Windows-Server-2008
Server 2008 DFS 複製問題
我的網路上有兩個域控制器,win2k8dc1 和 win2k8dc2。
我遇到了 DFS 複製無法與複製夥伴通信的事件日誌錯誤。此事件記錄在 DC2 上:
DFS 複製服務無法與複製組域系統卷的合作夥伴 WIN2K8DC1 通信。合作夥伴無法辨識連接或複制組配置。
合作夥伴 DNS 地址:WIN2K8DC1.JEWELS.LOCAL 可選數據(如果有):合作夥伴 WINS 地址:WIN2K8DC1 合作夥伴 IP 地址:192.168.1.254 服務將定期重試連接。附加資訊:錯誤:9026(連接無效)連接 ID:F26BEC3F-1EB7-4002-BE66-6204485CDC8C 複製組 ID:E0260157-9085-41F7-8912-F1A02026A0A5
這些錯誤不會在 DC1 上生成。兩台機器都可以通過 ip、fqdn 和 a 記錄 ping。
活動目錄似乎複製得很好。如果在一台伺服器上創建了對像或 ou,則會將其複製到第二台伺服器。DNS複製似乎也很好。
執行 DCDIAG 我收到以下錯誤:
Starting test: DFSREvent The DFS Replication Event Log. There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. An error event occurred. EventID: 0xC0001394 Time Generated: 01/04/2012 17:00:45 Event String: The DFS Replication service failed to communicate with partner WIN2K8DC2 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration. Partner DNS Address: WIN2K8DC2.JEWELS.LOCAL Optional data if available: Partner WINS Address: WIN2K8DC2 Partner IP Address: 192.168.1.253 The service will retry the connection periodically. Additional Information: Error: 9026 (The connection is invalid) Connection ID: 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F Replication Group ID: E0260157-9085-41F7-8912-F1A02026A0A5 An error event occurred. EventID: 0xC0001394 Time Generated: 01/05/2012 03:00:42 ......................... WIN2K8DC1 failed test DFSREvent我檢查了域控制器的屬性:msDFSR-ComputerReferenceBL。每個 DC 都有一個 CN 等於自身的值。msDFSR-MemberReferenceBL 值為空。我無法手動編輯這兩個值中的任何一個。
DCDIAG 輸出中的另一個錯誤是 NCSecDesc 測試,在研究時說如果我不使用 RODC 則忽略。兩台伺服器均未通過此測試。
兩台伺服器都有一個 DCOM 錯誤報告,表明 DCOM 無法使用任何配置的協議與電腦通信。但是,我可以 ping 出轉發器的 IP。
所有 DNS 測試結果均通過 dcdiag。
我執行的 dcdiag 屬性是:dcdiag /v /c /d /e /s:win2k8dc1 > c:\dcdiag.txt和 win2k8dc2 上的相同。
FRSDiag 實用程序在 DC1 上返回以下錯誤:
Checking for errors in debug logs ... ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3580: 904: S0: 12:33:01> :SR: Cmd 00388bb0, CxtG f26bec3f, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (544) [SndFail - Send Penalty] ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 260: 877: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (376) [SndFail - rpc call] ERROR on NtFrs_0004.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 260: 904: S0: 12:33:01> :SR: Cmd 00388130, CxtG 04854e9e, WS ERROR_ACCESS_DENIED, To WIN2K8DC1.JEWELS.LOCAL Len: (376) [SndFail - Send Penalty] Found 8 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above ......... failed with 8 error entries當嘗試從 DC1 對 DC2 執行 FRSDiag 時,我收到以下錯誤:
Processing ntfrsutl ds....NTFRSUTL ERROR - Cannot RPC to computer, win2k8dc2; 000006d9 (1753)... Make sure you are logged on as a Domain Admin! Skipping!我開始感到難過,因為這超出了我的想像。在我繼續下一步之前想在這裡檢查一下並聯繫 MS AD 技術支持..
補充:UAC 已關閉。兩台伺服器上都沒有防火牆。功能級別是 windows server 2008。
dfsrdiag dumpadcfg 輸出:
LDAP Bind : WIN2K8DC1.JEWELS.LOCAL SitesDn : cn=sites,cn=configuration,dc=jewels,dc=local ServicesDn : cn=services,cn=configuration,dc=jewels,dc=local SystemDn : cn=system,DC=JEWELS,DC=LOCAL DefaultNcDn : DC=JEWELS,DC=LOCAL ComputersDn : cn=computers,DC=JEWELS,DC=LOCAL DomainCtlDn : ou=domain controllers,DC=JEWELS,DC=LOCAL SchemaDn : CN=Schema,CN=Configuration,DC=JEWELS,DC=LOCAL COMPUTER: WIN2K8DC1 DN : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local GUID : 53A64969-227C-40AA-BD93-3C46782765DA DNS : win2k8dc1.jewels.local Server BL : cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn =configuration,dc=jewels,dc=local Server Ref : (null) USN Changed : 5682458 When Created : Tuesday, August 10, 2010 3:02:33 PM When Changed : Wednesday, January 04, 2012 6:30:57 PM LOCAL SETTINGS: DFSR-LOCALSETTINGS DN : cn=dfsr-localsettings,cn=win2k8dc1,ou=domain controllers,dc= jewels,dc=local GUID : 6EE6D3C7-09C4-4A9E-BFCF-A4D5CE129320 Version : 1.0.0.0 USN Changed : 5685331 When Created : Wednesday, January 04, 2012 8:58:32 PM When Changed : Wednesday, January 04, 2012 9:00:49 PM SUBSCRIBER: DOMAIN SYSTEM VOLUME DN : cn=domain system volume,cn=dfsr-localsettings,cn=win2k8dc1 ,ou=domain controllers,dc=jewels,dc=local GUID : 2C9380BE-39BE-49C9-87CA-82AA8483A5C8 Member Ref : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr-g lobalsettings,cn=system,dc=jewels,dc=local USN Changed : 5685297 When Created : Wednesday, January 04, 2012 8:58:33 PM When Changed : Wednesday, January 04, 2012 8:58:33 PM SUBSCRIPTION: SYSVOL SUBSCRIPTION DN : cn=sysvol subscription,cn=domain system volume,cn=dfsr-l ocalsettings,cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local GUID : 3A9F879D-CB16-4484-8F22-703B8ACF3B11 ContentSetGuid: 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478 Root Path : c:\windows\sysvol_dfsr\domain Root Size : (null) (MB) Staging Path : (null) Staging Size : (null) (MB) Conflict Path : (null) Conflict Size : (null) (MB) USN Changed : 5685489 When Created : Wednesday, January 04, 2012 8:58:33 PM When Changed : Wednesday, January 04, 2012 9:05:34 PM GLOBAL SETTINGS: DFSR-GLOBALSETTINGS DN : cn=dfsr-globalsettings,cn=system,dc=jewels,dc=local GUID : 30E9760E-6020-4DFD-A975-134F2C809A4D USN Changed : 5685310 When Created : Wednesday, January 04, 2012 8:57:53 PM When Changed : Wednesday, January 04, 2012 8:59:39 PM REPLICATION GROUP: DOMAIN SYSTEM VOLUME DN : cn=domain system volume,cn=dfsr-globalsettings,cn=system,dc= jewels,dc=local GUID : E0260157-9085-41F7-8912-F1A02026A0A5 Type : 1 (SYSVOL) USN Changed : 5685278 When Created : Wednesday, January 04, 2012 8:57:53 PM When Changed : Wednesday, January 04, 2012 8:57:53 PM CONTENT: CONTENT DN : cn=content,cn=domain system volume,cn=dfsr-globalsettings, cn=system,dc=jewels,dc=local GUID : 776B3EE9-6FF6-4929-A0B5-DC1256C330FE USN Changed : 5685279 When Created : Wednesday, January 04, 2012 8:57:53 PM When Changed : Wednesday, January 04, 2012 8:57:53 PM CONTENT SET: SYSVOL SHARE DN : cn=sysvol share,cn=content,cn=domain system volume,cn=df sr-globalsettings,cn=system,dc=jewels,dc=local GUID : 0E31CFFA-FCD2-4A5D-8739-9277B0EF8478 File Filter : (null) Compression Excl : (null) Dir Filter : DO_NOT_REMOVE_NtFrs_PreInstall_Directory,NtFrs_PreExisti ng___See_EventLog USN Changed : 5685280 When Created : Wednesday, January 04, 2012 8:57:53 PM When Changed : Wednesday, January 04, 2012 8:57:53 PM TOPOLOGY: TOPOLOGY DN : cn=topology,cn=domain system volume,cn=dfsr-globalsettings ,cn=system,dc=jewels,dc=local GUID : DB1E6BF2-9745-4B04-AD15-19E559502D4B USN Changed : 5685281 When Created : Wednesday, January 04, 2012 8:57:53 PM When Changed : Wednesday, January 04, 2012 8:57:53 PM MEMBER: WIN2K8DC1 DN : cn=win2k8dc1,cn=topology,cn=domain system volume,cn=dfsr -globalsettings,cn=system,dc=jewels,dc=local GUID : BCAFE60C-2DFF-4BC0-85A4-22F66C96B043 Server Ref : cn=ntds settings,cn=win2k8dc1,cn=servers,cn=default-firs t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local Computer Ref : cn=win2k8dc1,ou=domain controllers,dc=jewels,dc=local Keywords : (null) Computer DNS : win2k8dc1.jewels.local USN Changed : 5685293 When Created : Wednesday, January 04, 2012 8:58:32 PM When Changed : Wednesday, January 04, 2012 8:58:32 PM CXTION: D0736C4D-B39D-4521-B4AF-5D8B7E627280 DN : cn=d0736c4d-b39d-4521-b4af-5d8b7e627280,cn=ntds settin gs,cn=win2k8dc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration, dc=jewels,dc=local GUID : 04854E9E-07E3-4A3E-BA6C-F3FBAB67B21F Inbound : true Partner DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df sr-globalsettings,cn=system,dc=jewels,dc=local USN Changed : 2830713 When Created : Wednesday, April 13, 2011 8:12:57 PM When Changed : Friday, August 19, 2011 1:02:17 PM CXTION: C21C575F-EEB2-44E9-A464-85E4833963B5 DN : cn=c21c575f-eeb2-44e9-a464-85e4833963b5,cn=ntds settin gs,cn=win2k8dc2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration, dc=jewels,dc=local GUID : F26BEC3F-1EB7-4002-BE66-6204485CDC8C Inbound : false Partner DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=df sr-globalsettings,cn=system,dc=jewels,dc=local USN Changed : 4927588 When Created : Wednesday, April 13, 2011 8:12:40 PM When Changed : Tuesday, December 13, 2011 9:41:33 PM MEMBER: WIN2K8DC2 DN : cn=win2k8dc2,cn=topology,cn=domain system volume,cn=dfsr -globalsettings,cn=system,dc=jewels,dc=local GUID : 1AF9DFAD-9793-4B3D-BE1B-5A497857C4E6 Server Ref : cn=ntds settings,cn=win2k8dc2,cn=servers,cn=default-firs t-site-name,cn=sites,cn=configuration,dc=jewels,dc=local Computer Ref : cn=win2k8dc2,ou=domain controllers,dc=jewels,dc=local Keywords : (null) Computer DNS : win2k8dc2.jewels.local USN Changed : 5685434 When Created : Wednesday, January 04, 2012 9:01:29 PM When Changed : Wednesday, January 04, 2012 9:01:45 PM Operation Succeeded
關於 SYSVOL 複製的 FRS - 此域是否從 2003 年升級?SYSVOL 可能仍在使用 FRS 進行複制,除非您在升級後將其遷移到 DFS-R 複製。
您可以使用SYSVOL 複製遷移指南將其從 FRS 移動到 DFS-R
關於防火牆,僅僅因為它們在同一個本地網路上,本地windows防火牆也可能阻塞連接。