Remove From My Forums

AD复制问题

问题
0

登录进行投票

你好！

请问教个AD父子域复制不成功原因有那些？
1、网络正常
2、解析DNS正常
3、手动复制副本没有报错
子域建的账号未到同步到父域上来！

Horace Xie mgdm@163.com

2013年2月28日 1:42

回复

|

引用

答案

0

登录进行投票
您好！

根据您提供的信息，我们建议您尝试以下步骤进行排错：

1. 检查父域控制器和子域控制器之间是否有RRAS等防火墙，如果有防火墙的话，请暂时关闭防火墙。

2. 确认父域控制器和子域控制器上没有启用IPSEC和TCP/IP筛选。

3. 运行ipconfig /all，检查TCP/IP协议的配置是否正确，请把主DNS服务器指向PDC，辅助DNS服务器指向其它的DC。
4. 在CMD模式，运行ipconfig /flushdns 命令清空本地DNS缓存，运行net stop netlogon 和net start netlogon 命令重启netlogon服务，重建DC的相关记录。

5. 请您在命令提示符下输入：
a. Run Dcdiag /v >c:\Dcdiag.txt b. Netdiag /debug >c:\Netdig.txt
c. Repadmin /syncall c:\repadmin.txt

请您将收集到的详细错误日志贴到论坛中，以便我们为您作的进一步分析。

希望我的回答对您有所帮助，如果您还有什么问题，请您再和我们联系。

微软一站式示例脚本库: http://blogs.technet.com/b/onescript
- 已标记为答案 Tom Zhang – MSFTModerator 2013年3月6日 8:11
2013年2月28日 7:42

回复

|

引用

版主

全部回复

0

登录进行投票
您好！

根据您提供的信息，我们建议您尝试以下步骤进行排错：

1. 检查父域控制器和子域控制器之间是否有RRAS等防火墙，如果有防火墙的话，请暂时关闭防火墙。

2. 确认父域控制器和子域控制器上没有启用IPSEC和TCP/IP筛选。

3. 运行ipconfig /all，检查TCP/IP协议的配置是否正确，请把主DNS服务器指向PDC，辅助DNS服务器指向其它的DC。
4. 在CMD模式，运行ipconfig /flushdns 命令清空本地DNS缓存，运行net stop netlogon 和net start netlogon 命令重启netlogon服务，重建DC的相关记录。

5. 请您在命令提示符下输入：
a. Run Dcdiag /v >c:\Dcdiag.txt b. Netdiag /debug >c:\Netdig.txt
c. Repadmin /syncall c:\repadmin.txt

请您将收集到的详细错误日志贴到论坛中，以便我们为您作的进一步分析。

希望我的回答对您有所帮助，如果您还有什么问题，请您再和我们联系。

微软一站式示例脚本库: http://blogs.technet.com/b/onescript
- 已标记为答案 Tom Zhang – MSFTModerator 2013年3月6日 8:11
2013年2月28日 7:42

回复

|

引用

版主

登录进行投票

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine DC2003-01, is a DC.
* Connecting to directory service on server DC2003-01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 5 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: DC2003\DC2003-01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC2003-01 passed test Connectivity

Doing primary tests

Testing server: DC2003\DC2003-01
Starting test: Replications
* Replications Check
[Replications Check,DC2003-01] A recent replication attempt failed:
From TEST3 to DC2003-01
Naming Context: CN=Schema,CN=Configuration,DC=china,DC=com
The replication generated an error (8524):
由于 DNS 查找故障，DSA 操作无法进行。
The failure occurred at 2013-03-01 13:07:46.
The last success occurred at 2013-02-28 16:55:44.
7 failures have occurred since the last success.
The guid-based DNS name 37f140ea-3fd1-42da-8b7f-8337f0c32664._msdcs.china.com
is not registered on one or more DNS servers.
[TEST3] DsBindWithSpnEx() failed with error 1722,
RPC 服务器不可用。.
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 2288 (DcDiag)
System Time is: 3/1/2013 5:25:33:343
Generating component is 8 (winsock)
Status is 1722: RPC 服务器不可用。

Detection location is 322
Error Record 2, ProcessID is 2288 (DcDiag)
System Time is: 3/1/2013 5:25:33:343
Generating component is 8 (winsock)
Status is 11001: 不知道这样的主机。

Detection location is 320
NumberOfParameters is 1

Unicode string: 37f140ea-3fd1-42da-8b7f-8337f0c32664._msdcs.china.com
[Replications Check,DC2003-01] A recent replication attempt failed:
From TEST1 to DC2003-01
Naming Context: CN=Schema,CN=Configuration,DC=china,DC=com
The replication generated an error (1908):
找不到此域的域控制器。
The failure occurred at 2013-03-01 13:07:47.
The last success occurred at 2013-03-01 12:54:20.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC2003-01] A recent replication attempt failed:
From TEST3 to DC2003-01
Naming Context: CN=Configuration,DC=china,DC=com
The replication generated an error (8524):
由于 DNS 查找故障，DSA 操作无法进行。
The failure occurred at 2013-03-01 13:07:37.
The last success occurred at 2013-02-28 17:41:35.
7 failures have occurred since the last success.
The guid-based DNS name 37f140ea-3fd1-42da-8b7f-8337f0c32664._msdcs.china.com
is not registered on one or more DNS servers.
[Replications Check,DC2003-01] A recent replication attempt failed:
From TEST3 to DC2003-01
Naming Context: DC=china,DC=com
The replication generated an error (8524):
由于 DNS 查找故障，DSA 操作无法进行。
The failure occurred at 2013-03-01 13:07:55.
The last success occurred at 2013-02-28 17:39:45.
7 failures have occurred since the last success.
The guid-based DNS name 37f140ea-3fd1-42da-8b7f-8337f0c32664._msdcs.china.com
is not registered on one or more DNS servers.
[Replications Check,DC2003-01] A recent replication attempt failed:
From TEST1 to DC2003-01
Naming Context: DC=china,DC=com
The replication generated an error (1908):
找不到此域的域控制器。
The failure occurred at 2013-03-01 13:07:55.
The last success occurred at 2013-03-01 12:54:27.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
DC2003-01: Current time is 2013-03-01 13:25:33.
CN=Schema,CN=Configuration,DC=china,DC=com
Last replication recieved from TEST3 at 2013-02-28 16:55:44.
CN=Configuration,DC=china,DC=com
Last replication recieved from TEST3 at 2013-02-28 17:41:35.
DC=china,DC=com
Last replication recieved from TEST3 at 2013-02-28 17:39:45.
* Replication Site Latency Check
Site

CN=NTDS Site Settings,CN=sz,CN=Sites,CN=Configuration,DC=china,DC=com

was skipped because it never had an ISTG running in it.
......................... DC2003-01 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=china,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=china,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=china,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=china,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=china,DC=com
(Domain,Version 2)
* Security Permissions Check for
DC=gz,DC=china,DC=com
(Domain,Version 2)
......................... DC2003-01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DC2003-01 passed test NetLogons
Starting test: Advertising
The DC DC2003-01 is advertising itself as a DC and having a DS.
The DC DC2003-01 is advertising as an LDAP server
The DC DC2003-01 is advertising as having a writeable directory
The DC DC2003-01 is advertising as a Key Distribution Center
The DC DC2003-01 is advertising as a time server
The DS DC2003-01 is advertising as a GC.
......................... DC2003-01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com
......................... DC2003-01 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* DC2003-01.china.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1129
......................... DC2003-01 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/DC2003-01.china.com/china.com
* SPN found :LDAP/DC2003-01.china.com
* SPN found :LDAP/DC2003-01
* SPN found :LDAP/DC2003-01.china.com/CHINA
* SPN found :LDAP/faaa5b66-e7e5-40f3-80e4-520e27a12bac._msdcs.china.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/faaa5b66-e7e5-40f3-80e4-520e27a12bac/china.com
* SPN found :HOST/DC2003-01.china.com/china.com
* SPN found :HOST/DC2003-01.china.com
* SPN found :HOST/DC2003-01
* SPN found :HOST/DC2003-01.china.com/CHINA
* SPN found :GC/DC2003-01.china.com/china.com
......................... DC2003-01 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2003-01 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DC2003-01 is in domain DC=china,DC=com
Checking for CN=DC2003-01,OU=Domain Controllers,DC=china,DC=com in domain DC=china,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com in domain CN=Configuration,DC=china,DC=com on 1 servers
Object is up-to-date on all servers.
......................... DC2003-01 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC2003-01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/01/2013 13:09:39
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/01/2013 13:09:53
(Event String could not be retrieved)
......................... DC2003-01 failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8000051C
Time Generated: 03/01/2013 13:11:57
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000785
Time Generated: 03/01/2013 13:12:04
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000786
Time Generated: 03/01/2013 13:12:04
(Event String could not be retrieved)
......................... DC2003-01 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000423
Time Generated: 03/01/2013 13:07:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 03/01/2013 13:07:41
(Event String could not be retrieved)
......................... DC2003-01 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=DC2003-01,OU=Domain Controllers,DC=china,DC=com and backlink on

CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com

are correct.
The system object reference (frsComputerReferenceBL)

CN=DC2003-01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=china,DC=com

and backlink on CN=DC2003-01,OU=Domain Controllers,DC=china,DC=com are

correct.
The system object reference (serverReferenceBL)

CN=DC2003-01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=china,DC=com

and backlink on

CN=NTDS Settings,CN=DC2003-01,CN=Servers,CN=DC2003,CN=Sites,CN=Configuration,DC=china,DC=com

are correct.
......................... DC2003-01 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : china
Starting test: CrossRefValidation
......................... china passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... china passed test CheckSDRefDom

Running enterprise tests on : china.com
Starting test: Intersite
Skipping site gz, this site is outside the scope provided by the

command line arguments provided.
Skipping site sz, this site is outside the scope provided by the

command line arguments provided.
Skipping site DC2003, this site is outside the scope provided by the

command line arguments provided.
......................... china.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\DC2003-01.china.com
Locator Flags: 0xe00003fd
PDC Name: \\DC2003-01.china.com
Locator Flags: 0xe00003fd
Time Server Name: \\DC2003-01.china.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\DC2003-01.china.com
Locator Flags: 0xe00003fd
KDC Name: \\DC2003-01.china.com
Locator Flags: 0xe00003fd
......................... china.com passed test FsmoCheck

Horace Xie mgdm@163.com

2013年3月1日 5:52

登录进行投票

    Gathering IPX configuration information.
    Opening \Device\NwlnkIpx failed
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing for autoconfiguration... Passed
    Testing IP loopback ping... Passed
    Testing default gateways... Failed
    Enumerating local and remote NetBT name cache... Passed
    Testing the WINS server
        本地连接
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
    Gathering Winsock information.
    Testing DNS
    PASS - All the DNS entries for DC are registered on DNS server '192.168.10.1' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.10.13' and other DCs also have some of the names registered.
    Testing redirector and browser... Passed
    Testing DC discovery. 
        Looking for a DC
        Looking for a PDC emulator
        Looking for a Windows 2000 DC
    Gathering the list of Domain Controllers for domain 'CHINA'
   DC list for domain CHINA:
        DC2003-01.china.com [PDC emulator] [DS] Site: DC2003
        test1.china.com [DS] Site: DC2003
        test3.china.com [DS] Site: DC2003
    Testing trust relationships... Skipped
    Testing Kerberos authentication... Passed
    Testing LDAP servers in Domain CHINA ... 
    Gathering routing information
    Gathering network statistics information. 
    Gathering configuration of bindings.
    Gathering RAS connection information 
    Gathering Modem information
    Gathering Netware information
    Gathering IP Security information

    Tests complete.


    Computer Name: DC2003-01
    DNS Host Name: DC2003-01.china.com
    DNS Domain Name: china.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 23 Stepping 10, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          Q147222


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers: 

    ---------------------------------------------------------------------------
    Description: 直接
    Device: \DEVICE\{DA4934DA-4BC7-4F6F-85AA-838AEFB0D02C}
    GetStats failed for '直接并口'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: WAN 微型端口 (P
    Device: \DEVICE\{BC3AE328-87FE-4D54-BBEB-B2A78F0C0266}
    GetStats failed for 'WAN 微型端口 (PPTP)'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: WAN 微型端口 (PP
    Device: \DEVICE\{997D416B-32D0-4B55-8B25-730643D38E9C}
    GetStats failed for 'WAN 微型端口 (PPPOE)'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: WAN 微型端口 
    Device: \DEVICE\NDISWANIP

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    00:37:22
    Media Speed:                     28 Kbps

    Packets Sent:                    0
    Bytes Sent (Optional):           0

    Packets Received:                0
    Directed Pkts Recd (Optional):   0
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    [WARNING] The net card 'WAN 微型端口 (IP)' may not be working because it has not received any packets.
    ---------------------------------------------------------------------------
    Description: WAN 微型端口 (L
    Device: \DEVICE\{1D957B09-2A2B-43D1-980E-63C158033349}
    GetStats failed for 'WAN 微型端口 (L2TP)'. [ERROR_NOT_SUPPORTED]
    ---------------------------------------------------------------------------
    Description: Intel(R) PRO/1000 MT Network Connection
    Device: \DEVICE\{51A593E1-20D9-4962-8EA6-15140A4A8654}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    00:37:22
    Media Speed:                     1 Gbps

    Packets Sent:                    2605
    Bytes Sent (Optional):           0

    Packets Received:                2164
    Directed Pkts Recd (Optional):   2042
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : 本地连接
        Adapter ID . . . . . . . . : {51A593E1-20D9-4962-8EA6-15140A4A8654}

        Netcard queries test . . . : Passed

        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : DC2003-01
        Description. . . . . . . . : Intel(R) PRO/1000 MT Network Connection
        Physical Address . . . . . : 00-0C-29-EE-8A-77
        Dhcp Enabled . . . . . . . : No
        DHCP ClassID . . . . . . . : 
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 192.168.10.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.10.254
        Dns Servers. . . . . . . . : 192.168.10.1
                                     192.168.10.13

        IpConfig results . . . . . : Passed

        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use. 

        Default gateway test . . . : Failed
            Pinging gateway 192.168.10.254 - not reachable
            No gateway reachable for this adapter. 

        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{51A593E1-20D9-4962-8EA6-15140A4A8654}
            DC2003-01      <00>  UNIQUE      REGISTERED
            CHINA          <00>  GROUP       REGISTERED
            CHINA          <1C>  GROUP       REGISTERED
            DC2003-01      <20>  UNIQUE      REGISTERED
            CHINA          <1B>  UNIQUE      REGISTERED
            CHINA          <1E>  GROUP       REGISTERED
            CHINA          <1D>  UNIQUE      REGISTERED
            ..__MSBROWSE__.<01>  GROUP       REGISTERED
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

            NetBios Resolution : via DHCP 

            No remote names have been found.

        WINS service test. . . . . : Skipped
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
            There are no WINS servers configured for this interface.
        IPX test : IPX is not installed on this machine.

Horace Xie mgdm@163.com

2013年3月1日 5:54

积极答复者

AD复制问题

问题

答案

全部回复