|
проблема с репликацией после востановления DC из образа
Добрый день... сегодня совершил ужасную глупость. Востановил один конетролер домена SA01(из двух. второй f-server) с помощью акроникса. В итоге получаю ошибки при dcdiag на основном.... репликация не происходит(пишет что сервер отвергает запросы на репликацию). Что посоветуете?
Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SA01 Starting test: Connectivity ......................... SA01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SA01 Starting test: Replications [Replications Check,SA01] Inbound replication is disabled. To correct, run "repadmin /options SA01 -DISABLE_INBOUND_REPL" [Replications Check,SA01] Outbound replication is disabled. To correct, run "repadmin /options SA01 -DISABLE_OUTBOUND_REPL" ......................... SA01 failed test Replications Starting test: NCSecDesc ......................... SA01 passed test NCSecDesc Starting test: NetLogons ......................... SA01 passed test NetLogons Starting test: Advertising Warning: DsGetDcName returned information for \\F-SERVER.samauto.local, when we were trying to reach SA01. Server is not responding or is not considered suitable. ......................... SA01 failed test Advertising Starting test: KnowsOfRoleHolders ......................... SA01 passed test KnowsOfRoleHolders Starting test: RidManager ......................... SA01 passed test RidManager Starting test: MachineAccount ......................... SA01 passed test MachineAccount Starting test: Services NETLOGON Service is paused on [SA01] ......................... SA01 failed test Services Starting test: ObjectsReplicated ......................... SA01 passed test ObjectsReplicated Starting test: frssysvol ......................... SA01 passed test frssysvol Starting test: frsevent ......................... SA01 passed test frsevent Starting test: kccevent An Error Event occured. EventID: 0xC025082F Time Generated: 12/02/2009 23:14:34 (Event String could not be retrieved) An Warning Event occured. EventID: 0x80000459 Time Generated: 12/02/2009 23:14:34 (Event String could not be retrieved) An Warning Event occured. EventID: 0x8000045B Time Generated: 12/02/2009 23:14:34 (Event String could not be retrieved) An Error Event occured. EventID: 0xC00006A3 Time Generated: 12/02/2009 23:14:34 (Event String could not be retrieved) ......................... SA01 failed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:29:12 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:29:15 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:56:39 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:56:40 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000455 Time Generated: 12/02/2009 22:56:48 (Event String could not be retrieved) ......................... SA01 failed test systemlog Starting test: VerifyReferences ......................... SA01 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : samauto Starting test: CrossRefValidation ......................... samauto passed test CrossRefValidation Starting test: CheckSDRefDom ......................... samauto passed test CheckSDRefDom Running enterprise tests on : samauto.local Starting test: Intersite ......................... samauto.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. ......................... samauto.local failed test FsmoCheck на втором (f-server) Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\F-SERVER Starting test: Connectivity ......................... F-SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\F-SERVER Starting test: Replications [Replications Check,F-SERVER] A recent replication attempt failed: From SA01 to F-SERVER Naming Context: DC=ForestDnsZones,DC=samauto,DC=local The replication generated an error (8456): ?б室*л© бҐаўҐа ў **бв®пйЁ© ¬®¬Ґ*⠮⢥аЈ*Ґв §*Їа®бл ** ९«ЁЄ*жЁо. The failure occurred at 2009-12-02 22:59:44. The last success occurred at 2009-12-02 21:59:44. 1 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,F-SERVER] A recent replication attempt failed: From SA01 to F-SERVER Naming Context: DC=DomainDnsZones,DC=samauto,DC=local The replication generated an error (8456): ?б室*л© бҐаўҐа ў **бв®пйЁ© ¬®¬Ґ*⠮⢥аЈ*Ґв §*Їа®бл ** ९«ЁЄ*жЁо. The failure occurred at 2009-12-02 22:59:44. The last success occurred at 2009-12-02 21:59:44. 4 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,F-SERVER] A recent replication attempt failed: From SA01 to F-SERVER Naming Context: CN=Schema,CN=Configuration,DC=samauto,DC=local The replication generated an error (8456): ?б室*л© бҐаўҐа ў **бв®пйЁ© ¬®¬Ґ*⠮⢥аЈ*Ґв §*Їа®бл ** ९«ЁЄ*жЁо. The failure occurred at 2009-12-02 22:59:44. The last success occurred at 2009-12-02 21:59:44. 1 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,F-SERVER] A recent replication attempt failed: From SA01 to F-SERVER Naming Context: CN=Configuration,DC=samauto,DC=local The replication generated an error (8456): ?б室*л© бҐаўҐа ў **бв®пйЁ© ¬®¬Ґ*⠮⢥аЈ*Ґв §*Їа®бл ** ९«ЁЄ*жЁо. The failure occurred at 2009-12-02 23:14:49. The last success occurred at 2009-12-02 21:59:44. 8 failures have occurred since the last success. Replication has been explicitly disabled through the server options. [Replications Check,F-SERVER] A recent replication attempt failed: From SA01 to F-SERVER Naming Context: DC=samauto,DC=local The replication generated an error (8456): ?б室*л© бҐаўҐа ў **бв®пйЁ© ¬®¬Ґ*⠮⢥аЈ*Ґв §*Їа®бл ** ९«ЁЄ*жЁо. The failure occurred at 2009-12-02 23:26:44. The last success occurred at 2009-12-02 22:00:15. 37 failures have occurred since the last success. Replication has been explicitly disabled through the server options. ......................... F-SERVER passed test Replications Starting test: NCSecDesc ......................... F-SERVER passed test NCSecDesc Starting test: NetLogons ......................... F-SERVER passed test NetLogons Starting test: Advertising ......................... F-SERVER passed test Advertising Starting test: KnowsOfRoleHolders ......................... F-SERVER passed test KnowsOfRoleHolders Starting test: RidManager ......................... F-SERVER passed test RidManager Starting test: MachineAccount ......................... F-SERVER passed test MachineAccount Starting test: Services ......................... F-SERVER passed test Services Starting test: ObjectsReplicated ......................... F-SERVER passed test ObjectsReplicated Starting test: frssysvol ......................... F-SERVER passed test frssysvol Starting test: frsevent ......................... F-SERVER passed test frsevent Starting test: kccevent ......................... F-SERVER passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:35:48 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:35:51 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:36:38 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000456 Time Generated: 12/02/2009 22:36:41 (Event String could not be retrieved) ......................... F-SERVER failed test systemlog Starting test: VerifyReferences ......................... F-SERVER passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : samauto Starting test: CrossRefValidation ......................... samauto passed test CrossRefValidation Starting test: CheckSDRefDom ......................... samauto passed test CheckSDRefDom Running enterprise tests on : samauto.local Starting test: Intersite ......................... samauto.local passed test Intersite Starting test: FsmoCheck выручайте. сутки на работе голова не варит уже |
Цитата:
Решение: включите репликацию через repadmin /options |
Цитата:
источник: NTDS Replication код: 2095 "...Поскольку удаленный контроллер домена считает, что он имеет более новую базу данных Active Directory чем локальный DC, удаленный DC не будет применять будущие изменения, исходящие от этого локального DC, к своей копии базы данных Active Directory или реплицировать их своим прямым и косвенным партнерам репликации.." сейчас прошло немного времени и на контролере домена получил предупреждения: источник: NTDS Replication код: 2092 "Этот сервер является владельцем следующей роли FSMO, но не считает назначение правильным. Для раздела, содержащего FSMO, этот сервер не выполнил успешной репликации ни с одним из партнеров репликации с момента перезапуска этого сервера. Ошибки репликации мешают выполнению проверки для этой роли....." |
Включите репликацию repadmin/options
Выключите Strict Replication Consistency в реесте HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters Принудительно запустите репикацию или подождите. Ошибки выложите сюда, будем дальше копать. |
Произошел откат USN... посоветуйте что можно сделать в этом случае. есть образы акроникса на оба сервера... но нету одновременного(
ЗЫ восстановить можно любую версию АД.( то есть не критично что на f-server она в более актуальном состоянии) |
dcpromo /forceremoval на сбойном контроллере домена. Потом поднимете заново, всё восстановится. При необходимости ntdsutil - захват ролей и очистка сведений о старом DC в AD.
|
monkkey
спасибо. так и сделали. напоследок спрошу, как избежать такое проблемы? если бы оба образа(акорниксом) были одновременными +- 10 минут, то такой проблемы бы не возникло? или необходимо пользоваться другими средствами для создание резервной копии АД... просто там еще сервер терминалов и файл сервер. |
Поднимите третий DC в виртуалке, например, если есть возможность. Не вижу особого смысла в бэкапе AD. Если только делать его каждые пару часов... Это сильно увеличит нагрузку. Вообще-то минимум два DC и нужны для таких случаев.
|
| Время: 22:01. |
Время: 22:01.
© OSzone.net 2001-