DC2(虚拟机)未同步到 DC1(物理服务器)。在 DC2 上我得到:
PS C:\> w32tm /query /source
Local CMOS Clock
我必须做什么才能使 DC2 同步到 DC1 作为其时间源?
背景: 我必须更换 DC1,它是我的操作主机。没有机会优雅地降级 DC1;它只是从域中消失了。当我成功重新创建 DC1 时,DC2 是操作主机。AD DS 正确复制,我将 fsmo 角色转移到新的 DC1,并将 DC1 设置为“0.us.pool.ntp.org”。DC1 返回一个好的条形图。我再次确认所有 fsmo 角色都设置为 DC1。我已确认 DC2 的 Hyper-V 集成服务未选中时间同步。
我花了一些时间研究这个问题,但到目前为止还没有找到将 DC2 从其 CMOS 时钟移开的 w32tm 序列/命令。此时我需要一点帮助或提醒如何做到这一点。
在初始帖子后添加:我确实发现了以下 DC2 dcdiag 错误:
Starting test: Advertising
Warning: VSVR-WBC-DC02 is not advertising as a time server.
......................... VSVR-WBC-DC02 failed test Advertising
A warning event occurred. EventID: 0x00000081
Time Generated: 12/27/2018 14:50:05
Event String:
NtpClient was unable to set a domain peer to use as a time source
because of discovery error. NtpClient will
try again in 15 minutes and double the reattempt interval thereafter.
The error was: The entry is not found. (0x800706E1)
Running enterprise tests on : wbc.local
Starting test: LocatorCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
A Good Time Server could not be located.
......................... wbc.local failed test LocatorCheck
DC1 dcdiag 错误:
Starting test: Advertising
Warning: DsGetDcName returned information for \\vsvr-wbc-dc02.wbc.local,
when we were trying to reach SVR-WBC-DC01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SVR-WBC-DC01 failed test Advertising
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SVR-WBC-DC01\netlogon)
[SVR-WBC-DC01] An net use or LsaPolicy operation failed with error
67, The network name cannot be found..
Starting test: SystemLog
A warning event occurred. EventID: 0x0000002F
Time Generated: 12/27/2018 14:56:32
Event String:
Time Provider NtpClient: No valid response has been received from
manually configured peer 0.us.pool.ntp.org
after 8 attempts to contact it. This peer will be discarded as a
time source and NtpClient will attempt to discover a new peer
with this DNS name. The error was: The peer is unreachable.
Running enterprise tests on : wbc.local
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... wbc.local failed test LocatorCheck
答案1
这个答案解决了我的问题,但它不一定是其他人发布问题的直接答案。我提供这个答案是因为另一个人可能会带着同样的问题来到这里,但事实上,问题完全不同,正如 Greg Askew 的第一条评论所表明的那样。
对我来说,真正的问题是 SYSVOL 和 NETLOGON 共享不存在于新域控制器上,我应该尽早检查这一点 - 这是一个愚蠢的错误。可以在 power shell 中看到:
PS C:\>net share
当这些卷不存在时,问题就更大了。在我的例子中,DCDIAG 报告广告失败,这太笼统了,无法准确指出问题所在。
我的特殊问题解决了强制对 DFSR 复制的 SYSVOL 进行权威同步根据这个Microsoft 支持页面。
对我来说,过去失败的广告是由于 PDC 时间源无法正常工作造成的。那次经历让我对本案问题的性质妄下结论,但这个结论是错误的。
如果 PDC 时间源存在问题,则ServerFault 帖子可能有价值。
因为我突然删除了我的一个域控制器,但没有进行优雅降级,所以我还需要清理元数据。虽然我在Active Directory 用户和计算机,并且Active Directory 站点和计算机,我没能做到这一点DNS. 我的清洁经验DNS丢失的域控制器遍布各地DNS我必须遍历每个子树来查找对旧控制器的引用,有时仅通过 IP 或其他数字标识,因为旧域服务器名称已在某些 DNS 条目中丢失。
感谢上面评论的人为我指明了正确的方向。