Active-Directory
Server 2008 R2 DC 之間的 Sysvol 複製中斷
我們最近在另一個站點向我們的網路添加了第二個 DC。DC 似乎沒有任何困難通過網路進行通信,並且 AD 對象(使用者、電腦等)正在正確同步。但是,組策略不是。檢查
C:\Windows\SYSVOL\domain新 DC 上的文件夾顯示它是空的,而在舊 DC 上它包含Policies和scripts文件夾及其相關內容。但是,
dcdiag沒有顯示任何明顯的錯誤提示(參見下面的輸出),並且 DFSR 似乎認為它正在正確複製,根據dfsradmin backlog.dfsrdiag replicationstate顯示沒有活動連接,但我不確定這是否正常;dfsradmin membership list顯示兩個 DC。有沒有人有任何想法?我幾乎無計可施。如果不是因為這樣做涉及許多權限問題,我什至會嘗試手動複製策略。
dcdiag輸出:C:\Windows\system32>dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = HACTAR * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Saturn\HACTAR Starting test: Connectivity ......................... HACTAR passed test Connectivity Doing primary tests Testing server: Saturn\HACTAR Starting test: Advertising ......................... HACTAR passed test Advertising Starting test: FrsEvent ......................... HACTAR passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... HACTAR failed test DFSREvent Starting test: SysVolCheck ......................... HACTAR passed test SysVolCheck Starting test: KccEvent ......................... HACTAR passed test KccEvent Starting test: KnowsOfRoleHolders ......................... HACTAR passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... HACTAR passed test MachineAccount Starting test: NCSecDesc ......................... HACTAR passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\HACTAR\netlogon) [HACTAR] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... HACTAR failed test NetLogons Starting test: ObjectsReplicated ......................... HACTAR passed test ObjectsReplicated Starting test: Replications ......................... HACTAR passed test Replications Starting test: RidManager ......................... HACTAR passed test RidManager Starting test: Services ......................... HACTAR passed test Services Starting test: SystemLog An error event occurred. EventID: 0x00000422 Time Generated: 10/10/2014 14:39:05 Event String: The processing of Group Policy failed. Windows attempted to read the file \\bistromath.domains.h2g2.local\sysvol\bistromath.domains.h2g2.local\Polic ies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: [snip: many identical log entries] ......................... HACTAR failed test SystemLog Starting test: VerifyReferences ......................... HACTAR passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : bistromath Starting test: CheckSDRefDom ......................... bistromath passed test CheckSDRefDom Starting test: CrossRefValidation ......................... bistromath passed test CrossRefValidation Running enterprise tests on : bistromath.domains.h2g2.local Starting test: LocatorCheck ......................... bistromath.domains.h2g2.local passed test LocatorCheck Starting test: Intersite ......................... bistromath.domains.h2g2.local passed test Intersite
dfsrdiag backlog:C:\Windows\system32>dfsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /smem:queeg /rmem:hactar No Backlog - member <hactar> is in sync with partner <queeg>
dfsrdiag replicationstate:C:\Windows\system32>dfsrdiag replicationstate Summary Active inbound connections: 0 Updates received: 0 Active outbound connections: 0 Updates sent out: 0
dfsradmin membership list:C:\Windows\system32>dfsradmin membership list /rgname:"Domain System Volume" MemName RfName LocalPath StagingPath StagingSize HACTAR SYSVOL Share C:\Windows\SYSVOL\domain C:\Windows\SYSVOL\staging areas\bistromath.domains.h2g2.local 4096 QUEEG SYSVOL Share C:\Windows\SYSVOL\domain C:\Windows\SYSVOL\staging areas\bistromath.domains.h2g2.local 4096
最終,我通過降級新 DC 解決了這個問題,將它作為一個簡單的成員保留了幾天,然後重新升級它(以便執行額外的測試)。重新提升它會導致新控制器正確複製以前失去的文件,從而使測試有些多餘。
但是,我應該注意,我之前確實嘗試過降級和重新提升新 DC,但無濟於事。可能是長時間不進行 DFS 複製導致某種形式的超時;鑑於缺乏明確的數據,這是我對如何排序的最佳猜測。
我知道這是一個老問題,但在將新的 Windows 2016 VM 推廣為新的 DC 後,我遇到了同樣的問題。Google把我帶到了這裡。
以下是我學到的,希望對其他人有所幫助:
如果您的任何 DC 正在使用 VSS 進行備份,VSS 會暫停 DFSR。這很正常。記錄的事件可能會導致 DCDIAG 抱怨。
您可能會看到一些點擊,例如“清除 DFS 事件日誌並再次執行 DCDIAG”。如果您清除了日誌,DCDIAG 確實不會抱怨 DFSR,但這當然是作弊。
最終,您需要驗證 DFS 複製實際上是否正在進行。
執行此操作的官方方法是在 DFS 管理工具中(系統管理器 | 工具 | DFS 管理)
在 DSF 管理中:
- 在左側操作疼痛中,點擊創建診斷報告
- 選擇Propagation Test,通過嚮導開始測試
- 幾個小時後(您的時間間隔可能會有所不同;三個 DC 的時間間隔是 1.6 小時),返回 DFS 管理並再次點擊創建診斷報告
- 選擇傳播報告,並生成報告。
該報告將在您的預設瀏覽器中打開,並指示傳播是否有效以及花費了多長時間。