Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

FRS logs Y tráfico al controlador de dominio

08/02/2007 - 16:33 por edus | Informe spam
Ayuda Hacer una pregunta
Revisando los logs en el controlador de dominio encuentro lo
siguiente. Alguien puede darme una mano con el significado de estos
warnings y errores??



<FrsDsGetSysvolOutboundCxtions: 1276: 2869: S1: 22:27:24> :DS: WARN -
No sysvol outbound connections found for member cn=ntds
settings,cn=skywalker,cn=servers,cn=default-first-site-
name,cn=sites,cn=configuration,dc=relprov,dc=mecon,dc=ar!

<FrsDsGetSysvolInboundCxtions: 1276: 2706: S1: 22:27:24> :DS: WARN -
No sysvol inbound connections found for object cn=ntds
settings,cn=skywalker,cn=servers,cn=default-first-site-
name,cn=sites,cn=configuration,dc=relprov,dc=mecon,dc=ar!

<FrsOpenSourceFileById: 3612: 3372: S0: 16:35:53> ++ ERROR -
NtCreateFile failed : NTStatus: STATUS_INVALID_PARAMETER

<FrsRegOpenKey: 3500: 2341: S0: 17:31:14> :FK: ERROR
- Access Check failed on System\CurrentControlSet\Services\NtFrs
\Parameters\Access Checks\Get Internal Information; WStatus:
ERROR_ACCESS_DENIED

<FrsRpcAccessChecks: 3500: 845: S0: 17:31:14> ++ ERROR -
API Access check failed for API (Get Internal Information) :Default
(Full Control) WStatus: ERROR_ACCESS_DENIED

<FrsReportEvent: 3500: 696: S1: 17:31:14> :E: WARN -
Cannot register event source; WStatus: ERROR_ACCESS_DENIED

<FrsPrintEvent: 3500: 614: S0: 17:31:14> :E:
Eventlog written for EVENT_FRS_ACCESS_CHECKS_FAILED_USER (13518)
severity: Warn at: Mar, Feb 06 2007 17:31:14

<FrsRpcAccessChecks: 3500: 845: S0: 17:31:15> ++ ERROR -
API Access check failed for API (Get Internal Information) :Default
(Full Control) WStatus: ERROR_ACCESS_DENIED





TAMBIEN ENCONTRE SNIFFEANDO LA COMUNICACIÓN ENTRE DC Y CLIENTE LO
SIGUIENTES PAQUETES EXTRAÑOS






No. Time Source
Destination Protocol Info
10 2007-02-01 14:59:58.308795 10.12.8.241
10.9.10.90 SMB Trans2 Response, GET_DFS_REFERRAL,
Error: STATUS_NOT_FOUND

Frame 10 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
HewlettP_65:c3:55 (00:16:35:65:c3:55)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.10.90
(10.9.10.90)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1483 (1483), Seq: 562, Ack: 846, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 9
Time from request: 0.009812000 seconds
SMB Command: Trans2 (0x32)
NT Status: STATUS_NOT_FOUND (0xc0000225)
Flags: 0x98
Flags2: 0xc807
Process ID High: 0
Signature: 26C273C7D851F454
Reserved: 0000
Tree ID: 16390
Process ID: 4
User ID: 22530
Multiplex ID: 512
Trans2 Response (0x32)

No. Time Source
Destination Protocol Info
15 2007-02-01 14:59:58.311512 10.9.10.90
10.12.8.241 SMB NT Create AndX Request, Path:
elprov.mecon.ar\Policies\{3E719607-FED0-4C8D-89AD-6CB48AE0177D}
\gpt.ini

Frame 15 (290 bytes on wire, 290 bytes captured)
Ethernet II, Src: HewlettP_65:c3:55 (00:16:35:65:c3:55), Dst: All-HSRP-
routers_04 (00:00:0c:07:ac:04)
Internet Protocol, Src: 10.9.10.90 (10.9.10.90), Dst: 10.12.8.241
(10.12.8.241)
Transmission Control Protocol, Src Port: 1483 (1483), Dst Port:
microsoft-ds (445), Seq: 1298, Ack: 793, Len: 236
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 16
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: AFCA0FE1FFC711D8
Reserved: 0000
Tree ID: 22533
Process ID: 576
User ID: 22530
Multiplex ID: 704
NT Create AndX Request (0xa2)

No. Time Source
Destination Protocol Info
16 2007-02-01 14:59:58.312516 10.12.8.241
10.9.10.90 SMB NT Create AndX Response, Error:
STATUS_ACCESS_DENIED

Frame 16 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
HewlettP_65:c3:55 (00:16:35:65:c3:55)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.10.90
(10.9.10.90)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1483 (1483), Seq: 793, Ack: 1534, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 15
Time from request: 0.001004000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_ACCESS_DENIED (0xc0000022)
Flags: 0x98
Flags2: 0xc807
Process ID High: 0
Signature: AB02181AA1383377
Reserved: 0000
Tree ID: 22533
Process ID: 576
User ID: 22530
Multiplex ID: 704
NT Create AndX Response (0xa2)


TAMBIEN ENCUENTRO MUCHOS DE ESTOS PAQUETES



o. Time Source
Destination Protocol Info
45 2007-02-01 15:02:59.335282 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 45 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:57:19 (00:0d:60:a8:57:19)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.15.184
(10.9.15.184)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1284 (1284), Seq: 30071, Ack: 4378, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
46 2007-02-01 15:02:59.335377 10.12.8.241
10.9.6.69 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 46 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:36:5e (00:0d:60:a8:36:5e)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.6.69
(10.9.6.69)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1163 (1163), Seq: 30745, Ack: 3508, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
47 2007-02-01 15:02:59.337375 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 47 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:57:19 (00:0d:60:a8:57:19)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.15.184
(10.9.15.184)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1284 (1284), Seq: 30110, Ack: 4560, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
48 2007-02-01 15:02:59.341069 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND
email Siga el debateRespuesta 5 respuestasRespuesta Tengo una respuesta
DRAGON AGE™: INQUISITION – Matadragones
 

Leer las respuestas

#1 Javier Inglés [MS MVP]
08/02/2007 - 16:37 | Informe spam
Empeiza revisando esto:

Uso de herramientas de diagnóstico para un Controlador de Dominio
http://www.microsoft.com/spain/tech...s_mvp.mspx


Salu2!!
Javier Inglés
https://mvp.support.microsoft.com/p...B5567431B0
MS MVP, Windows Server-Directory Services



"edus" escribió en el mensaje
news:
Revisando los logs en el controlador de dominio encuentro lo
siguiente. Alguien puede darme una mano con el significado de estos
warnings y errores??



<FrsDsGetSysvolOutboundCxtions: 1276: 2869: S1: 22:27:24> :DS: WARN -
No sysvol outbound connections found for member cn=ntds
settings,cn=skywalker,cn=servers,cn=default-first-site-
name,cn=sites,cn=configuration,dc=relprov,dc=mecon,dc=ar!

<FrsDsGetSysvolInboundCxtions: 1276: 2706: S1: 22:27:24> :DS: WARN -
No sysvol inbound connections found for object cn=ntds
settings,cn=skywalker,cn=servers,cn=default-first-site-
name,cn=sites,cn=configuration,dc=relprov,dc=mecon,dc=ar!

<FrsOpenSourceFileById: 3612: 3372: S0: 16:35:53> ++ ERROR -
NtCreateFile failed : NTStatus: STATUS_INVALID_PARAMETER

<FrsRegOpenKey: 3500: 2341: S0: 17:31:14> :FK: ERROR
- Access Check failed on System\CurrentControlSet\Services\NtFrs
\Parameters\Access Checks\Get Internal Information; WStatus:
ERROR_ACCESS_DENIED

<FrsRpcAccessChecks: 3500: 845: S0: 17:31:14> ++ ERROR -
API Access check failed for API (Get Internal Information) :Default
(Full Control) WStatus: ERROR_ACCESS_DENIED

<FrsReportEvent: 3500: 696: S1: 17:31:14> :E: WARN -
Cannot register event source; WStatus: ERROR_ACCESS_DENIED

<FrsPrintEvent: 3500: 614: S0: 17:31:14> :E:
Eventlog written for EVENT_FRS_ACCESS_CHECKS_FAILED_USER (13518)
severity: Warn at: Mar, Feb 06 2007 17:31:14

<FrsRpcAccessChecks: 3500: 845: S0: 17:31:15> ++ ERROR -
API Access check failed for API (Get Internal Information) :Default
(Full Control) WStatus: ERROR_ACCESS_DENIED





TAMBIEN ENCONTRE SNIFFEANDO LA COMUNICACIÓN ENTRE DC Y CLIENTE LO
SIGUIENTES PAQUETES EXTRAÑOS






No. Time Source
Destination Protocol Info
10 2007-02-01 14:59:58.308795 10.12.8.241
10.9.10.90 SMB Trans2 Response, GET_DFS_REFERRAL,
Error: STATUS_NOT_FOUND

Frame 10 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
HewlettP_65:c3:55 (00:16:35:65:c3:55)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.10.90
(10.9.10.90)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1483 (1483), Seq: 562, Ack: 846, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 9
Time from request: 0.009812000 seconds
SMB Command: Trans2 (0x32)
NT Status: STATUS_NOT_FOUND (0xc0000225)
Flags: 0x98
Flags2: 0xc807
Process ID High: 0
Signature: 26C273C7D851F454
Reserved: 0000
Tree ID: 16390
Process ID: 4
User ID: 22530
Multiplex ID: 512
Trans2 Response (0x32)

No. Time Source
Destination Protocol Info
15 2007-02-01 14:59:58.311512 10.9.10.90
10.12.8.241 SMB NT Create AndX Request, Path:
elprov.mecon.ar\Policies\{3E719607-FED0-4C8D-89AD-6CB48AE0177D}
\gpt.ini

Frame 15 (290 bytes on wire, 290 bytes captured)
Ethernet II, Src: HewlettP_65:c3:55 (00:16:35:65:c3:55), Dst: All-HSRP-
routers_04 (00:00:0c:07:ac:04)
Internet Protocol, Src: 10.9.10.90 (10.9.10.90), Dst: 10.12.8.241
(10.12.8.241)
Transmission Control Protocol, Src Port: 1483 (1483), Dst Port:
microsoft-ds (445), Seq: 1298, Ack: 793, Len: 236
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 16
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: AFCA0FE1FFC711D8
Reserved: 0000
Tree ID: 22533
Process ID: 576
User ID: 22530
Multiplex ID: 704
NT Create AndX Request (0xa2)

No. Time Source
Destination Protocol Info
16 2007-02-01 14:59:58.312516 10.12.8.241
10.9.10.90 SMB NT Create AndX Response, Error:
STATUS_ACCESS_DENIED

Frame 16 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
HewlettP_65:c3:55 (00:16:35:65:c3:55)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.10.90
(10.9.10.90)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1483 (1483), Seq: 793, Ack: 1534, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 15
Time from request: 0.001004000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_ACCESS_DENIED (0xc0000022)
Flags: 0x98
Flags2: 0xc807
Process ID High: 0
Signature: AB02181AA1383377
Reserved: 0000
Tree ID: 22533
Process ID: 576
User ID: 22530
Multiplex ID: 704
NT Create AndX Response (0xa2)


TAMBIEN ENCUENTRO MUCHOS DE ESTOS PAQUETES



o. Time Source
Destination Protocol Info
45 2007-02-01 15:02:59.335282 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 45 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:57:19 (00:0d:60:a8:57:19)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.15.184
(10.9.15.184)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1284 (1284), Seq: 30071, Ack: 4378, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
46 2007-02-01 15:02:59.335377 10.12.8.241
10.9.6.69 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 46 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:36:5e (00:0d:60:a8:36:5e)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.6.69
(10.9.6.69)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1163 (1163), Seq: 30745, Ack: 3508, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
47 2007-02-01 15:02:59.337375 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Frame 47 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Cisco_2d:d8:00 (00:11:bc:2d:d8:00), Dst:
Ibm_a8:57:19 (00:0d:60:a8:57:19)
Internet Protocol, Src: 10.12.8.241 (10.12.8.241), Dst: 10.9.15.184
(10.9.15.184)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1284 (1284), Seq: 30110, Ack: 4560, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)

No. Time Source
Destination Protocol Info
48 2007-02-01 15:02:59.341069 10.12.8.241
10.9.15.184 SMB Trans2 Response<unknown>, Error:
STATUS_OBJECT_NAME_NOT_FOUND

Preguntas similares

 

Busqueda sugerida :