我最近在我们的域控制器上进行了域重命名。我们从 .local 切换到我们的域名,因为我们计划很快实施 365。切换过程中,一切都进展顺利。我按照说明使用 rendom/netdom/gpfixup。不起作用的是 gpfixup。当我运行这些命令时,它们完成时没有错误并输出“成功”,但是,它没有对 GP 中的域名/计算机名称进行任何更改。我最终选择了“从此控制台删除域”选项,然后我清理了磁盘并在新域名下重新设置了 GP。使用此设置,它具有所有新的更新信息。我无法执行 gpupdate。我收到以下错误。
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
我已经验证了 DNS,它看起来解析得很好,特别是因为 DNS 服务器与我尝试更新 GP 的同一台机器(DC)上。如果您有任何建议,请告诉我。提前谢谢您。
以下是为帮助解决问题而出现的其他事件。
The Security System could not establish a secured connection with the server cifs/netbios/netbios@netbios. No authentication protocol was available.
The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: No mapping between account names and security IDs was done.
Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.
Name resolution for the name _ldap._tcp.dc._msdcs.domain.name. timed out after none of the configured DNS servers responded.
The WinRM service failed to create the following SPNs: WSMAN/computername.domain.name; WSMAN/computername.
Additional Data
The error received was 1355: %%1355.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3d2d9bff-819e-4ab8-a78c-eff1aa57e779}
答案1
您提到的所有问题都只出现在同一台TERMSRV
计算机上吗?它们看起来像是权限相关的问题。
您是否检查过是否可以从该计算机登录域?您是否可以从该计算机访问任何共享资源?
如果这些测试不成功,请将计算机重新加入域并重试。