我有两个域控制器:
DC1:Win2k3 R2 EGDC1:Win2k8 R2
当我尝试通过选择 复制这两个(通过Manage Sites and Services和 下NTDS Settings)时Replicate Now,我收到错误消息The RPC Server is unavailable。无论我在远程进入 DC1 还是 DC2 时尝试此操作都没有关系。
根据这篇 Technet 文章,这是机器停机导致的问题。但是,我还可以同时让两个域控制器互相 ping 通,因此不存在 DNS 问题或任何连接问题。两者都在同一个 LAN 上,甚至在同一个子网上,因此不存在 VPN/wifi/防火墙/类似古怪的问题。
此外,我验证了 RPC 服务在两个盒子上都在运行。
可能存在什么问题以及我该如何解决它?
dcdiag 结果:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = EGDC1
* Identified AD Forest.
Ldap search capabality attribute search failed on server DC1, return value =
81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: INF\EGDC1
Starting test: Connectivity
......................... EGDC1 passed test Connectivity
Doing primary tests
Testing server: INF\EGDC1
Starting test: Advertising
......................... EGDC1 passed test Advertising
Starting test: FrsEvent
......................... EGDC1 passed test FrsEvent
Starting test: DFSREvent
......................... EGDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... EGDC1 passed test SysVolCheck
Starting test: KccEvent
......................... EGDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
[DC1] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: DC1 is the Schema Owner, but is not responding to DS RPC
Bind.
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to LDAP Bind.
......................... EGDC1 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... EGDC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=eg,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=eg,DC=local
......................... EGDC1 failed test NCSecDesc
Starting test: NetLogons
......................... EGDC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... EGDC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,EGDC1] A recent replication attempt failed:
From DC1 to EGDC1
Naming Context: DC=ForestDnsZones,DC=eg,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-11-29 08:56:33.
The last success occurred at 2010-10-05 01:10:06.
1330 failures have occurred since the last success.
[Replications Check,EGDC1] A recent replication attempt failed:
From DC1 to EGDC1
Naming Context: DC=DomainDnsZones,DC=eg,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-11-29 08:56:33.
The last success occurred at 2010-10-05 01:10:03.
1330 failures have occurred since the last success.
[Replications Check,EGDC1] A recent replication attempt failed:
From DC1 to EGDC1
Naming Context: CN=Schema,CN=Configuration,DC=eg,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2010-11-29 08:57:15.
The last success occurred at 2010-10-05 00:48:18.
1330 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,EGDC1] A recent replication attempt failed:
From DC1 to EGDC1
Naming Context: CN=Configuration,DC=eg,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2010-11-29 08:56:54.
The last success occurred at 2010-10-05 00:48:18.
1330 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,EGDC1] A recent replication attempt failed:
From DC1 to EGDC1
Naming Context: DC=eg,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2010-11-29 08:56:33.
The last success occurred at 2010-10-05 01:09:58.
1331 failures have occurred since the last success.
The source remains down. Please check the machine.
......................... EGDC1 failed test Replications
Starting test: RidManager
......................... EGDC1 failed test RidManager
Starting test: Services
......................... EGDC1 passed test Services
Starting test: SystemLog
......................... EGDC1 passed test SystemLog
Starting test: VerifyReferences
......................... EGDC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : eg
Starting test: CheckSDRefDom
......................... eg passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... eg passed test CrossRefValidation
Running enterprise tests on : eg.local
Starting test: LocatorCheck
......................... eg.local passed test LocatorCheck
Starting test: Intersite
......................... eg.local passed test Intersite
答案1
看起来它最后一次复制是在 10-05,当时发生了什么变化?我猜是两个 DC 的 DNS 中的 SRV 记录存在某种不匹配。AD 复制需要的不仅仅是 ping 使用的 A 记录,因此 Ping 可能会给您关于 DNS 健康状况的假阴性。尝试将两个服务器设置为同一个 DNS 服务器,并在两个服务器上重新启动 netlogin 服务。然后再次尝试复制。
答案2
Adcdiag /fix将重新注册 DC 的 DNS 记录并修复该问题。
答案3
您可以在注册表中调整 RPC 端口,完成后必须重新启动它。
regedit->local machine->software->microsoft->rpc->internet 然后将端口从默认的 5000-5002 更改为 5000-5200(最小调整为 200)。
问候,
以色列报
答案4
尝试这个 :
- 不要将本地服务器指定为 DNS
- 跑步
ipconfig /flushdns - 重新启动 netlogon 服务
- 跑步
repadmin /syncall /AeDP