坏的DC将FSMO角色转换为ADC
坏的DC将FSMO角色转换为ADC
提问于 2012-05-04 10:08:29
我有一个DC (FQDN:server.icmcpk.local)和一个ADC (FQDN:file-server.icmcpk.local)。最近,我的DC正面临一个坏的扇区问题,所以我改变了操作大师为文件服务器的所有五个角色。但是,当我关闭旧的DC时,文件服务器也停止了与AD和GPMC的切换,我也无法将任何其他计算机连接到此域。
为了测试目的,我还添加了一个新的ADC (FQDN:wd-server.icmcpk.local),但是没有成功地关闭旧的DC,我不得不打开旧的DC,然后加入它。
我正在为所有三个服务器附加Dcdiags。
请帮助我,以便我能够重新安装新的硬盘,它可以再次上线。
---------------------------------------
Server
---------------------------------------
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From FILE-SERVER to SERVER
Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,SERVER] A recent replication attempt failed:
From WDS-SERVER to SERVER
Naming Context: DC=icmcpk,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2012-05-04 14:07:13.
The last success occurred at 2012-05-04 13:48:39.
1 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER failed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x80001778
Time Generated: 05/04/2012 14:05:39
Event String: The previous system shutdown at 1:26:31 PM on
An Error Event occured. EventID: 0x825A0011
Time Generated: 05/04/2012 14:07:45
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:13:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 05/04/2012 14:14:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:16:14
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:16:14
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:16:14
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0x825A0011
Time Generated: 05/04/2012 14:22:57
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:22:59
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Generate Activation Context failed for
An Error Event occured. EventID: 0xC1010020
Time Generated: 05/04/2012 14:22:59
Event String: Dependent Assembly Microsoft.VC80.MFCLOC could
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Resolve Partial Assembly failed for
An Error Event occured. EventID: 0xC101003B
Time Generated: 05/04/2012 14:22:59
Event String: Generate Activation Context failed for
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : icmcpk
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Running enterprise tests on : icmcpk.local
Starting test: Intersite
......................... icmcpk.local passed test Intersite
Starting test: FsmoCheck
......................... icmcpk.local passed test FsmoCheck
----------------------
File-Server
----------------------
C:\Users\Administrator.ICMCPK>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = FILE-SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FILE-SERVER
Starting test: Connectivity
......................... FILE-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FILE-SERVER
Starting test: Advertising
Warning: DsGetDcName returned information for \\Server.icmcpk.local,
when we were trying to reach FILE-SERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... FILE-SERVER failed test Advertising
Starting test: FrsEvent
......................... FILE-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... FILE-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... FILE-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... FILE-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... FILE-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... FILE-SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=icmcpk,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=icmcpk,DC=local
......................... FILE-SERVER failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\FILE-SERVER\netlogon)
[FILE-SERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... FILE-SERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... FILE-SERVER passed test ObjectsReplicated
Starting test: Replications
......................... FILE-SERVER passed test Replications
Starting test: RidManager
......................... FILE-SERVER passed test RidManager
Starting test: Services
......................... FILE-SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000469
Time Generated: 05/04/2012 14:01:10
Event String:
The processing of Group Policy failed because of lack of network con
nectivity to a domain controller. This may be a transient condition. A success m
essage would be generated once the machine gets connected to the domain controll
er and Group Policy has succesfully processed. If you do not see a success messa
ge for several hours, then contact your administrator.
An Warning Event occurred. EventID: 0x8000A001
Time Generated: 05/04/2012 14:07:11
Event String:
The Security System could not establish a secured connection with th
e server ldap/icmcpk.local/icmcpk.local@ICMCPK.LOCAL. No authentication protocol
was available.
An Warning Event occurred. EventID: 0x00000BBC
Time Generated: 05/04/2012 14:30:34
Event String:
Windows Defender Real-Time Protection agent has detected changes. Mi
crosoft recommends you analyze the software that made these changes for potentia
l risks. You can use information about how these programs operate to choose whet
her to allow them to run or remove them from your computer. Allow changes only
if you trust the program or the software publisher. Windows Defender can't undo
changes that you allow.
An Warning Event occurred. EventID: 0x00000BBC
Time Generated: 05/04/2012 14:30:36
Event String:
Windows Defender Real-Time Protection agent has detected changes. Mi
crosoft recommends you analyze the software that made these changes for potentia
l risks. You can use information about how these programs operate to choose whet
her to allow them to run or remove them from your computer. Allow changes only
if you trust the program or the software publisher. Windows Defender can't undo
changes that you allow.
......................... FILE-SERVER failed test SystemLog
Starting test: VerifyReferences
......................... FILE-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : icmcpk
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Running enterprise tests on : icmcpk.local
Starting test: LocatorCheck
......................... icmcpk.local passed test LocatorCheck
Starting test: Intersite
......................... icmcpk.local passed test Intersite
---------------------
WDS-Server
---------------------
C:\Users\Administrator.ICMCPK>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WDS-SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WDS-SERVER
Starting test: Connectivity
......................... WDS-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WDS-SERVER
Starting test: Advertising
Warning: DsGetDcName returned information for \\Server.icmcpk.local,
when we were trying to reach WDS-SERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... WDS-SERVER failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WDS-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... WDS-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... WDS-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... WDS-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WDS-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WDS-SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=icmcpk,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=icmcpk,DC=local
......................... WDS-SERVER failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\WDS-SERVER\netlogon)
[WDS-SERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... WDS-SERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... WDS-SERVER passed test ObjectsReplicated
Starting test: Replications
......................... WDS-SERVER passed test Replications
Starting test: RidManager
......................... WDS-SERVER passed test RidManager
Starting test: Services
......................... WDS-SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x0000041E
Time Generated: 05/04/2012 14:02:55
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 05/04/2012 14:08:33
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name Sysytem (DNS) is configured and working correctly.
......................... WDS-SERVER failed test SystemLog
Starting test: VerifyReferences
......................... WDS-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : icmcpk
Starting test: CheckSDRefDom
......................... icmcpk passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... icmcpk passed test CrossRefValidation
Running enterprise tests on : icmcpk.local
Starting test: LocatorCheck
......................... icmcpk.local passed test LocatorCheck
Starting test: Intersite
......................... icmcpk.local passed test Intersite回答 2
Server Fault用户
发布于 2012-05-04 10:58:52
如果我不得不猜测,我会说你可能有一个糟糕的DNS基础设施。
最简单的方法是在所有三个域控制器上运行DNS。将127.0.0.1作为每个DC列表中的最后一个条目,并将其他两个DC列在列表前面。
确保您的客户端配置为至少使用其中的两个,最好是更多。
Server Fault用户
发布于 2012-09-11 15:24:15
ForestDNSZones和DomainDNSZones都有自己的FSMO角色持有者,这在老DC上也是最有可能的。请看这里的文章:http://msmvps.com/blogs/ulfbsimonweidner/archive/2008/07/31/how-many-infrastructure-masters-do-you-have.aspx
也是这个KB:http://support.microsoft.com/kb/949257
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/386020
复制相关文章
相似问题
腾讯云开发者
