none
windows server 2019 Directory Server Diagnosis 有报错是否是时间同步问题造成的?如何解决? RRS feed

  • 问题

  • 您好,

        最近我们的exchange服务器总是自动重启,微软exchange论坛说是我们的AD有问题要找你们

        dcdiag的运行结果如下:  (请问是否是时间同步问题导致的,如何解决?DC域控没有菜单项可以配置时间同步的),SH-ABCD为DC域控的计算机名,另网络都通的,DC域控事件日志没有error,只有时间同步warning日志

    Performing initial setup:
       * Identified AD Forest. 
       Done gathering initial info.
    Doing initial required tests   
       Testing server: Default-First-Site-Name\SH-ABCD
          Starting test: Connectivity
             ......................... SH-ABCD passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\SH-ABCD
          Starting test: Advertising
             Fatal Error:DsGetDcName (SH-ABCD) call failed, error 1722
             The Locator could not find the server.
             ......................... SH-ABCD failed test Advertising
          Starting test: FrsEvent
             ......................... SH-ABCD passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
             replication problems may cause Group Policy problems. 
             ......................... SH-ABCD failed test DFSREvent
          Starting test: SysVolCheck
             [SH-ABCD] An net use or LsaPolicy operation failed with error 53, The network path was not found..
             ......................... SH-ABCD failed test SysVolCheck

          Starting test: KccEvent
             ......................... SH-ABCD passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SH-ABCD passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             Could not open pipe with [SH-ABCD]:failed with 53: The network path was not found.
             Could not get NetBIOSDomainName
             Failed can not test for HOST SPN
             Failed can not test for HOST SPN
             ......................... SH-ABCD passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SH-ABCD passed test NCSecDesc

          Starting test: NetLogons
             [SH-ABCD] An net use or LsaPolicy operation failed with error 53, The network path was not found..
             ......................... SH-ABCD failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SH-ABCD passed test ObjectsReplicated
          Starting test: Replications
             ......................... SH-ABCD passed test Replications
          Starting test: RidManager
             ......................... SH-ABCD passed test RidManager
          Starting test: Services
             ......................... SH-ABCD passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x00000024
                Time Generated: 03/22/2021   16:12:50
                Event String:
                The time service has not synchronized the system time for the last 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source.
     If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients after 0 seconds. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details.
     Run 'w32tm /resync' to force an instant time synchronization.
     You can control the frequency of the time source rediscovery using ClockHoldoverPeriod W32time config setting. Modify the EventLogFlags W32time config setting if you wish to disable this message.
             ......................... SH-ABCD passed test SystemLog
          Starting test: VerifyReferences
             ......................... SH-ABCD passed test VerifyReferences
      
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : ABCD
          Starting test: CheckSDRefDom
             ......................... ABCD passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ABCD passed test CrossRefValidation
       Running enterprise tests on : ABCD.com
          Starting test: LocatorCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722
             A Good Time Server could not be located.
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
             A KDC could not be located - All the KDCs are down.
             ......................... ABCD.com failed test LocatorCheck
          Starting test: Intersite
             ......................... ABCD.com passed test Intersite





    2021年3月23日 2:21

全部回复


  • 你好,

    欢迎在此发帖跟大家一起讨论。
    目前来看DC确实有问题。为更好的了解您的问题以便更多有经验的人来讨论,请确认以下问题:

    请问您的环境中有几台dc?
    PDC是哪一台?
    什么时候开始出现的问题,最近做了哪些更改?
    两台DC之间复制是否有问题?时间是否同步?(DC跟PDC之间,其他成员服务器跟DC之间)

    可以在DC以及客户端运行命令查看时间同步配置:
    w32tm /query /status
    W32tm /query /source

    如果时间源有问题,可以运行以下命令尝试恢复默认的时间同步设置:

    #stop windows time service
    net stop w32time

    #delete all configuration of the source of time synchronization
    w32tm /unregister

    #Set the default configuration of time synchronization
    w32tm /register

    #start the windows time service
    net start w32time

     然后再查看是否恢复正常

    w32tm /query /status
    W32tm /query /source

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2021年3月23日 2:45
  • 您好,

        有一台主DC、一台辅DC,事件日志都没有error,PDC等FSMO都在主DC上,没有error日志应该同步没有问题,最近只是添加了新的exchange成员服务器(将老的exchange成员服务器从DAG中移除)。年前做了主DC及辅DC的虚拟机导出,并导入新的esxi服务器中。

        还有以上您给的时间同步这些命令是在所有DC及exchange服务器执行吗?


    2021年3月23日 3:35
  • [url=https://1680380.com/view/jisuft/pk10kai.html]极速飞艇[/url]
    [url=https://1680380.com/view/xingyft/pk10kai.html]幸运飞艇[/url]
    2021年3月23日 6:42
  • 微软工程师,您好

        能否回复下我的问题?

    2021年3月23日 7:56
  • 你好,

    首先判断一下时间是否同步。

    如果不同步的话,可以在DC上(非PDC)或者其中的一台客户端运行命令查看结果。
    w32tm /query /status
    W32tm /query /source
    上面的命令只是进行查看配置及状态。

    net stop w32time
    w32tm /unregister
    w32tm /register
    net start w32time
    如果时间源有问题,那么这几个命令是用来恢复默认的域时间同步的。

    “年前做了主DC及辅DC的虚拟机导出,并导入新的esxi服务器中”不是很清楚这个具体是什么操作。
    也有可能是因为FSMO DC 有问题,才导致的时间同步问题。因为上面的log中显示,FSMO 持有DC全是Down的状态。并别报network path找不到。
    建议你首先检查一下AD复制,及每个DC的情况。DNS 配置以及网络连接状态。

    常规的命令(DC上):
    Dcdiag /v >c:\dcdiag1.log    
    Repadmin /showrepl >C:\repl.txt 
    Repadmin /showreps * 
    ipconfig /all > C:\dc1.txt

    Member Server上:
    ipconfig /all > C:\dc1.txt

    由于安全因素及论坛规则,不建议上传更多的log.

    如果有报错信息,可以截图(隐藏敏感信息)

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2021年3月24日 1:46
  • 您好,

        从香港的一台exchange服务器执行命令结果如下:(其他exchange成员及主辅两台DC域控都在上海)

    Leap Indicator: 0(no warning)
    Stratum: 2 (secondary reference - syncd by (S)NTP)
    Precision: -23 (119.209ns per tick)
    Root Delay: 0.0332072s
    Root Dispersion: 10.0639943s
    ReferenceId: 0xC0A80CE4 (source IP:  上海的主DC域控IP)
    Last Successful Sync Time: 2021/3/24 10:50:31
    Source: XXXXXXX.com
    Poll Interval: 10 (1024s)

    2021年3月24日 3:06
  • 时间源如果是其中一台DC的话,同步设置应该是没有问题。

    其他的命令有没有报错?

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2021年3月25日 7:44
  • 您好,

        其他没有报错,香港和上海之间是ipsec vpn网络通信的

    2021年3月26日 2:47
  • 你好,

    因为您的SH-ABCD DC报错是1722,建议
    1,检查防火墙的端口和连接。
    2,是否在DC上安装了AV,如果是,请检查AV日志。可以AV并进行测试。
    目前您的环境可能需要远程直接检查或收取更多其他的日志信息。
    如果还是没有进展,建议您直接开一个case给微软:

    https://support.microsoft.com/zh-CN(中文)

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2021年3月29日 2:57