服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Server 2008 R2 DCs之间的Sysvol复制中断
Intereting Posts
如何使nginx服务公共ip 在Docker上处理数据库时 将清漆caching存储在硬盘中 Nginx服务器使用IP,但不能使用任意域名 在Ubuntu上启动uWSGI时,opendir():没有这样的文件或目录 文件夹权限不适用于组,但在用户身上 我如何创build一个私有的OpenBSD镜像? Windows 7 Pro远程桌面,不正确的客户端证书警告 由于主stream支持的结束,Office 2003是否代表了托pipe环境的安全风险? 当从外部configuration文件包含fastcgi_param SCRIPT_NAME时,fastcgi_param SCRIPT_NAME不起作用 在Ubuntu上安装WordPress插件/梨问题 Windows打印机后台打印卡在Linux和Mac 64kb的文件 禁用Power Edge 1850前面的故障电源警告LED 如何在CentOS上configurationdhclient以从特定的DHCP服务器获取IP LVM逻辑卷分区在lvreduce之后损坏

Server 2008 R2 DCs之间的Sysvol复制中断

我们最近在另一个站点添加了第二个DC到我们的networking。 数据中心似乎没有任何困难通过networking进行通信,并且AD对象(用户,计算机等)正在同步正确。 但是,组策略不是。 检查新DC上的C:\Windows\SYSVOL\domain文件夹显示为空,而在旧DC上它包含带有关联内容的Policiesscripts文件夹。

但是, dcdiag并没有显示任何明显的错误提示(请参阅下面的输出),DFSR似乎认为它正在复制正确,根据dfsradmin backlog的输出。 dfsrdiag replicationstate显示没有活动的连接,但我不知道这是否是正常的; dfsradmin membership list显示两个DC。

有没有人有任何想法? 我很聪明地结束了; 我甚至会尝试手动复制策略,而不是因为这样做涉及许多权限问题。

dcdiag输出: 

 C:\Windows\system32>dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = HACTAR * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Saturn\HACTAR Starting test: Connectivity ......................... HACTAR passed test Connectivity Doing primary tests Testing server: Saturn\HACTAR Starting test: Advertising ......................... HACTAR passed test Advertising Starting test: FrsEvent ......................... HACTAR passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... HACTAR failed test DFSREvent Starting test: SysVolCheck ......................... HACTAR passed test SysVolCheck Starting test: KccEvent ......................... HACTAR passed test KccEvent Starting test: KnowsOfRoleHolders ......................... HACTAR passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... HACTAR passed test MachineAccount Starting test: NCSecDesc ......................... HACTAR passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\HACTAR\netlogon) [HACTAR] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... HACTAR failed test NetLogons Starting test: ObjectsReplicated ......................... HACTAR passed test ObjectsReplicated Starting test: Replications ......................... HACTAR passed test Replications Starting test: RidManager ......................... HACTAR passed test RidManager Starting test: Services ......................... HACTAR passed test Services Starting test: SystemLog An error event occurred. EventID: 0x00000422 Time Generated: 10/10/2014 14:39:05 Event String: The processing of Group Policy failed. Windows attempted to read the file \\bistromath.domains.h2g2.local\sysvol\bistromath.domains.h2g2.local\Polic ies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: [snip: many identical log entries] ......................... HACTAR failed test SystemLog Starting test: VerifyReferences ......................... HACTAR passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : bistromath Starting test: CheckSDRefDom ......................... bistromath passed test CheckSDRefDom Starting test: CrossRefValidation ......................... bistromath passed test CrossRefValidation Running enterprise tests on : bistromath.domains.h2g2.local Starting test: LocatorCheck ......................... bistromath.domains.h2g2.local passed test LocatorCheck Starting test: Intersite ......................... bistromath.domains.h2g2.local passed test Intersite

dfsrdiag backlog

 C:\Windows\system32>dfsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /smem:queeg /rmem:hactar No Backlog - member <hactar> is in sync with partner <queeg>

dfsrdiag replicationstate

 C:\Windows\system32>dfsrdiag replicationstate Summary Active inbound connections: 0 Updates received: 0 Active outbound connections: 0 Updates sent out: 0

dfsradmin membership list

 C:\Windows\system32>dfsradmin membership list /rgname:"Domain System Volume" MemName RfName LocalPath StagingPath StagingSize HACTAR SYSVOL Share C:\Windows\SYSVOL\domain C:\Windows\SYSVOL\staging areas\bistromath.domains.h2g2.local 4096 QUEEG SYSVOL Share C:\Windows\SYSVOL\domain C:\Windows\SYSVOL\staging areas\bistromath.domains.h2g2.local 4096

最终,我通过降级新DC来解决这个问题,将其作为一个简单的成员持续几天,然后重新推进(为了执行额外的testing)。 重新推动它导致新的控制器正确地复制以前丢失的文件,使testing有点多余。

不过,我应该注意到,我曾尝试降级,并提前重新推广新的华盛顿,但无济于事。 可能是因为没有进行DFS复制的很长一段时间会导致某种forms的超时; 鉴于缺乏明确的数据,这是我如何得到sorting的最佳猜测。