父域:domain.cn 域控:PRODDC-3,PRODDC-4
子域:wuhan.domain.cn 域控:PRODDC-1,PRODDC-2
问题描述:
使用父域的账号登录子域加域的部分计算机,会提示用户名和密码错误。
两台子域域控的防火墙已关闭,可以互相ping通,端口也是通的。
检查日志发现PRODDC-2无法从PRODDC-1复制数据,以下是dcdiag test失败的部分。
......................... PRODDC-2 failed test KccEvent
Starting test: KnowsOfRoleHolders
[PRODDC-1] DsBindWithSpnEx() failed with error 1727,
The remote procedure call failed and did not execute..
Warning: PRODDC-1 is the PDC Owner, but is not responding to DS
RPC Bind.
[PRODDC-1] LDAP bind failed with error 55,
The specified network resource or device is no longer available..
Warning: PRODDC-1 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: PRODDC-1 is the Rid Owner, but is not responding to DS
RPC Bind.
Warning: PRODDC-1 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: PRODDC-1 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: PRODDC-1 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source PRODDC-4
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,PRODDC-2] A recent replication attempt
failed:
From PRODDC-1 to PRODDC-2
Naming Context: DC=ForestDnsZones,DC=domain,DC=cn
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2017-04-17 10:51:29.
The last success occurred at 2017-04-17 10:28:09.
2 failures have occurred since the last success.
[Replications Check,PRODDC-2] A recent replication attempt
failed:
From PRODDC-1 to PRODDC-2
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=cn
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2017-04-17 10:54:38.
The last success occurred at 2017-04-17 10:37:58.
1 failures have occurred since the last success.
[Replications Check,PRODDC-2] A recent replication attempt
failed:
From PRODDC-1 to PRODDC-2
Naming Context: CN=Configuration,DC=domain,DC=cn
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2017-04-17 10:53:23.
The last success occurred at 2017-04-17 10:37:08.
1 failures have occurred since the last success.
[Replications Check,PRODDC-2] A recent replication attempt
failed:
From PRODDC-1 to PRODDC-2
Naming Context: DC=domain,DC=cn
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2017-04-17 10:51:29.
The last success occurred at 2017-04-17 10:36:18.
1 failures have occurred since the last success.
[Replications Check,PRODDC-2] A recent replication attempt
failed:
From PRODDC-1 to PRODDC-2
Naming Context: DC=wuhan,DC=domain,DC=cn
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2017-04-17 10:51:29.
The last success occurred at 2017-04-11 15:44:57.
15586 failures have occurred since the last success.
......................... PRODDC-2 failed test Replications
