当没有本地 GC 时,Exchange Auth 会中断

当没有本地 GC 时,Exchange Auth 会中断

我在安装我们的服务器时遇到了一个问题,Exchange 2010除非将服务器配置为域控制器,否则客户端访问身份验证不起作用global catalogue

由于时间紧迫,我将其投入生产,但我现在真的需要修复它。我不知道问题可能出在哪里,也不知道如何识别问题。

我的问题是:

什么原因可能导致此问题?我该如何测试并修复它?

我确实不知道什么信息与这个问题相关但是;

服务器操作系统是Win 2008 R2,所有 DC 都相同。Exchange 服务器具有CASHub TransportMailbox Server角色。外部邮件由在 DMZ 中运行 Edge 角色的另一台 Exchange 2010 服务器接收。(这可以正常工作,并且 Edge 服务器不是 DC... 显然 ;) )

请告诉我可以添加哪些其他信息来改进此问题。我会尽快添加。

这是来自


dcsdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine DC2, is a Directory Server. 
   Home Server = DC2
   * Connecting to directory service on server DC2.
   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=domain,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=domain,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC3,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=MX1,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 3 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Brisbane\DC2
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... DC2 passed test Connectivity

Doing primary tests

   Testing server: Brisbane\DC2
      Starting test: Advertising
         The DC DC2 is advertising itself as a DC and having a DS.
         The DC DC2 is advertising as an LDAP server
         The DC DC2 is advertising as having a writeable directory
         The DC DC2 is advertising as a Key Distribution Center
         The DC DC2 is advertising as a time server
         The DS DC2 is advertising as a GC.
         ......................... DC2 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test 
         Skip the test because the server is running DFSR.
         ......................... DC2 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log. 
         ......................... DC2 passed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... DC2 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... DC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         Role Domain Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         Role PDC Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         Role Rid Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         ......................... DC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC DC2 on DC DC2.
         * SPN found :LDAP/DC2.corp.domain/corp.domain
         * SPN found :LDAP/DC2.corp.domain
         * SPN found :LDAP/DC2
         * SPN found :LDAP/DC2.corp.domain/corpdomain
         * SPN found :LDAP/ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ef6459ec-28d5-4ab4-85bc-778547782ce7/corp.domain
         * SPN found :HOST/DC2.corp.domain/corp.domain
         * SPN found :HOST/DC2.corp.domain
         * SPN found :HOST/DC2
         * SPN found :HOST/DC2.corp.domain/corpdomain
         * SPN found :GC/DC2.corp.domain/corp.domain
         ......................... DC2 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC DC2.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=corp,DC=domain
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=corp,DC=domain
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=corp,DC=domain
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=corp,DC=domain
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=corp,DC=domain
            (Domain,Version 3)
         ......................... DC2 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\DC2\netlogon
         Verified share \\DC2\sysvol
         ......................... DC2 passed test NetLogons
      Starting test: ObjectsReplicated
         DC2 is in domain DC=corp,DC=domain
         Checking for CN=DC2,OU=Domain Controllers,DC=corp,DC=domain in domain DC=corp,DC=domain on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain in domain CN=Configuration,DC=corp,DC=domain on 1 servers
            Object is up-to-date on all servers.
         ......................... DC2 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=corp,DC=domain
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=corp,DC=domain
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=corp,DC=domain
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=corp,DC=domain
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=corp,DC=domain
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... DC2 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 3102 to 1073741823
         * DC2.corp.domain is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1602 to 2101
         * rIDPreviousAllocationPool is 1602 to 2101
         * rIDNextRID: 1818
         ......................... DC2 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DC2 passed test Services
      Starting test: SystemLog
         * The System Event log test
         An error event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2013   13:15:51
            Event String:
            A Kerberos Error Message was received:
             on logon session 
             Client Time: 
             Server Time: 3:15:51.0000 3/19/2013 Z
             Error Code: 0xd KDC_ERR_BADOPTION
             Extended Error: 0xc00000bb KLIN(0)
             Client Realm: 
             Client Name: 
             Server Realm: CORP.domain
             Server Name: [email protected]
             Target Name: [email protected]@CORP.domain
             Error Text: 
             File: 9
             Line: f09
             Error Data is in record data.
         An error event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2013   13:30:51
            Event String:
            A Kerberos Error Message was received:
             on logon session 
             Client Time: 
             Server Time: 3:30:51.0000 3/19/2013 Z
             Error Code: 0xd KDC_ERR_BADOPTION
             Extended Error: 0xc00000bb KLIN(0)
             Client Realm: 
             Client Name: 
             Server Realm: CORP.domain
             Server Name: [email protected]
             Target Name: [email protected]@CORP.domain
             Error Text: 
             File: 9
             Line: f09
             Error Data is in record data.
         An error event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2013   13:45:52
            Event String:
            A Kerberos Error Message was received:
             on logon session 
             Client Time: 
             Server Time: 3:45:52.0000 3/19/2013 Z
             Error Code: 0xd KDC_ERR_BADOPTION
             Extended Error: 0xc00000bb KLIN(0)
             Client Realm: 
             Client Name: 
             Server Realm: CORP.domain
             Server Name: [email protected]
             Target Name: [email protected]@CORP.domain
             Error Text: 
             File: 9
             Line: f09
             Error Data is in record data.
         An error event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2013   13:53:46
            Event String:
            A Kerberos Error Message was received:
             on logon session 
             Client Time: 
             Server Time: 3:53:46.0000 3/19/2013 Z
             Error Code: 0x29 KRB_AP_ERR_MODIFIED
             Extended Error: 
             Client Realm: 
             Client Name: 
             Server Realm: CORP.domain
             Server Name: dc2$
             Target Name: 
             Error Text: 
             File: 3
             Line: 576
             Error Data is in record data.
         An error event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2013   14:00:52
            Event String:
            A Kerberos Error Message was received:
             on logon session 
             Client Time: 
             Server Time: 4:0:52.0000 3/19/2013 Z
             Error Code: 0xd KDC_ERR_BADOPTION
             Extended Error: 0xc00000bb KLIN(0)
             Client Realm: 
             Client Name: 
             Server Realm: CORP.domain
             Server Name: [email protected]
             Target Name: [email protected]@CORP.domain
             Error Text: 
             File: 9
             Line: f09
             Error Data is in record data.
         ......................... DC2 failed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=DC2,OU=Domain Controllers,DC=corp,DC=domain and
         backlink on
         CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         are correct. 
         The system object reference (serverReferenceBL)
         CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=corp,DC=domain
         and backlink on
         CN=NTDS Settings,CN=DC2,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=corp,DC=domain
         are correct. 
         The system object reference (msDFSR-ComputerReferenceBL)
         CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=corp,DC=domain
         and backlink on
         CN=DC2,OU=Domain Controllers,DC=corp,DC=domain are
         correct. 
         ......................... DC2 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.domain
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\DC2.corp.domain
         Locator Flags: 0xe00031fd
         PDC Name: \\DC2.corp.domain
         Locator Flags: 0xe00031fd
         Time Server Name: \\DC2.corp.domain
         Locator Flags: 0xe00031fd
         Preferred Time Server Name: \\DC2.corp.domain
         Locator Flags: 0xe00031fd
         KDC Name: \\DC2.corp.domain
         Locator Flags: 0xe00031fd
         ......................... corp.domain passed test
         LocatorCheck
      Starting test: Intersite
         Skipping site Brisbane, this site is outside the scope provided by the
         command line arguments provided. 
         ......................... corp.domain passed test Intersite

dcsdiag /测试:拓扑

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC2
   * Identified AD Forest. 
   Done gathering initial info.

Doing initial required tests

   Testing server: Brisbane\DC2
      Starting test: Connectivity
         ......................... DC2 passed test Connectivity

Doing primary tests

   Testing server: Brisbane\DC2
      Starting test: Topology
         ......................... DC2 passed test Topology


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : corp

   Running enterprise tests on : corp.domain

dcsdiag /测试:复制

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC2
   * Identified AD Forest. 
   Done gathering initial info.

Doing initial required tests

   Testing server: Brisbane\DC2
      Starting test: Connectivity
         ......................... DC2 passed test Connectivity

Doing primary tests

   Testing server: Brisbane\DC2
      Starting test: Replications
         ......................... DC2 passed test Replications


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : corp

   Running enterprise tests on : corp.domain

dnslint /ad 10.1.1.21 /s 10.1.1.21

DNSLint Report

System Date: Tue Mar 19 14:43:20 2013 

Command run: 

c:\dnslint\dnslint /ad 10.1.1.21 /s 10.1.1.21

Root of Active Directory Forest: 

    corp.domain

Active Directory Forest Replication GUIDs Found:

DC: DC2
GUID: ef6459ec-28d5-4ab4-85bc-778547782ce7

DC: DC3
GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346

DC: MX1
GUID: 579be28b-006e-4f1c-911a-780458c5d081


Total GUIDs found: 3

--------------------------------------------------------------------------------

The following 2 DNS servers were checked for records related to AD forest replication:

DNS server: dc2.corp.domain
IP Address: 10.1.1.21
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: dc2.corp.domain
Hostmaster: hostmaster.corp.domain
Zone serial number: 150
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
dc2.corp.domain Unknown
dc3.corp.domain Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
Alias: dc2.corp.domain
Glue: 10.1.1.21

CNAME: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346._msdcs.corp.domain
Alias: dc3.corp.domain
Glue: 10.1.1.22

CNAME: 579be28b-006e-4f1c-911a-780458c5d081._msdcs.corp.domain
Alias: mx1.corp.domain
Glue: 10.1.1.25


Total number of CNAME records found on this server: 3

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: dc3.corp.domain
IP Address: 10.1.1.22
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: dc3.corp.domain
Hostmaster: hostmaster.corp.domain
Zone serial number: 150
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
dc2.corp.domain Unknown
dc3.corp.domain Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: ef6459ec-28d5-4ab4-85bc-778547782ce7._msdcs.corp.domain
Alias: dc2.corp.domain
Glue: 10.1.1.21

CNAME: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346._msdcs.corp.domain
Alias: dc3.corp.domain
Glue: 10.1.1.22

CNAME: 579be28b-006e-4f1c-911a-780458c5d081._msdcs.corp.domain
Alias: mx1.corp.domain
Glue: 10.1.1.25


Total number of CNAME records found on this server: 3

Total number of CNAME records missing on this server: 0

dnscmd /zoneinfo 公司域名

Zone query result:

Zone info:
    ptr                   = 0000000000197AB0
    zone name             = corp.domain
    zone type             = 1
    shutdown              = 0
    paused                = 0
    update                = 2
    DS integrated         = 1
    read only zone        = 0
    in DS loading queue   = 0
    currently DS loading  = 0
    data file             = (null)
    using WINS            = 0
    using Nbstat          = 0
    aging                 = 0
      refresh interval    = 168
      no refresh          = 168
      scavenge available  = 0
    Zone Masters    NULL IP Array.
    Zone Secondaries    NULL IP Array.
    secure secs           = 1
    directory partition   = AD-Domain     flags 00000015
    zone DN               = DC=corp.domain,cn=MicrosoftDNS,DC=DomainDnsZones,DC=corp,DC=domain
Command completed successfully.

repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Brisbane\DC2
DSA Options: IS_GC 
Site Options: (none)
DSA object GUID: ef6459ec-28d5-4ab4-85bc-778547782ce7
DSA invocationID: d2eb9fee-f5ee-458d-b37f-813d6cc41d9b

==== INBOUND NEIGHBORS ======================================

DC=corp,DC=domain
    Brisbane\MX1 via RPC
        DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
        Last attempt @ 2013-03-19 14:58:35 was successful.
    Brisbane\DC3 via RPC
        DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
        Last attempt @ 2013-03-19 14:59:08 was successful.

CN=Configuration,DC=corp,DC=domain
    Brisbane\DC3 via RPC
        DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
        Last attempt @ 2013-03-19 14:55:31 was successful.
    Brisbane\MX1 via RPC
        DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
        Last attempt @ 2013-03-19 14:55:31 was successful.

CN=Schema,CN=Configuration,DC=corp,DC=domain
    Brisbane\DC3 via RPC
        DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
        Last attempt @ 2013-03-19 14:55:31 was successful.
    Brisbane\MX1 via RPC
        DSA object GUID: 579be28b-006e-4f1c-911a-780458c5d081
        Last attempt @ 2013-03-19 14:55:31 was successful.

DC=DomainDnsZones,DC=corp,DC=domain
    Brisbane\DC3 via RPC
        DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
        Last attempt @ 2013-03-19 14:55:31 was successful.

DC=ForestDnsZones,DC=corp,DC=domain
    Brisbane\DC3 via RPC
        DSA object GUID: 232f1e47-aa8e-44ae-8a19-6e1e5ecd6346
        Last attempt @ 2013-03-19 14:55:31 was successful.

repadmin/replsummary

Replication Summary Start Time: 2013-03-19 14:59:31

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 DC2                       12m:51s    0 /   8    0  
 DC3                       12m:51s    0 /   8    0  
 MX1                       11m:11s    0 /   6    0  


Destination DSA     largest delta    fails/total %%   error
 DC2                       04m:00s    0 /   8    0  
 DC3                       11m:11s    0 /   8    0  
 MX1                       12m:51s    0 /   6    0  

repadmin /kcc

Repadmin: running command /kcc against full DC localhost
Brisbane
Current Site Options: (none)
Consistency check on localhost successful.

Netdom -查询 fsmo

Schema master               DC2.corp.domain
Domain naming master        DC2.corp.domain
PDC                         DC2.corp.domain
RID pool manager            DC2.corp.domain
Infrastructure master       DC2.corp.domain
The command completed successfully.

答案1

Exchange 2010 服务器需要在同一站点中具有 GC 的域控制器。

此外,不建议在域控制器上运行 Exchange。而且你绝对不能将 Exchange 服务器升级为域控制器。

根据您的描述,您违反了至少两条规则,甚至违反了全部三条规则。

答案2

提供的解决方案阿什德鲁内斯


安装 Exchange 后,不支持在服务器上运行 dcpromo。安装 Exchange 后,也不支持从 std 到 ent 的就地升级。您必须卸载 Exchange 或执行 Exchange 的灾难恢复安装 (setup.com /recoverserver)。

http://technet.microsoft.com/en-us/library/aa996719(v=exchg.141).aspx

在目录服务器上安装 Exchange 2010

出于安全和性能方面的考虑,我们建议您仅在成员服务器上安装 Exchange 2010,而不在 Active Directory 目录服务器上安装。但是,您无法在运行 Exchange 2010 的计算机上运行 DCPromo。安装 Exchange 2010 后,不支持将其角色从成员服务器更改为目录服务器,反之亦然。

相关内容