none
域控制器错误 RRS feed

  • 问题

  • dcdiag.txt:

    repadmin.txt

    Netdig.txt


    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine server4, is a DC.
       * Connecting to directory service on server server4.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 2 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\SERVER4
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... SERVER4 passed test Connectivity

    Doing primary tests
      
       Testing server: Default-First-Site-Name\SERVER4
          Starting test: Replications
             * Replications Check
             [Replications Check,SERVER4] A recent replication attempt failed:
                From TFRCSV02 to SERVER4
                Naming Context: DC=tfrc,DC=nt
                The replication generated an error (8606):
                没有给定足够的属性以创建对象。这个对象可能不存在因为它可能已经删除域垃圾收集。
                The failure occurred at 2011-01-04 20:47:34.
                The last success occurred at 2010-12-27 08:56:00.
                3006 failures have occurred since the last success.
             * Replication Latency Check
                DC=ForestDnsZones,DC=tfrc,DC=nt
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=DomainDnsZones,DC=tfrc,DC=nt
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=tfrc,DC=nt
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=tfrc,DC=nt
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             REPLICATION-RECEIVED LATENCY WARNING
             SERVER4:  Current time is 2011-01-04 20:52:32.
                DC=tfrc,DC=nt
                   Last replication recieved from TFRCSV02 at 2010-12-27 09:54:54.
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             * Replication Site Latency Check
             ......................... SERVER4 passed test Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Starting test: NCSecDesc
             * Security Permissions Check for
               DC=ForestDnsZones,DC=tfrc,DC=nt
                (NDNC,Version 2)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=tfrc,DC=nt
                (NDNC,Version 2)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=tfrc,DC=nt
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=tfrc,DC=nt
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=tfrc,DC=nt
                (Domain,Version 2)
             ......................... SERVER4 passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             ......................... SERVER4 passed test NetLogons
          Starting test: Advertising
             The DC SERVER4 is advertising itself as a DC and having a DS.
             The DC SERVER4 is advertising as an LDAP server
             The DC SERVER4 is advertising as having a writeable directory
             The DC SERVER4 is advertising as a Key Distribution Center
             The DC SERVER4 is advertising as a time server
             The DS SERVER4 is advertising as a GC.
             ......................... SERVER4 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt
             Role Domain Owner = CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt
             Role PDC Owner = CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt
             Role Rid Owner = CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt
             ......................... SERVER4 passed test KnowsOfRoleHolders
          Starting test: RidManager
             * Available RID Pool for the Domain is 5958 to 1073741823
             * server4.tfrc.nt is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 5458 to 5957
             * rIDPreviousAllocationPool is 5458 to 5957
             * rIDNextRID: 5693
             ......................... SERVER4 passed test RidManager
          Starting test: MachineAccount
             * SPN found :LDAP/server4.tfrc.nt/tfrc.nt
             * SPN found :LDAP/server4.tfrc.nt
             * SPN found :LDAP/SERVER4
             * SPN found :LDAP/server4.tfrc.nt/TFRC
             * SPN found :LDAP/7faae057-d177-422b-b296-e9e7c5ad5da5._msdcs.tfrc.nt
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7faae057-d177-422b-b296-e9e7c5ad5da5/tfrc.nt
             * SPN found :HOST/server4.tfrc.nt/tfrc.nt
             * SPN found :HOST/server4.tfrc.nt
             * SPN found :HOST/SERVER4
             * SPN found :HOST/server4.tfrc.nt/TFRC
             * SPN found :GC/server4.tfrc.nt/tfrc.nt
             ......................... SERVER4 passed test MachineAccount
          Starting test: Services
             * Checking Service: Dnscache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: RpcSs
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... SERVER4 passed test Services
          Test omitted by user request: OutboundSecureChannels
          Starting test: ObjectsReplicated
             SERVER4 is in domain DC=tfrc,DC=nt
             Checking for CN=SERVER4,OU=Domain Controllers,DC=tfrc,DC=nt in domain DC=tfrc,DC=nt on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt in domain CN=Configuration,DC=tfrc,DC=nt on 1 servers
                Object is up-to-date on all servers.
             ......................... SERVER4 passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... SERVER4 passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... SERVER4 passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minutes.
             ......................... SERVER4 passed test kccevent
          Starting test: systemlog
             * The System Event log test
             Found no errors in System Event log in the last 60 minutes.
             ......................... SERVER4 passed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)

             CN=SERVER4,OU=Domain Controllers,DC=tfrc,DC=nt and backlink on

             CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=SERVER4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tfrc,DC=nt

             and backlink on CN=SERVER4,OU=Domain Controllers,DC=tfrc,DC=nt are

             correct.
             The system object reference (serverReferenceBL)

             CN=SERVER4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tfrc,DC=nt

             and backlink on

             CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tfrc,DC=nt

             are correct.
             ......................... SERVER4 passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : tfrc
          Starting test: CrossRefValidation
             ......................... tfrc passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... tfrc passed test CheckSDRefDom
      
       Running enterprise tests on : tfrc.nt
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... tfrc.nt passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\server4.tfrc.nt
             Locator Flags: 0xe00003fd
             PDC Name: \\server4.tfrc.nt
             Locator Flags: 0xe00003fd
             Time Server Name: \\server4.tfrc.nt
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\server4.tfrc.nt
             Locator Flags: 0xe00003fd
             KDC Name: \\server4.tfrc.nt
             Locator Flags: 0xe00003fd
             ......................... tfrc.nt passed test FsmoCheck

    CALLBACK MESSAGE: The following replication is in progress:

        From: e1048228-ae08-473b-b729-2962d256dd70._msdcs.tfrc.nt

        To  : 7faae057-d177-422b-b296-e9e7c5ad5da5._msdcs.tfrc.nt

    CALLBACK MESSAGE: The following replication completed successfully:

        From: e1048228-ae08-473b-b729-2962d256dd70._msdcs.tfrc.nt

        To  : 7faae057-d177-422b-b296-e9e7c5ad5da5._msdcs.tfrc.nt

    CALLBACK MESSAGE: SyncAll Finished.

    SyncAll terminated with no errors.

     


        Gathering IPX configuration information.
        Opening \Device\NwlnkIpx failed
        Querying status of the Netcard drivers... Passed
        Testing Domain membership... Passed
        Gathering NetBT configuration information.
        Testing for autoconfiguration... Passed
        Testing IP loopback ping... Passed
        Testing default gateways... Passed
        Enumerating local and remote NetBT name cache... Passed
        Testing the WINS server
            本地连接 5
                There is no primary WINS server defined for this adapter.
                There is no secondary WINS server defined for this adapter.
        Gathering Winsock information.
        Testing DNS
        PASS - All the DNS entries for DC are registered on DNS server '192.168.32.11' and other DCs also have some of the names registered.
        Testing redirector and browser... Passed
        Testing DC discovery.
            Looking for a DC
            Looking for a PDC emulator
            Looking for a Windows 2000 DC
        Gathering the list of Domain Controllers for domain 'TFRC'
       DC list for domain TFRC:
            tfrcsv02.tfrc.nt [DS] Site: Default-First-Site-Name
            server4.tfrc.nt [PDC emulator] [DS] Site: Default-First-Site-Name
        Testing trust relationships... Skipped
        Testing Kerberos authentication... Passed
        Testing LDAP servers in Domain TFRC ...
        Gathering routing information
        Gathering network statistics information.

     

     

    2011年1月5日 4:00

答案

全部回复

  • 事件类型: 错误
    事件来源: NTDS Replication
    事件种类: 复制
    事件 ID: 1988
    日期:  2011-1-4
    事件:  23:23:46
    用户:  NT AUTHORITY\ANONYMOUS LOGON
    计算机: SERVER4
    描述:
    Active Directory 复制发现下列分区中存在的对象已经从 本地域控制器(DC) Active Directory 数据库中删除。 在逻辑删除生存时间过期之前,部分直接或可传递的复制 伙伴没有复制该删除。已经从 Active Directory 分区 删除并垃圾收集的对象,如果仍然存在于同一域中其他 DC 的可写入分区中或林中其他域中的全局编录服务器的 只读分区中,被称作“延迟对象”。
     
     此事件被记录到日志,因为源 DC 包含的延迟对象不存在于 本地 Active Directory 数据库上。此复制被阻止。
     
     解决此问题的最佳方案是标记并删除林中的所有延迟对象,
     
     
    源 DC (传输特定的网络地址):
    e1048228-ae08-473b-b729-2962d256dd70._msdcs.tfrc.nt
    对象:
    CN=TM_OSCE_SERVER4\0ACNF:9699659d-d133-41f3-8ac0-79020988519d,CN=Users,DC=tfrc,DC=nt
    对象 GUID:
    9699659d-d133-41f3-8ac0-79020988519d
     
    用户操作:
     
    删除延迟对象:
     
     该操作将从此错误(可以在 http://support.microsoft.com/?id=314282 找到)恢复。
     
     如果源和目标 DC 都是 Windows Server 2003 DC,那么请安装 包含在安装 CD 上的支持工具。要查看实际上不执行删除的 要删除的对象,请运行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE"。 源 DC 上的事件日志将枚举所有延迟对象。要从源域控制器删除 延迟对象,请运行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>"。
     
     如果源或域控制器之一是 Windows 2000 Server DC,那么可以 在 http://support.microsoft.com/?id=314282 找到更多有关如何删除 源 DC 上的延迟对象的信息,或从您的 Microsoft 支持专家获得这些信息。
     
     如果需要 Active Directory 复制立即工作(不计成本)并且没有 时间删除延迟对象,请通过取消下列注册表项设置,启用松散复制 一致性:
     
    Registry Key:
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency
     
     共享公共分区的 DC 之间的复制错误可能导致 DC 之间的用户 和计算机帐户、信任关系、他们的密码、安全组、安全组成员 关系和其他 Active Directory 配置数据不同,这将影响登录、 查找相关对象和执行其他重要操作。一旦解决了复制错误, 这些不一致将解决。未能在逻辑删除生存时间内入站复制删除的 对象的 DC 将保持不一致,除非管理员手动从每一个本地 DC 删除延迟对象。
     
     延迟对象可能被阻止,从而确保林中所有域控制器运行 Active Directory,经由生成树连接拓扑连接, 而且在逻辑 删除生存时间过期之前执行入站复制。

    有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

     

     

     

    我的域服务器有问题了,不知道什么情况,把一些资料贴上来了,请哪位高手帮我看看什么问题,怎么解决?非常感谢!!!

    2011年1月5日 4:26
  • 你好,简单来讲,延迟对象的出现就是因为DC间复制出现问题导致的.你可以按照你发出来的处理方式进行操作,在存在有延迟对象的域控中清除延迟对象.请注意,如果不处理(即使不清除也需要进行忽略处理,即启用松散复制,方法上面也写的很明白了),会造成DC间不能正常同步.
    面帶微笑,春暖花開
    2011年1月5日 7:54
    版主
  • 不好意思地说,我看不懂怎么操作。

    源 DC (传输特定的网络地址):
    e1048228-ae08-473b-b729-2962d256dd70._msdcs.tfrc.nt
    这个我知道,是我的域服务器,

    对象 GUID:
    9699659d-d133-41f3-8ac0-79020988519d,这个是哪个,怎么查找?

    对这方面知道很欠缺,希望能点更简单傻瓜一点的操作说明?谢谢了

    2011年1月5日 8:36
  • 您好!

     

    根据您提供的信息,该错误很可能是由于某台域控制器上过期的对象造成的,我们建议您根据以下KB中的步骤进行排错:

     

    Outdated Active Directory objects generate event ID 1988 in Windows Server 2003

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;870695

     

    希望我的回答对您有所帮助,如果有什么不清楚的地方,请您回帖。

     

    Tom Zhang 张一平
    Tom Zhang – MSFT
    2011年1月11日 8:25
    版主