无法联系到 Active Directory域控制器

我正在为开发目的设置AD/DNS服务器，但我很难从任何客户端连接到它。该服务器是安装在公共云计算环境上的普通Windows server 2019，按照本virtualyanis指南进行设置。客户端是我们内部局域网上的Windows 10盒子。

设置进行得很顺利，但我无法让客户端连接到DC。如有任何意见，不胜感激。

在Windows 10中，当尝试加入域时，我收到消息"域的Active Directory域控制器(AC DC)"&;simon.adtest&;无法联系"，提供进一步信息:

The query was for the SRV record for _ldap._tcp.dc._msdcs.simon.adtest
The following domain controllers were identified by the query:
simondc2019.simon.adtest
However no domain controllers could be contacted.

应该注意的是，为了进行故障排除，服务器和客户端上的防火墙都已禁用。还应该注意的是，这不是一个生产系统，我通常不主张降低防火墙。

下面是来自客户端的ipconfig/all:

Windows IP Configuration
Host Name . . . . . . . . . . . . : SIMONMCALOO9364
Primary Dns Suffix  . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #2
Physical Address. . . . . . . . . : 00-0C-29-4A-58-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 September 2021 12:05:31 pm
Lease Expires . . . . . . . . . . : 6 November 2157 9:03:20 pm
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 45.76.xx.xx (correct address of AD/DNS server confirmed)
NetBIOS over Tcpip. . . . . . . . : Enabled

我能够ping AD (simon.adtest)和服务器(SimonDC2019.simon.adtest):

Reply from 45.76.xx.xx: bytes=32 time=17ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Reply from 45.76.xx.xx: bytes=32 time=16ms TTL=116
Ping statistics for 45.76.xx.xx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms

nslookup正确解析正向和反向查找区域:

Server:  SimonDC2019.SIMON.adtest
Address:  45.76.xx.xx
Name:    simon.adtest
Address:  45.76.xx.xx

C:Userssimon>nslookup 45.76.xx.xx
Server:  SimonDC2019.SIMON.adtest
Address:  45.76.xx.xx
Name:    SimonDC2019.SIMON.adtest
Address:  45.76.xx.xx

C:Userssimon>nslookup SimonDC2019.SIMON.adtest
Server:  SimonDC2019.SIMON.adtest
Address:  45.76.xx.xx
Name:    SimonDC2019.SIMON.adtest
Address:  45.76.xx.xx

在尝试排除故障时，我在服务器和客户端上都运行了ddiag。服务器通过了所有测试，唯一的例外是:

There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... SIMONEVERYWHERE failed test DFSREvent

客户机上的情况完全不同，输出如下:

Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-NameSIMON
Starting test: Connectivity
......................... SIMON passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-NameSIMON
Starting test: Advertising
Fatal Error:DsGetDcName (SIMON) call failed, error 1722
The Locator could not find the server.
......................... SIMON failed test Advertising
Starting test: FrsEvent
......................... SIMON passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
replication problems may cause Group Policy problems.
......................... SIMON failed test DFSREvent
Starting test: SysVolCheck
[SIMON] An net use or LsaPolicy operation failed with error 2,
The system cannot find the file specified..
The SysVol is not ready.  This can cause the DC to not advertise itself as a DC for netlogon after dcpromo.
Also trouble with FRS SysVol replication can cause Group Policy problems.  Check the FRS event log on this DC.
......................... SIMON failed test SysVolCheck
Starting test: KccEvent
......................... SIMON passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SIMON passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [SIMON]:failed with 2: The system cannot find the file specified.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... SIMON passed test MachineAccount
Starting test: NCSecDesc
......................... SIMON passed test NCSecDesc
Starting test: NetLogons
[SIMON] An net use or LsaPolicy operation failed with error 2,
The system cannot find the file specified..
......................... SIMON failed test NetLogons
Starting test: ObjectsReplicated
......................... SIMON passed test ObjectsReplicated
Starting test: Replications
......................... SIMON passed test Replications
Starting test: RidManager
......................... SIMON passed test RidManager
Starting test: Services
......................... SIMON passed test Services
Starting test: SystemLog
......................... SIMON passed test SystemLog
Starting test: VerifyReferences
......................... SIMON passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : SIMON
Starting test: CheckSDRefDom
......................... SIMON passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... SIMON passed test CrossRefValidation
Running enterprise tests on : SIMON.adtest
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... SIMON.adtest failed test LocatorCheck
Starting test: Intersite
......................... SIMON.adtest passed test Intersite

错误1722似乎相当模糊，因为它是一个一般的RPC失败。我在谷歌上搜索了一下，发现一堆帖子因为这样或那样的原因不适用我们的设置，所以我完全卡住了。

'For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" 
/namespace:\rootmicrosoftdfs path dfsrreplicatedfolderinfo WHERE 
replicatedfoldername='SYSVOL share' get 
replicationgroupname,replicatedfoldername,state '