在 Windows 2008 R2 服务器上,在事件查看器中的“应用程序和服务日志”>“目录服务”下
我每小时收到两次以下错误:
Invocation ID of source directory server:
227ee97b-3a70-49b9-acdc-afb2ecb6a872
Name of source directory server:
c92d88b9-2d7d-555b-9cf5-973e98c76226._msdcs.subdomain.domain.com
Tombstone lifetime (days):
180
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
尽管出现此错误,但两个域控制器之间“我需要的所有东西”的复制似乎运行正常。例如,我已验证以下内容正在复制:
1) Adding a new computer to the domain
2) Adding a new user to the domain
3) Deleting a user from the domain
4) Deleting a computer from the domain
如果我在一个域控制器上执行上述任何任务,另一个域控制器几乎会立即显示更改。这是我对复制成功的理解。
但是我每小时都会收到两次上述错误。这两个域控制器的离线时间都不超过 30 分钟,并且它们的时钟完全同步。
我无法理解真正导致这种情况的原因,因为它所述内容似乎并不真实。
我逐个对象地检查了这两个目录,发现它们似乎是相同的。错误提示不允许复制,但我发现复制确实以各种实际方式进行。
我看到的唯一错误是错误警报本身。我错过了什么?到底发生了什么?