我似乎在我们的域控制器之间存在复制问题,设置如下;
一个域名
两个域控制器(2008)
一个是有道德的
一个是物理的
同一个网站
域控制器之间的ping是好的.
好吧,基本上我必须对托管虚拟机的服务器进行BIOS升级(域控制器是其中一个虚拟机).更新后,我们的cisco交换机出现问题,因为智能端口已启用,并且在所有虚拟机和包含所有其他物理机的物理网络之间停止流量.
现在我们通过禁用2960上的智能端口来修复此问题,并且所有虚拟机都可以与物理机成功通信,一切正常.
然而;当我们为域控制器启动VM时,启动花了很长时间(我知道AD / DNS问题很常见).当它最终启动时我登录并立即尝试ping第二个DC. ping响应很好,一切都很好网络明智.但突然之间域控制器没有同步.我尝试了repadmin / syncall并且出现了错误,我尝试了dcdiag / q并且我也遇到了错误.
RPC服务无法与FSMO持有者通信(简而言之).
我查了一下,dfsr服务运行正常.我切换了任何防火墙和防病毒软件,除了ping之外,他们仍然无法通信.什么都没有改变?
有人能指出我在哪里开始正确的方向吗?
出于测试目的,我在第二个DC上创建了一个对象,它没有复制到第一个DC(FSMO持有者).
C:\Users\Administrator>dcdiag /q There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... IME-DC1 Failed test DFSREvent [Replications Check,IME-DC1] A recent replication attempt Failed: From IME-DC2 to IME-DC1 Naming Context: DC=ForestDnsZones,DC=XXX,DC=com The replication generated an error (1726): The remote procedure call Failed. The failure occurred at 2013-10-02 21:11:34. The last success occurred at 2013-10-02 20:05:07. 2 failures have occurred since the last success. [Replications Check,IME-DC1] A recent replication attempt Failed: From IME-DC2 to IME-DC1 Naming Context: DC=DomainDnsZones,DC=com The replication generated an error (1726): The remote procedure call Failed. The failure occurred at 2013-10-02 21:09:56. The last success occurred at 2013-10-02 20:04:39. 2 failures have occurred since the last success. [Replications Check,IME-DC1] A recent replication attempt Failed: From IME-DC2 to IME-DC1 Naming Context: CN=Schema,CN=Configuration,DC=com The replication generated an error (1726): The remote procedure call Failed. The failure occurred at 2013-10-02 21:02:40. The last success occurred at 2013-10-02 17:55:42. 6 failures have occurred since the last success. [Replications Check,IME-DC1] A recent replication attempt Failed: From IME-DC2 to IME-DC1 Naming Context: CN=Configuration,DC=com The replication generated an error (1726): The remote procedure call Failed. The failure occurred at 2013-10-02 20:57:56. The last success occurred at 2013-10-02 20:04:36. 3 failures have occurred since the last success. [Replications Check,IME-DC1] A recent replication attempt Failed: From IME-DC2 to IME-DC1 Naming Context: DC=XXX,DC=com The replication generated an error (1726): The remote procedure call Failed. The failure occurred at 2013-10-02 21:05:29. The last success occurred at 2013-10-02 20:05:10. 2 failures have occurred since the last success. ......................... IME-DC1 Failed test Replications An Error Event occurred. EventID: 0x00000457 Time Generated: 10/02/2013 21:47:42 Event String: Driver Microsoft XPS Document Writer v4 required for printer Microso ft XPS Document Writer is unknown. Contact the administrator to install the driv er before you log in again. ......................... IME-DC1 Failed test SystemLog C:\Users\Administrator>
我还在活动目录日志中包含了一个事件日志错误.
Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 02/10/2013 22:13:33 Event ID: 1308 Task Category: Knowledge Consistency Checker Level: Warning Keywords: Classic User: ANONYMOUS logoN Computer: IME-DC1.XXX.com Description: The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently Failed. Attempts: 7 Directory service: CN=NTDS Settings,CN=IME-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,DC=com Period of time (minutes): 128 The Connection object for this directory service will be ignored,and a new temporary connection will be established to ensure that replication continues. Once replication with this directory service resumes,the temporary connection will be removed. Additional Data Error value: 1818 The remote procedure call was cancelled. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS KCC" /> <EventID Qualifiers="32768">1308</EventID> <Version>0</Version> <Level>3</Level> <Task>1</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2013-10-02T18:13:33.071Z" /> <EventRecordID>12274</EventRecordID> <Correlation /> <Execution ProcessID="652" ThreadID="1332" /> <Channel>Directory Service</Channel> <Computer>IME-DC1.XXX.com</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>7</Data> <Data>CN=NTDS Settings,DC=com</Data> <Data>128</Data> <Data>The remote procedure call was cancelled.</Data> <Data>1818</Data> </EventData> </Event>
较长的启动时间表示您已在DC的网络适配器设置中订购了DNS服务器错误.这也可能导致您看到的复制问题.阅读此问题的答案并更正您的设置.我想你以后可能会看到改善.
What should the order of DNS servers be for an AD Domain Controller and Why?
如果仍然无法解决您的问题,您需要找出RPC在两台服务器之间无法正常工作的原因.这可能是由于网络配置问题,防火墙问题(基于硬件或主机)或任何其他原因造成的.简单地ping服务器并不能确保RPC能够成功通信,这意味着ICMP在两者之间正在工作.