询问者
widnows域故障 2002 KCC问题
问题
-
现有一台主域,一台辅域,主域集成了DNS wins
辅域集成了 DNS dhcp wins
主域升级的时候采用剥夺。升级的
现在出现了知识一致性检查KCC无法成功运行2002错误
开始测试: KccEvent
发生了一个错误事件。EventID: 0xC00007D2
生成时间: 10/31/2020 11:30:08
事件字符串: 知识一致性检查器(KCC)无法成功运行,因为下列对象上的属性
没有足够的值。
发生了一个警告事件。EventID: 0x800003F6
生成时间: 10/31/2020 11:30:08
事件字符串: 知识一致性检查器(KCC)更新本地目录服务的复制拓扑失败。KCC
将按如下计划时间间隔尝试更新复制拓扑。
......................... DC1 没有通过测试 KccEvent各位大神 这个是什么问题造成的
全部回复
-
你好,
为更好的了解您的问题,请确认以下信息:
升级时是就地升级域控系统还是说添加了新的域控,然后降级了旧的域控?旧DC以及现有DC的名称分别是什么?
FSMO Role 有没有成功转移到其他的DC?
现有的两台DC 上运行命令,有无其他报错。
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
-
目录服务器诊断
正在执行初始化设置:
正在尝试查找主服务器...
* 正在验证本地计算机 DC1 是否为目录服务器。
主服务器 = DC1
* 正在连接到服务器 DC1 上的目录服务。
* 已识别的 AD 林。
Collecting AD specific global data
* 正在收集站点信息。
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=zjaichi,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
Getting ISTG and options for the site
* 正在标识所有服务器。
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=zjaichi,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ZJAICHI01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Naming Contexts of CN=NTDS Settings,CN=ZJAICHI01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local could not be obtained All the info for the server collected
* 标识所有 NC 交叉引用。
* 找到 2 DC。正在测试其中的 1。
已完成收集初始化信息。
正在进行所需的初始化测试
正在测试服务器: Default-First-Site-Name\DC1
开始测试: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC1 已通过测试 Connectivity
正在执行主要测试
正在测试服务器: Default-First-Site-Name\DC1
开始测试: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 已通过测试 Advertising
用户请求忽略的测试: CheckSecurityError
用户请求忽略的测试: CutoffServers
开始测试: FrsEvent
* 文件复制服务事件日志测试
......................... DC1 已通过测试 FrsEvent
开始测试: DFSREvent
The DFS Replication Event Log.
跳过该测试,因为服务器正在运行 FRS。
......................... DC1 已通过测试 DFSREvent
开始测试: SysVolCheck
* 该文件复制服务 SYSVOL 已准备好测试
文件复制服务的 SYSVOL 已就绪
......................... DC1 已通过测试 SysVolCheck
开始测试: KccEvent
* The KCC Event log test
发生了一个错误事件。EventID: 0xC00007D2
生成时间: 12/04/2020 16:00:17
事件字符串:
知识一致性检查器(KCC)无法成功运行,因为下列对象上的属性没有足够的值。
对象:
CN=NTDS Settings,CN=ZJAICHI01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
属性名称:
hasMasterNCs
下一次计划的复制时将再一次尝试复制此属性。
用户操作
如果此情况持续存在,请验证复制是否工作正常。
发生了一个警告事件。EventID: 0x800003F6
生成时间: 12/04/2020 16:00:17
事件字符串:
知识一致性检查器(KCC)更新本地目录服务的复制拓扑失败。KCC 将按如下计划时间间隔尝试更新复制拓扑。
KCC 更新时间间隔:
900
默认地,每 15 分钟更新一次。
用户操作
如果持续发生,重新启动目录服务。
其他数据
错误值:
8409 出现了一个数据库错误。
内部 ID:
f04062c
......................... DC1 没有通过测试 KccEvent
开始测试: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
......................... DC1 已通过测试 KnowsOfRoleHolders
开始测试: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.zjaichi.local/zjaichi.local
* SPN found :LDAP/DC1.zjaichi.local
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.zjaichi.local/ZJAICHI
* SPN found :LDAP/52e5489d-70b6-4d23-b49e-b13af1429964._msdcs.zjaichi.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/52e5489d-70b6-4d23-b49e-b13af1429964/zjaichi.local
* SPN found :HOST/DC1.zjaichi.local/zjaichi.local
* SPN found :HOST/DC1.zjaichi.local
* SPN found :HOST/DC1
* SPN found :HOST/DC1.zjaichi.local/ZJAICHI
* SPN found :GC/DC1.zjaichi.local/zjaichi.local
......................... DC1 已通过测试 MachineAccount
开始测试: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* 安全权限检查
DC=ForestDnsZones,DC=zjaichi,DC=local
(NDNC,Version 3)
* 安全权限检查
DC=DomainDnsZones,DC=zjaichi,DC=local
(NDNC,Version 3)
* 安全权限检查
CN=Schema,CN=Configuration,DC=zjaichi,DC=local
(Schema,Version 3)
* 安全权限检查
CN=Configuration,DC=zjaichi,DC=local
(Configuration,Version 3)
* 安全权限检查
DC=zjaichi,DC=local
(Domain,Version 3)
......................... DC1 已通过测试 NCSecDesc
开始测试: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 已通过测试 NetLogons
开始测试: ObjectsReplicated
DC1 is in domain DC=zjaichi,DC=local
Checking for CN=DC1,OU=Domain Controllers,DC=zjaichi,DC=local in domain DC=zjaichi,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local in domain CN=Configuration,DC=zjaichi,DC=local on 1 servers
Object is up-to-date on all servers.
......................... DC1 已通过测试 ObjectsReplicated
用户请求忽略的测试: OutboundSecureChannels
开始测试: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=zjaichi,DC=local
Latency information for 5 entries in the vector were ignored.
4 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=zjaichi,DC=local
Latency information for 5 entries in the vector were ignored.
4 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=zjaichi,DC=local
Latency information for 10 entries in the vector were ignored.
9 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=zjaichi,DC=local
Latency information for 10 entries in the vector were ignored.
9 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=zjaichi,DC=local
Latency information for 10 entries in the vector were ignored.
9 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* 站点复制延迟检查
......................... DC1 已通过测试 Replications
开始测试: RidManager
* Available RID Pool for the Domain is 7103 to 1073741823
* DC1.zjaichi.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3103 to 3602
* rIDPreviousAllocationPool is 3103 to 3602
* rIDNextRID: 3122
......................... DC1 已通过测试 RidManager
开始测试: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 已通过测试 Services
开始测试: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC1 已通过测试 SystemLog
用户请求忽略的测试: Topology
用户请求忽略的测试: VerifyEnterpriseReferences
开始测试: VerifyReferences
系统对象参考(serverReference)
CN=DC1,OU=Domain Controllers,DC=zjaichi,DC=local 和
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
上的反向链接正确。
系统对象参考(serverReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=zjaichi,DC=local
和
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zjaichi,DC=local
上的反向链接正确。
系统对象参考(frsComputerReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=zjaichi,DC=local
和 CN=DC1,OU=Domain Controllers,DC=zjaichi,DC=local 上的反向链接正确。
......................... DC1 已通过测试 VerifyReferences
用户请求忽略的测试: VerifyReplicas
用户请求忽略的测试: DNS
用户请求忽略的测试: DNS
正在 ForestDnsZones
上运行分区测试
开始测试: CheckSDRefDom
......................... ForestDnsZones 已通过测试 CheckSDRefDom
开始测试: CrossRefValidation
......................... ForestDnsZones 已通过测试 CrossRefValidation
正在 DomainDnsZones
上运行分区测试
开始测试: CheckSDRefDom
......................... DomainDnsZones 已通过测试 CheckSDRefDom
开始测试: CrossRefValidation
......................... DomainDnsZones 已通过测试 CrossRefValidation
正在 Schema
上运行分区测试
开始测试: CheckSDRefDom
......................... Schema 已通过测试 CheckSDRefDom
开始测试: CrossRefValidation
......................... Schema 已通过测试 CrossRefValidation
正在 Configuration
上运行分区测试
开始测试: CheckSDRefDom
......................... Configuration 已通过测试 CheckSDRefDom
开始测试: CrossRefValidation
......................... Configuration 已通过测试 CrossRefValidation
正在 zjaichi
上运行分区测试
开始测试: CheckSDRefDom
......................... zjaichi 已通过测试 CheckSDRefDom
开始测试: CrossRefValidation
......................... zjaichi 已通过测试 CrossRefValidation
正在 zjaichi.local
上运行企业测试
用户请求忽略的测试: DNS
用户请求忽略的测试: DNS
开始测试: LocatorCheck
GC 名称: \\DC1.zjaichi.local
Locator Flags: 0xe00033fd
PDC Name: \\DC1.zjaichi.local
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.zjaichi.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.zjaichi.local
Locator Flags: 0xe00033fd
KDC Name: \\DC1.zjaichi.local
Locator Flags: 0xe00033fd
......................... zjaichi.local 已通过测试 LocatorCheck
开始测试: Intersite
正在跳过站点 Default-First-Site-Name,该站点位于给定命令 行参数提供的范围之外。
......................... zjaichi.local 已通过测试 Intersite
Repadmin: 针对所有 DC localhost 运行命令 /showrepl
Default-First-Site-Name\DC1
DSA 选项: IS_GC
站点选项: (none)
DSA 对象 GUID: 52e5489d-70b6-4d23-b49e-b13af1429964
DSA 调用 ID: 560e7dd9-51d5-48dd-93d0-0e235bcc89b5
==== 入站邻居 ===========================================
DC=zjaichi,DC=local
Default-First-Site-Name\ZJAICHI01 通过 RPC
DSA 对象 GUID: 3ba1d083-20a6-497b-b5b1-b99dd8c00320
上次在 2020-12-04 16:02:17 的尝试成功。
CN=Configuration,DC=zjaichi,DC=local
Default-First-Site-Name\ZJAICHI01 通过 RPC
DSA 对象 GUID: 3ba1d083-20a6-497b-b5b1-b99dd8c00320
上次在 2020-12-04 15:55:24 的尝试成功。
CN=Schema,CN=Configuration,DC=zjaichi,DC=local
Default-First-Site-Name\ZJAICHI01 通过 RPC
DSA 对象 GUID: 3ba1d083-20a6-497b-b5b1-b99dd8c00320
上次在 2020-12-04 15:55:30 的尝试成功。
DC=DomainDnsZones,DC=zjaichi,DC=local
Default-First-Site-Name\ZJAICHI01 通过 RPC
DSA 对象 GUID: 3ba1d083-20a6-497b-b5b1-b99dd8c00320
上次在 2020-12-04 15:55:30 的尝试成功。
DC=ForestDnsZones,DC=zjaichi,DC=local
Default-First-Site-Name\ZJAICHI01 通过 RPC
DSA 对象 GUID: 3ba1d083-20a6-497b-b5b1-b99dd8c00320
上次在 2020-12-04 15:55:30 的尝试成功。
