我的网络上有两个域控制器,win2k8dc1 和 win2k8dc2。
我遇到了事件日志错误,DFS 复制无法与复制伙伴通信。此事件记录在 DC2 上:
DFS 复制服务无法与复制组域系统卷的合作伙伴 WIN2K8DC1 通信。合作伙伴无法识别连接或复制组配置。
合作伙伴 DNS 地址:WIN2K8DC1.JEWELS.LOCAL 可选数据(如果可用):合作伙伴 WINS 地址:WIN2K8DC1 合作伙伴 IP 地址:192.168.1.254 服务将定期重试连接。其他信息:错误:9026(连接无效)连接 ID:F26BEC3F-1EB7-4002-BE66-6204485CDC8C 复制组 ID:E0260157-9085-41F7-8912-F1A02026A0A5
DC1 上未生成这些错误。两台机器都可以通过 ip、fqdn 和 a 记录进行 ping。
Active Directory 似乎可以完美复制。如果在一台服务器上创建了对象或 OU,则会将其复制到第二台服务器上。DNS 复制似乎也很好。
运行 DCDIAG 我收到以下错误:
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An error event occurred. EventID: 0xC0001394
Time Generated: 01/04/2012 17:00:45
Event String:
The DFS Replication service failed to communicate with partner WIN2K8DC2 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration.
Partner DNS Address: WIN2K8DC2.JEWELS.LOCAL
Optional data if available:
Partner WINS Address: WIN2K8DC2
Partner IP Address: 192.168.1.253
The service will retry the connection periodically.
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F
Replication Group ID: E0260157-9085-41F7-8912-F1A02026A0A5
An error event occurred. EventID: 0xC0001394
Time Generated: 01/05/2012 03:00:42
......................... WIN2K8DC1 failed test DFSREvent
我检查了域控制器的属性:msDFSR-ComputerReferenceBL。每个 DC 都有一个 CN 等于其自身的值。msDFSR-MemberReferenceBL 值为空。我无法手动编辑这两个值中的任何一个。
DCDIAG 输出中的另一个错误是 NCSecDesc 测试,研究后发现如果我不使用 RODC,则忽略该测试。两台服务器均未通过此测试。
两台服务器均出现 DCOM 错误报告,报告称 DCOM 无法使用任何已配置的协议与计算机通信。但我可以 ping 出转发器的 IP。
所有 DNS 测试结果均通过 dcdiag 测试。
我运行的 dcdiag 属性是:dcdiag /v /c /d /e /s:win2k8dc1 > c:\dcdiag.txt在 win2k8dc2 上也是一样。
FRSDiag 实用程序在 DC1 上返回以下错误:
Checking for errors in debug logs ...
ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3580: 904: S0: 12:33:01> :SR: Cmd 00388bb0, CxtG f26bec3f, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (544) [SndFail - Send Penalty]
ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 260: 877: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (376) [SndFail - rpc call]
ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 260: 904: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (376) [SndFail - Send Penalty]
Found 8 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above
......... failed with 8 error entries
当我尝试从 DC1 针对 DC2 运行 FRSDiag 时,出现以下错误:
Processing ntfrsutl ds....NTFRSUTL ERROR - Cannot RPC to computer, win2k8dc2; 000006d9 (1753)... Make sure you are logged on as a Domain Admin! Skipping!
我开始感到困惑,因为这超出了我的理解范围。在继续下一步并联系 MS AD 技术支持之前,我想先检查一下这里。
补充:UAC 已关闭。两台服务器上均无防火墙。功能级别为 Windows Server 2008。
dfsrdiag dumpadcfg 输出:
LDAP Bind : WIN2K8DC1.JEWELS.LOCAL
SitesDn : cn=sites,cn=configuration,dc=jewels,dc=local
ServicesDn : cn=services,cn=configuration,dc=jewels,dc=local
SystemDn : cn=system,DC=JEWELS,DC=LOCAL
DefaultNcDn : DC=JEWELS,DC=LOCAL
ComputersDn : cn=computers,DC=JEWELS,DC=LOCAL
DomainCtlDn : ou=domain controllers,DC=JEWELS,DC=LOCAL
SchemaDn : CN=Schema,CN=Configuration,DC=JEWELS,DC=LOCAL
COMPUTER: WIN2K8DC1
DN : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
GUID : 53A64969-227C-40AA-BD93-3C46782765DA
DNS : win2k8dc1.jewels.local
Server BL : cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn
=configuration,dc=jewels,dc=local
Server Ref : (null)
USN Changed : 5682458
When Created : Tuesday, August 10, 2010 3:02:33 PM
When Changed : Wednesday, January 04, 2012 6:30:57 PM
LOCAL SETTINGS: DFSR-LOCALSETTINGS
DN : cn=dfsr-localsettings,cn=win2k8dc1,ou=domain controllers,dc=
jewels,dc=local
GUID : 6EE6D3C7-09C4-4A9E-BFCF-A4D5CE129320
Version : 1.0.0.0
USN Changed : 5685331
When Created : Wednesday, January 04, 2012 8:58:32 PM
When Changed : Wednesday, January 04, 2012 9:00:49 PM
SUBSCRIBER: DOMAIN SYSTEM VOLUME
DN : cn=domain system volume,cn=dfsr-localsettings,cn=win2k8dc1
,ou=domain controllers,dc=jewels,dc=local
GUID : 2C9380BE-39BE-49C9-87CA-82AA8483A5C8
Member Ref : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr-g
lobalsettings,cn=system,dc=jewels,dc=local
USN Changed : 5685297
When Created : Wednesday, January 04, 2012 8:58:33 PM
When Changed : Wednesday, January 04, 2012 8:58:33 PM
SUBSCRIPTION: SYSVOL SUBSCRIPTION
DN : cn=sysvol subscription,cn=domain system volume,cn=dfsr-l
ocalsettings,cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
GUID : 3A9F879D-CB16-4484-8F22-703B8ACF3B11
ContentSetGuid: 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478
Root Path : c:\windows\sysvol_dfsr\domain
Root Size : (null) (MB)
Staging Path : (null)
Staging Size : (null) (MB)
Conflict Path : (null)
Conflict Size : (null) (MB)
USN Changed : 5685489
When Created : Wednesday, January 04, 2012 8:58:33 PM
When Changed : Wednesday, January 04, 2012 9:05:34 PM
GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
DN : cn=dfsr-globalsettings,cn=system,dc=jewels,dc=local
GUID : 30E9760E-6020-4DFD-A975-134F2C809A4D
USN Changed : 5685310
When Created : Wednesday, January 04, 2012 8:57:53 PM
When Changed : Wednesday, January 04, 2012 8:59:39 PM
REPLICATION GROUP: DOMAIN SYSTEM VOLUME
DN : cn=domain system volume,cn=dfsr-globalsettings,cn=system,dc=
jewels,dc=local
GUID : E0260157-9085-41F7-8912-F1A02026A0A5
Type : 1 (SYSVOL)
USN Changed : 5685278
When Created : Wednesday, January 04, 2012 8:57:53 PM
When Changed : Wednesday, January 04, 2012 8:57:53 PM
CONTENT: CONTENT
DN : cn=content,cn=domain system volume,cn=dfsr-globalsettings,
cn=system,dc=jewels,dc=local
GUID : 776B3EE9-6FF6-4929-A0B5-DC1256C330FE
USN Changed : 5685279
When Created : Wednesday, January 04, 2012 8:57:53 PM
When Changed : Wednesday, January 04, 2012 8:57:53 PM
CONTENT SET: SYSVOL SHARE
DN : cn=sysvol share,cn=content,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
GUID : 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478
File Filter : (null)
Compression Excl : (null)
Dir Filter : DO_NOT_REMOVE_NtFrs_PreInstall_Directory,NtFrs_PreExisti
ng___See_EventLog
USN Changed : 5685280
When Created : Wednesday, January 04, 2012 8:57:53 PM
When Changed : Wednesday, January 04, 2012 8:57:53 PM
TOPOLOGY: TOPOLOGY
DN : cn=topology,cn=domain system volume,cn=dfsr-globalsettings
,cn=system,dc=jewels,dc=local
GUID : DB1E6BF2-9745-4B04-AD15-19E559502D4B
USN Changed : 5685281
When Created : Wednesday, January 04, 2012 8:57:53 PM
When Changed : Wednesday, January 04, 2012 8:57:53 PM
MEMBER: WIN2K8DC1
DN : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr
-globalsettings,cn=system,dc=jewels,dc=local
GUID : BCAFE60C-2DFF-4BC0-85A4-22F66C96B043
Server Ref : cn=ntds settings,cn=win2k8dc1,cn=servers,cn=default-firs
t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local
Computer Ref : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local
Keywords : (null)
Computer DNS : win2k8dc1.jewels.local
USN Changed : 5685293
When Created : Wednesday, January 04, 2012 8:58:32 PM
When Changed : Wednesday, January 04, 2012 8:58:32 PM
CXTION: D0736C4D-B39D-4521-B4AF-5D8B7E627280
DN : cn=d0736c4d-b39d-4521-b4af-5d8b7e627280,cn=ntds settin
gs,cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,
dc=jewels,dc=local
GUID : 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F
Inbound : true
Partner DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
USN Changed : 2830713
When Created : Wednesday, April 13, 2011 8:12:57 PM
When Changed : Friday, August 19, 2011 1:02:17 PM
CXTION: C21C575F-EEB2-44E9-A464-85E4833963B5
DN : cn=c21c575f-eeb2-44e9-a464-85e4833963b5,cn=ntds settin
gs,cn=win2k8dc2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,
dc=jewels,dc=local
GUID : F26BEC3F-1EB7-4002-BE66-6204485CDC8C
Inbound : false
Partner DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df
sr-globalsettings,cn=system,dc=jewels,dc=local
USN Changed : 4927588
When Created : Wednesday, April 13, 2011 8:12:40 PM
When Changed : Tuesday, December 13, 2011 9:41:33 PM
MEMBER: WIN2K8DC2
DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=dfsr
-globalsettings,cn=system,dc=jewels,dc=local
GUID : 1AF9DFAD-9793-4B3D-BE1B-5A497857C4E6
Server Ref : cn=ntds settings,cn=win2k8dc2,cn=servers,cn=default-firs
t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local
Computer Ref : cn=win2k8dc2,ou=domain controllers,dc=jewels,dc=local
Keywords : (null)
Computer DNS : win2k8dc2.jewels.local
USN Changed : 5685434
When Created : Wednesday, January 04, 2012 9:01:29 PM
When Changed : Wednesday, January 04, 2012 9:01:45 PM
Operation Succeeded
答案1
关于 SYSVOL 复制的 FRS - 该域是从 2003 开始升级的吗?除非您在升级后将其迁移到 DFS-R 复制,否则 SYSVOL 可能仍在使用 FRS 进行复制。
您可以使用SYSVOL 复制迁移指南将其从 FRS 移至 DFS-R
关于防火墙,仅仅因为它们在同一个本地网络上,本地 Windows 防火墙也可能阻止连接。