所有域用戶的outlook郵箱都連接不到exchange服務器(同時也是備份域服務器),重啓exchange服務器之後能堅持一(yī)會,之後又(yòu)會到原樣,打開(kāi)主域服務器的事件查看器的目錄服務裏出現如下(xià)錯誤:
Active Directory 複制發現下(xià)列分(fēn)區中(zhōng)存在的對象已經從 本地域控制器(DC) Active Directory 數據庫中(zhōng)删除。 在邏輯删除生(shēng)存時間過期之前,部分(fēn)直接或可傳遞的複制 夥伴沒有複制該删除。已經從 Active Directory 分(fēn)區 删除并垃圾收集的對象,如果仍然存在于同一(yī)域中(zhōng)其他 DC 的可寫入分(fēn)區中(zhōng)或林中(zhōng)其他域中(zhōng)的全局編錄服務器的 隻讀分(fēn)區中(zhōng),被稱作“延遲對象”。
此事件被記錄到日志(zhì),因爲源 DC 包含的延遲對象不存在于 本地 Active Directory 數據庫上。此複制被阻止。
解決此問題的最佳方案是标記并删除林中(zhōng)的所有延遲對象,
源 DC (傳輸特定的網絡地址):
be240ab2-9df4-4075-8342-066a8bf2158f._msdcs.chinahikari.com
對象:
CN=楊善根\0ADEL:2ba287eb-d6de-4563-998a-cedf6d16c305,CN=Deleted Objects,DC=chinahikari,DC=com
對象 GUID:
2ba287eb-d6de-4563-998a-cedf6d16c305
用戶操作:
删除延遲對象:
該操作将從此錯誤(可以在 http://support.microsoft.com/?id=314282 找到)恢複。
如果源和目标 DC 都是 Windows Server 2003 DC,那麽請安裝 包含在安裝 CD 上的支持工(gōng)具。要查看實際上不執行删除的 要删除的對象,請運行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE"。 源 DC 上的事件日志(zhì)将枚舉所有延遲對象。要從源域控制器删除 延遲對象,請運行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>"。
如果源或域控制器之一(yī)是 Windows 2000 Server DC,那麽可以 在 http://support.microsoft.com/?id=314282 找到更多有關如何删除 源 DC 上的延遲對象的信息,或從您的 Microsoft 支持專家獲得這些信息。
如果需要 Active Directory 複制立即工(gōng)作(不計成本)并且沒有 時間删除延遲對象,請通過取消下(xià)列注冊表項設置,啓用松散複制 一(yī)緻性:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency
共享公共分(fēn)區的 DC 之間的複制錯誤可能導緻 DC 之間的用戶 和計算機帳戶、信任關系、他們的密碼、安全組、安全組成員(yuán) 關系和其他 Active Directory 配置數據不同,這将影響登錄、 查找相關對象和執行其他重要操作。一(yī)旦解決了複制錯誤, 這些不一(yī)緻将解決。未能在邏輯删除生(shēng)存時間内入站複制删除的 對象的 DC 将保持不一(yī)緻,除非管理員(yuán)手動從每一(yī)個本地 DC 删除延遲對象。
延遲對象可能被阻止,從而确保林中(zhōng)所有域控制器運行 Active Directory,經由生(shēng)成樹(shù)連接拓撲連接, 而且在邏輯 删除生(shēng)存時間過期之前執行入站複制。
有關更多信息,請參閱在 http://go.microsoft.com/fwlink/events.asp 的幫助和支持中(zhōng)心。
同時在DC服務器上dcdiag測試結果如下(xià):
C:\Documents and Settings\Administrator>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ADSERVER
Starting test: Connectivity
......................... ADSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ADSERVER
Starting test: Replications
[HYSH03] DsBindWithSpnEx() failed with error 1753,
終結點映射器中(zhōng)沒有更多的終結點可用。.
[Replications Check,ADSERVER] A recent replication attempt failed:
From HYSH03 to ADSERVER
Naming Context: DC=chinahikari,DC=com
The replication generated an error (8606):
沒有給定足夠的屬性以創建對象。這個對象可能不存在因爲它可能已經删除域
垃圾收集。
The failure occurred at 2012-06-03 18:59:47.
The last success occurred at 2012-06-02 17:17:57.
306 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
ADSERVER: Current time is 2012-06-03 19:17:31.
DC=chinahikari,DC=com
Last replication recieved from HYSH03 at 2012-06-02 17:17:57.
......................... ADSERVER passed test Replications
Starting test: NCSecDesc
......................... ADSERVER passed test NCSecDesc
Starting test: NetLogons
......................... ADSERVER passed test NetLogons
Starting test: Advertising
......................... ADSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... ADSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... ADSERVER passed test RidManager
Starting test: MachineAccount
......................... ADSERVER passed test MachineAccount
Starting test: Services
Dnscache Service is stopped on [ADSERVER]
......................... ADSERVER failed test Services
Starting test: ObjectsReplicated
......................... ADSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... ADSERVER passed test frssysvol
Starting test: frsevent
......................... ADSERVER passed test frsevent
Starting test: kccevent
......................... ADSERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000005
Time Generated: 06/03/2012 19:07:37
(Event String could not be retrieved)
......................... ADSERVER failed test systemlog
Starting test: VerifyReferences
......................... ADSERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : chinahikari
Starting test: CrossRefValidation
......................... chinahikari passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... chinahikari passed test CheckSDRefDom
Running enterprise tests on : chinahikari.com
Starting test: Intersite
......................... chinahikari.com passed test Intersite
Starting test: FsmoCheck
......................... chinahikari.com passed test FsmoCheck
以上在我(wǒ)的域控制器報的錯誤,同時截圖如下(xià):
PDC與BDC無法同步複制
根據以上大(dà)篇幅的提示中(zhōng)藍(lán)色加粗的部分(fēn)的說明讓我(wǒ)感覺興奮,立即在PDC(ADServer)上打開(kāi)注冊表按照其提示找到 Strict Replication Consistency 并把其值改爲0(原值爲1),以爲問題得到解決,再次dcdiag(這次是在BDC[hysh03]上運行)卻讓人既高興又(yòu)失望,高興的是不再提示“沒有給定足夠的屬性以創建對象。這個對象可能不存在因爲它可能已經删除域垃圾收集。”,失望的是新的錯誤又(yòu)産生(shēng)“Active Directory 不能與此服務器複制,因爲距上一(yī)次與此服務器複制的時間已經超過了tombstone 生(shēng)存時間。”dcdiag的結果如下(xià):
C:\Documents and Settings\administrator.CHINAHIKARI>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HYSH03
Starting test: Connectivity
......................... HYSH03 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HYSH03
Starting test: Replications
[Replications Check,HYSH03] A recent replication attempt failed:
From ADSERVER to HYSH03
Naming Context: CN=Schema,CN=Configuration,DC=chinahikari,DC=com
The replication generated an error (8614):
Active Directory 不能與此服務器複制,因爲距上一(yī)次與此服務器複制的時
間已經超過了 tombstone 生(shēng)存時間。
The failure occurred at 2012-06-04 14:55:56.
The last success occurred at 2012-06-01 08:49:32.
79 failures have occurred since the last success.
[ADSERVER] DsBindWithSpnEx() failed with error -2146893022,
目标主要名稱不正确。.
[Replications Check,HYSH03] A recent replication attempt failed:
From ADSERVER to HYSH03
Naming Context: CN=Configuration,DC=chinahikari,DC=com
The replication generated an error (8614):
Active Directory 不能與此服務器複制,因爲距上一(yī)次與此服務器複制的時
間已經超過了 tombstone 生(shēng)存時間。
The failure occurred at 2012-06-04 15:20:02.
The last success occurred at 2012-06-01 08:49:32.
208 failures have occurred since the last success.
[Replications Check,HYSH03] A recent replication attempt failed:
From ADSERVER to HYSH03
Naming Context: DC=chinahikari,DC=com
The replication generated an error (8614):
Active Directory 不能與此服務器複制,因爲距上一(yī)次與此服務器複制的時
間已經超過了 tombstone 生(shēng)存時間。
The failure occurred at 2012-06-04 15:22:59.
The last success occurred at 2012-06-01 08:39:00.
13710 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
HYSH03: Current time is 2012-06-04 15:23:06.
CN=Schema,CN=Configuration,DC=chinahikari,DC=com
Last replication recieved from ADSERVER at 2011-06-01 08:49:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Configuration,DC=chinahikari,DC=com
Last replication recieved from ADSERVER at 2011-06-01 08:49:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=chinahikari,DC=com
Last replication recieved from ADSERVER at 2011-06-01 08:39:00.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
......................... HYSH03 passed test Replications
Starting test: NCSecDesc
......................... HYSH03 passed test NCSecDesc
Starting test: NetLogons
......................... HYSH03 passed test NetLogons
Starting test: Advertising
......................... HYSH03 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: ADSERVER is the Schema Owner, but is not responding to DS RPC
Bind.
[ADSERVER] LDAP bind failed with error 8341,
出現了一(yī)個目錄服務錯誤。.
Warning: ADSERVER is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: ADSERVER is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: ADSERVER is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: ADSERVER is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: ADSERVER is the PDC Owner, but is not responding to LDAP Bind.
Warning: ADSERVER is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: ADSERVER is the Rid Owner, but is not responding to LDAP Bind.
Warning: ADSERVER is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: ADSERVER is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... HYSH03 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... HYSH03 failed test RidManager
Starting test: MachineAccount
......................... HYSH03 passed test MachineAccount
Starting test: Services
......................... HYSH03 passed test Services
Starting test: ObjectsReplicated
......................... HYSH03 passed test ObjectsReplicated
Starting test: frssysvol
......................... HYSH03 passed test frssysvol
Starting test: frsevent
......................... HYSH03 passed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/04/2012 15:10:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/04/2012 15:12:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/04/2012 15:12:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/04/2012 15:20:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/04/2012 15:20:14
(Event String could not be retrieved)
......................... HYSH03 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:24:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:29:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:30:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 06/04/2012 14:30:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:34:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:36:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:55:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:56:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168E
Time Generated: 06/04/2012 14:56:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 06/04/2012 14:56:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 14:57:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/04/2012 14:57:47
Event String: The session setup from computer 'JSB_06' failed
An Error Event occured. EventID: 0x000016AD
Time Generated: 06/04/2012 15:00:04
Event String: The session setup from the computer JSB_06 failed
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:13:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:16:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:18:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:19:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:22:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:22:57
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:23:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 06/04/2012 15:23:06
(Event String could not be retrieved)
......................... HYSH03 failed test systemlog
Starting test: VerifyReferences
......................... HYSH03 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : chinahikari
Starting test: CrossRefValidation
......................... chinahikari passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... chinahikari passed test CheckSDRefDom
Running enterprise tests on : chinahikari.com
Starting test: Intersite
......................... chinahikari.com passed test Intersite
Starting test: FsmoCheck
......................... chinahikari.com passed test FsmoCheck
經過多番摸索和查找,最後終于找到一(yī)個解決辦法:
在運行中(zhōng)用Regedit命令打開(kāi)注冊表,分(fēn)别作如下(xià)修改(以下(xià)操作本人是在BDC上完成的,按理論來說在PDC做也是可以的):
Value Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Value Name: Allow Replication With Divergent and Corrupt Partner(如沒有此鍵值可以直接增加)
Value Type: REG_DWORD
Value Data: 1
Value Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value Name: Strict Replication Consistency
Value Type: REG_DWORD
Value Data: 0
然後利用dssite.msc管理控制台強制AD立即複制,操作如下(xià):
PDC與BDC無法同步複制
點擊“立即複制副本”後會迅速提示複制完成。複制成功後,請在注冊表中(zhōng)做如下(xià)調整:
删除:
Value Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Value Name: Allow Replication With Divergent and Corrupt Partner
Value Type: REG_DWORD
Value Data: 1
将以下(xià)注冊表設定值恢複成1:
Value Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value Name: Strict Replication Consistency
Value Type: REG_DWORD
Value Data: 1
然後重啓服務器,再dcdiag或者replmon發現均正常。
