win2003域和辅助域不能复制信息
公司规模比较大,有好几百台电脑,还是这是个小分厂不过也有400台左右;我以前建立个WIN2003主域DOMAIN1,操作系统WIN2003 EN+SPI; IP:192.168.0.1
主DNS为192.168.0.1,此台操作系统DNS设置为:qypl2d.com
主DNS:192.168.0.1
辅助DNS:192.168.0.2
辅助WIN20003域DOMAIN2,操作系统WIN2003 EN+SPI;IP:192.168.0.2;
辅助DNS为:192.168.0.2,此台操作系统DNS设置为:qypl2d.com
主DNS:192.168.0.2
辅助DNS:192.168.0.1
刚开始建立好的时候一切都没问题,DOMAIN1和DOMAIN 2的AD和DNS都能进行复制信息;后来某天因为一台DELL 2850服务器损坏,公司购买了一台新的服务器,我把那台损坏的DELL 2850服务器找DELL公司修理员修理好了,我就准备把原来192.168.0.2辅助域转移到此台DELL 2850上来;这里我要痛哭2下;
首先我没去把原来192.168.0.2那台辅助域从域里面脱离,而是直接把那台服务器给格式化,重新安装了新的操作系统WINXP,做另个应用;
然后在这台DELL 2850上安装了WIN2003 SERVERI+SP1;电脑名称设置为DOMIAN2;这时候问题出现了..
我在这台电脑上运行:DCPROMO,在选择"域外的辅助域控制器",结果提示哪个域存在,不能继续下去;我只能修改电脑名称为"DOMAIN02",然后建立了;
然后问题就发生了,因为域默认安装是没安装DNS,我重新设置了DNS为qypl2d.com,设置为活动更新;
然后原来的主域就失去了作用,不会和这台新的DOMAIN02 AD,DNS进行复制信息;
然后我又去把DOMAIN1的DNS删除,重新再配置,还是不行;AD是无论如何不会复制信息,而DNS是可以的;
如今搞的真是狼狈....本来一切好好的,都被我搞砸了,小弟哭都没有眼泪;因为域是我建立的,如今同事都不想再重新建立过和重新把客户端域重新加入和配置桌面信息(那工作量很大,而且我也会被他们骂死)
我把DOMAIN1和DOMAIN02的出错信息给大家看下,希望大家能帮助我下,小弟跪谢了;
APPLICATION 错误:
1.Windows cannot query for the list Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at [url=http://go.microsoft.com/fwlink/events.asp]http://go.microsoft.com/fwlink/events.asp[/url].
2.Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=QYPL2D,DC=COM. The file must be present at the location <[url=file://\\QYPL2D.COM\sysvol\QYPL2D.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini]\\QYPL2D.COM\sysvol\QYPL2D.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini[/url]>. (Access is denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at
DNS 错误:
1.Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=QYPL2D,DC=COM. The file must be present at the location <[url=file://\\QYPL2D.COM\sysvol\QYPL2D.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini]\\QYPL2D.COM\sysvol\QYPL2D.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini[/url]>. (Access is denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at
2.The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
活动目录 错误:
1.The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
qydomain02
Failing DNS host name:
0853caea-703a-4cd0-ab07-b44ba14ed733._msdcs.QYPL2D.COM
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view [url=file://\\<source]\\<source[/url] DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on [url=http://www.microsoft.com/dns]http://www.microsoft.com/dns[/url]
dcdiag /test:dns
4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
[url=http://support.microsoft.com/?kbid=824449]http://support.microsoft.com/?kbid=824449[/url]
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
For more information, see Help and Support Center at
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
DC=ForestDnsZones,DC=QYPL2D,DC=COM
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
180
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>". 服务器名称和DNS都不要设置和那台一样的 直接:DOMAIN3 和 192.168.0.3
再试一试,相当于有第三台服务器
页:
[1]