我有一个 DC (FQDN:server.icmcpk.local) 和一个 ADC (FQDN:file-server.icmcpk.local)。最近我的 DC 遇到了坏扇区问题,因此我将全部五个角色的操作主机更改为文件服务器。但每当我关闭旧 DC 时,文件服务器也会停止与 AD 和 GPMC 的协作,而且我也无法将任何其他计算机加入此域。
为了测试目的,我还添加了一个新的 ADC(FQDN:wds-server.icmcpk.local),但是在关闭旧 DC 的情况下没有成功,我不得不打开旧 DC 然后加入它。
我正在附加所有三台服务器的 Dcdiag。
请帮助我,以便我能够重新安装新的硬盘并再次上网。
---------------------------------------
Server
---------------------------------------
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER failed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x80001778
Time Generated: 05/04/2012 14:05:39
Event String: The previous system shutdown at 1:26:31 PM on
An Error Event occured. EventID: 0x825A0011
Time Generated: 05/04/2012 14:07:45
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:13:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:16:14
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:16:14
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0x825A0011
Time Generated: 05/04/2012 14:22:57
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:22:59
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:22:59
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Generate Activation Context failed for
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : icmcpk
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Running enterprise tests on : icmcpk.local
Starting test: Intersite
......................... icmcpk.local passed test Intersite
Starting test: FsmoCheck
......................... icmcpk.local passed test FsmoCheck
----------------------
File-Server
----------------------
C:\Users\Administrator.ICMCPK>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = FILE-SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FILE-SERVER
Starting test: Connectivity
......................... FILE-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FILE-SERVER
Starting test: Advertising
Warning: DsGetDcName returned information for \\Server.icmcpk.local,
when we were trying to reach FILE-SERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... FILE-SERVER failed test Advertising
Starting test: FrsEvent
......................... FILE-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... FILE-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... FILE-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... FILE-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... FILE-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... FILE-SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=icmcpk,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=icmcpk,DC=local
......................... FILE-SERVER failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\FILE-SERVER\netlogon)
[FILE-SERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... FILE-SERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... FILE-SERVER passed test ObjectsReplicated
Starting test: Replications
......................... FILE-SERVER passed test Replications
Starting test: RidManager
......................... FILE-SERVER passed test RidManager
Starting test: Services
......................... FILE-SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000469
Time Generated: 05/04/2012 14:01:10
Event String:
The processing of Group Policy failed because of lack of network con
nectivity to a domain controller. This may be a transient condition. A success m
essage would be generated once the machine gets connected to the domain controll
er and Group Policy has succesfully processed. If you do not see a success messa
ge for several hours, then contact your administrator.
An Warning Event occurred. EventID: 0x8000A001
Time Generated: 05/04/2012 14:07:11
Event String:
The Security System could not establish a secured connection with th
e server ldap/icmcpk.local/[email protected]. No authentication protocol
was available.
An Warning Event occurred. EventID: 0x00000BBC
Time Generated: 05/04/2012 14:30:34
Event String:
Windows Defender Real-Time Protection agent has detected changes. Mi
crosoft recommends you analyze the software that made these changes for potentia
l risks. You can use information about how these programs operate to choose whet
her to allow them to run or remove them from your computer. Allow changes only
if you trust the program or the software publisher. Windows Defender can't undo
changes that you allow.
An Warning Event occurred. EventID: 0x00000BBC
Time Generated: 05/04/2012 14:30:36
Event String:
Windows Defender Real-Time Protection agent has detected changes. Mi
crosoft recommends you analyze the software that made these changes for potentia
l risks. You can use information about how these programs operate to choose whet
her to allow them to run or remove them from your computer. Allow changes only
if you trust the program or the software publisher. Windows Defender can't undo
changes that you allow.
......................... FILE-SERVER failed test SystemLog
Starting test: VerifyReferences
......................... FILE-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : icmcpk
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Running enterprise tests on : icmcpk.local
Starting test: LocatorCheck
......................... icmcpk.local passed test LocatorCheck
Starting test: Intersite
......................... icmcpk.local passed test Intersite
---------------------
WDS-Server
---------------------
C:\Users\Administrator.ICMCPK>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WDS-SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WDS-SERVER
Starting test: Connectivity
......................... WDS-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WDS-SERVER
Starting test: Advertising
Warning: DsGetDcName returned information for \\Server.icmcpk.local,
when we were trying to reach WDS-SERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... WDS-SERVER failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WDS-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... WDS-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... WDS-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... WDS-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WDS-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WDS-SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=icmcpk,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=icmcpk,DC=local
......................... WDS-SERVER failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\WDS-SERVER\netlogon)
[WDS-SERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... WDS-SERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... WDS-SERVER passed test ObjectsReplicated
Starting test: Replications
......................... WDS-SERVER passed test Replications
Starting test: RidManager
......................... WDS-SERVER passed test RidManager
Starting test: Services
......................... WDS-SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x0000041E
Time Generated: 05/04/2012 14:02:55
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 05/04/2012 14:08:33
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name Sysytem (DNS) is configured and working correctly.
......................... WDS-SERVER failed test SystemLog
Starting test: VerifyReferences
......................... WDS-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : icmcpk
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Running enterprise tests on : icmcpk.local
Starting test: LocatorCheck
......................... icmcpk.local passed test LocatorCheck
Starting test: Intersite
......................... icmcpk.local passed test Intersite
答案1
如果我不得不猜测的话,我会说你的 DNS 基础设施可能出了问题。
最简单的方法是在所有三个域控制器上运行 DNS。将 127.0.0.1 作为每个 DC 列表中的最后一个条目,并将其他两个 DC 列在其前面。
确保您的客户端配置为使用至少其中两个,最好更多。
答案2
ForestDNSZones 和 DomainDNSZones 都有自己的 FSMO 角色持有者,这些角色持有者很可能也在旧 DC 上。请参阅此处的文章:http://msmvps.com/blogs/ulfbsimonweidner/archive/2008/07/31/how-many-infrastructure-masters-do-you-have.aspx