"
DependsOn = "[WindowsFeatureSet]Prereqs"
}
xWaitForADDomain DscForestWait {
DomainName = $DomainName
DomainUserCredential = $DomainCreds
RetryCount = $RetryCount
RetryIntervalSec = $RetryIntervalSec
DependsOn = "[WindowsFeatureSet]Prereqs"
}
xADDomainController BDC {
DomainName = $DomainName
DomainAdministratorCredential = $DomainCreds
SafemodeAdministratorPassword = $SafeModeAdminCreds
DatabasePath = "F:\NTDS"
LogPath = "F:\NTDS"
SysvolPath = "F:\SYSVOL"
DependsOn = "[xWaitForADDomain]DscForestWait"
}
xPendingReboot RebootAfterPromotion {
Name = "RebootAfterDCPromotion"
DependsOn = "[xADDomainController]BDC"
}
}
}
MSFT_xADDomainController.psm1-LINK
DSC日志文件输出
VERBOSE: [2019-03-17 22:23:12Z] [VERBOSE] [DC2]: LCM: [ Start Resource ] [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ Start Test ] [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xDNSServerAddress]DnsServerAddress] Checking the DNS Server Address ...
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xDNSServerAddress]DnsServerAddress] DNS Servers are not correct. Expected 10.x.x.250, actual 10.x.x.250 10.x.x.249 8.8.8.8
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ End Test ] [[xDNSServerAddress]DnsServerAddress] in 0.7500 seconds.
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ Start Set ] [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xDNSServerAddress]DnsServerAddress] Checking the DNS Server Address ...
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xDNSServerAddress]DnsServerAddress] DNS Servers are not correct. Expected 10.x.x.250, actual 10.x.x.250 10.x.x.249 8.8.8.8
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xDNSServerAddress]DnsServerAddress] DNS Servers have been set correctly.
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ End Set ] [[xDNSServerAddress]DnsServerAddress] in 0.0940 seconds.
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ End Resource ] [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ Start Resource ] [[xWaitForADDomain]DscForestWait]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: LCM: [ Start Test ] [[xWaitForADDomain]DscForestWait]
VERBOSE: [2019-03-17 22:23:13Z] [VERBOSE] [DC2]: [[xWaitForADDomain]DscForestWait] Checking for domain DOMAIN.CO.UK ...
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: [[xWaitForADDomain]DscForestWait] Found domain DOMAIN.CO.UK
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: LCM: [ End Test ] [[xWaitForADDomain]DscForestWait] in 0.6790 seconds.
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: LCM: [ Skip Set ] [[xWaitForADDomain]DscForestWait]
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: LCM: [ End Resource ] [[xWaitForADDomain]DscForestWait]
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: LCM: [ Start Resource ] [[xADDomainController]BDC]
VERBOSE: [2019-03-17 22:23:14Z] [VERBOSE] [DC2]: LCM: [ Start Test ] [[xADDomainController]BDC]
VERBOSE: [2019-03-17 22:23:15Z] [VERBOSE] [DC2]: [[xADDomainController]BDC] Resolving 'DOMAIN.CO.UK' ...
VERBOSE: [2019-03-17 22:23:57Z] [VERBOSE] [DC2]: [[xADDomainController]BDC] Domain 'DOMAIN.CO.UK' is NOT present on the current node.
VERBOSE: [2019-03-17 22:23:57Z] Settings handler status to 'transitioning'
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.77.0.0\Status\0.status)
VERBOSE: [2019-03-17 22:23:57Z] [VERBOSE] [DC2]: LCM: [ End Test ] [[xADDomainController]BDC] in 43.2480 seconds.
VERBOSE: [2019-03-17 22:23:57Z] [VERBOSE] [DC2]: LCM: [ Start Set ] [[xADDomainController]BDC]
VERBOSE: [2019-03-17 22:23:57Z] [VERBOSE] [DC2]: [[xADDomainController]BDC] Resolving 'DOMAIN.CO.UK' ...
VERBOSE: [2019-03-17 22:24:40Z] [ERROR] Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
VERBOSE: [2019-03-17 22:24:40Z] [VERBOSE] [DC2]: [[xADDomainController]BDC] Checking if domain 'DOMAIN.CO.UK' is present ...
VERBOSE: [2019-03-17 22:25:22Z] [VERBOSE] [DC2]: LCM: [ End Set ] [[xADDomainController]BDC] in 84.3140 seconds.
VERBOSE: [2019-03-17 22:25:22Z] Settings handler status to 'transitioning'
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.77.0.0\Status\0.status)
VERBOSE: [2019-03-17 22:25:22Z] [ERROR] PowerShell DSC resource MSFT_xADDomainController failed to execute
Set-TargetResource functionality with error message: Domain 'DOMAIN.CO.UK' could not be found.
答案 0 :(得分:0)
查看模块代码xWaitForADDomain使用的是特殊功能Get-Domain,而不是Get-ADDomain cmdlet(显然会因您的情况而出错),因此您需要进行此调用(Get-ADDomain)才能正常工作在您的虚拟机上。检查Active Directory Web服务,如建议的那样?使用-debug开关
运行get-addomain答案 1 :(得分:0)
好吧,在经过大量的抓挠之后,我回到了基础知识上,我找到了罪魁祸首,看来MS忽略了其文档(link)中用于配置防火墙与AD一起使用的一个或两个端口。是的,列表中缺少ADWS(活动目录Web服务)端口。为TCP9389添加一条规则,突然之间我所有的烦恼都消失了。谢谢您的帮助。