<\/p>\n
AD replika hiba<\/h1>\n\u00c9szlel\u00e9s<\/h2>\n
T\u00fcnetek az al\u00e1bbiak voltak:<\/p>\n
- \n
- Nem lehetett mindig bejelentkezni egy felhaszn\u00e1l\u00f3val<\/li>\n
- Nem megb\u00edzhat\u00f3 kapcsolatot \u00edrt a tartom\u00e1nnyal<\/li>\n
- Bejelentkez\u00e9s m\u00e9g ment de policyket m\u00e1r nem kapta meg.<\/li>\n
- \u00daj g\u00e9peket nem lehetett bel\u00e9ptetni (the target account name is incorrect)<\/li>\n<\/ul>\n
Ek\u00f6zben a logokban arra panaszkodott, hogy nem siker\u00fclt friss\u00edteni a DNS-ben a bejegyz\u00e9seket.<\/p>\n
A DNS-rekord (‘455543f8-4b64-4128-9f12-61c1c3705652._msdcs.CONTOSO.local. 600 IN CNAME dc1.CONTOSO.local.’) dinamikus regisztr\u00e1ci\u00f3ja nem siker\u00fclt a k\u00f6vetkez\u0151 DNS-kiszolg\u00e1l\u00f3n:<\/p>\n
DNS-kiszolg\u00e1l\u00f3 IP-c\u00edme: 192.168.65.3
\nVisszak\u00fcld\u00f6tt v\u00e1laszk\u00f3d (RCODE): 5
\nVisszak\u00fcld\u00f6tt \u00e1llapotk\u00f3d: 9005<\/p><\/blockquote>\nHa a DNS kezel\u0151t megpr\u00f3b\u00e1ltam megnynit a 192.168.65.3-on azt mondta, hogy nem l\u00e9tezik illetve ACCESS DENIED.<\/p>\n
R\u00e1n\u00e9ztem a replik\u00e1ra a DC1-r\u0151l, ott rendben volt, a probl\u00e9ma az EXCALIBUR DC-n volt (t\u00f6bbek k\u00f6zt ilyen hib\u00e1k voltak):<\/p>\n
DC=DomainDnsZones,DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:15:38 failed, result 1908 (0x774):
\nCould not find the domain controller for this domain.
\n57 consecutive failure(s).
\nLast success @ 2020-07-22 18:52:45.<\/p>\nSource: Default-First-Site-Name\\DC1
\n******* 466 CONSECUTIVE FAILURES since 2020-07-22 19:29:34
\nLast error: 1256 (0x4e8):
\nThe remote system is not available. For information about network tr
\noubleshooting, see Windows Help.<\/p><\/blockquote>\nIlletve ilyen is (ez m\u00e1r csak az event viewerb\u0151l van de a repadmin is \u00edrta):<\/p>\n
Internal event: Active Directory Domain Services could not update the following object with changes received from the following source directory service. This is because an error occurred during the application of the changes to Active Directory Domain Services on the directory service. <\/span><\/span><\/span><\/p>\n
Object:
\nDC=CONTOSO,DC=local
\nObject GUID:
\n0f1e7c61-6c89-4d3d-b3a1-1b8aa0dfe827
\nSource directory service:
\n455543f8-4b64-4128-9f12-61c1c3705652._msdcs.CONTOSO.local
\nSynchronization of the directory service with the source directory service is blocked until this update problem is corrected.
\nThis operation will be tried again at the next scheduled replication.
\nUser Action
\nRestart the local computer if this condition appears to be related to low system resources (for example, low physical or virtual memory).
\nAdditional Data
\nError value:
\n1127 While accessing the hard disk, a disk operation failed even after retries.<\/span><\/span><\/span><\/p><\/blockquote>\nrepadmin \/syncall nem seg\u00edtett, ugyanaz a hiba, egy gyors reboot ut\u00e1n mi a helyzet? Indul\u00e1skor futott egy checkdisk:<\/p>\n
Checking file system on C:
\nThe type of the file system is NTFS.<\/p>\nOne of your disks needs to be checked for consistency. You
\nmay cancel the disk check, but it is strongly recommended
\nthat you continue.
\nWindows will now check the disk.<\/p>\nCHKDSK is verifying files (stage 1 of 3)…
\nCleaning up instance tags for file 0x175.
\nCleaning up instance tags for file 0x7634.
\nCleaning up instance tags for file 0x764b.
\nCleaning up instance tags for file 0xf491.
\nCleaning up instance tags for file 0xfe9d.
\nCleaning up instance tags for file 0xfea3.
\nThe attribute of type 0x80 and instance tag 0x0 in file 0x10f60
\nhas allocated length of 0xb77650000 instead of 0xb77640000.
\nDeleted corrupt attribute list entry
\nwith type code 128 in file 69472.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x2ea7000000004253. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 16979.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0xaf1f00000000d9b6. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 55734.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x24f1000000011c24. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 72740.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x1c910000000123b3. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 74675.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x6ed4000000012495. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 74901.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x2271000000012ec1. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 77505.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0x1442000000025048. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 151624.
\nUnable to locate attribute with instance tag 0x0 and segment
\nreference 0xad900000002509f. The expected attribute type is 0x80.
\nDeleting corrupt attribute record (128, $J)
\nfrom file record segment 151711.
\nCleaning up instance tags for file 0x16627.
\n288768 file records processed. File verification completed.
\nDeleting orphan file record segment 16979.
\nDeleting orphan file record segment 55734.
\nDeleting orphan file record segment 78543.
\n13117 large file records processed. 0 bad file records processed.
\nCHKDSK is verifying indexes (stage 2 of 3)…
\n375066 index entries processed. Index verification completed.
\n0 unindexed files scanned. 0 unindexed files recovered.
\nCHKDSK is verifying security descriptors (stage 3 of 3)…
\nCleaning up 45 unused index entries from index $SII of file 0x9.
\nCleaning up 45 unused index entries from index $SDH of file 0x9.
\nCleaning up 45 unused security descriptors.
\nSecurity descriptor verification completed.
\n43150 data files processed. CHKDSK is verifying Usn Journal…
\nCreating Usn Journal $J data stream
\nUsn Journal verification completed.
\nCHKDSK discovered free space marked as allocated in the
\nmaster file table (MFT) bitmap.
\nCHKDSK discovered free space marked as allocated in the volume bitmap.<\/p>\nWindows has made corrections to the file system.
\nNo further action is required.<\/p>\n523926527 KB total disk space.
\n146761988 KB in 150555 files.
\n116572 KB in 43151 indexes.
\n0 KB in bad sectors.
\n378207 KB in use by the system.
\n65536 KB occupied by the log file.
\n376669760 KB available on disk.<\/p>\n4096 bytes in each allocation unit.
\n130981631 total allocation units on disk.
\n94167440 allocation units available on disk.<\/p>\nInternal Info:
\n00 68 04 00 b4 f4 02 00 b7 83 05 00 00 00 00 00 .h…………..
\n54 02 00 00 de 00 00 00 00 00 00 00 00 00 00 00 T……………
\n20 03 00 14 e7 00 00 00 00 00 00 00 00 00 00 00 ……………<\/p>\nWindows has finished checking your disk.
\nPlease wait while your computer restarts.<\/p><\/blockquote>\nTeh\u00e1t hib\u00e1t tal\u00e1lt, logban \u00edrta is, hogy s\u00e9r\u00fclt az AD DB f\u00e1jl.<\/p>\n
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.<\/p>\n
Object:
\nDC=CONTOSO,DC=local
\nObject GUID:
\n0f1e7c61-6c89-4d3d-b3a1-1b8aa0dfe827
\nSource domain controller:
\n455543f8-4b64-4128-9f12-61c1c3705652._msdcs.CONTOSO.local<\/p>\nUser Action<\/p>\n
….jav\u00edt\u00e1sr\u00f3l \u00edr itt, de minket annyira ez nem izgat, van egy \u00e9p p\u00e9ld\u00e1nyunk<\/p>\n
Domain Services Databases.<\/p>\n
If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.<\/p>\n
Additional Data
\nPrimary Error value:
\n1127 While accessing the hard disk, a disk operation failed even after retries.
\nSecondary Error value:
\n-510 JET_errLogWriteFail, Failure writing to log file<\/p><\/blockquote>\nJav\u00edt\u00e1s<\/h2>\n
No de kit \u00e9rdekel, van egy eg\u00e9szs\u00e9ges DC-nk, syncelj\u00fck \u00e1t onnan. Persze ez nyilv\u00e1n nem megy a szinkron “The target principal name is incorrect” hib\u00e1val meg\u00e1ll. A probl\u00e9ma, hogy t\u00fal r\u00e9gen cs\u00faszott sz\u00e9t az eg\u00e9sz (1 h\u00f3nap) emiatt a kerberos ticketek is teljesen elm\u00e1sztak. Kell egy force szinkron(1<\/a>):<\/p>\n
Ehhez el\u0151sz\u00f6r is \u00e1ll\u00edtsuk le a “Kerberos Key Distribution Center” szolg\u00e1ltat\u00e1st azon a szerveren ahova forceolni akarjuk a szinkront:<\/p>\n
net stop kdc<\/span><\/span><\/p><\/blockquote>\n
Forceoljunk ki egy configuration szinkront<\/p>\n
![\"Replicate](\"\/\/debnar.org\/wp\/wp-content\/uploads\/2020\/08\/replicateconfigfromselecteddc-300x170.png\")
<\/a><\/p>\nInd\u00edtsuk el a kor\u00e1bban le\u00e1ll\u00edtott “Kerberos Key Distribution Center”-t:<\/p>\n
net start kdc<\/p><\/blockquote>\n
Ezekut\u00e1n rem\u00e9lhet\u0151leg m\u00e1r rendben lesz. Hagyjunk egy kis id\u0151t m\u00edg mindent rendben leszinkroniz\u00e1l. K\u00f6zvetlen\u00fcl ut\u00e1na:<\/p>\n
C:\\Windows\\system32>repadmin \/showrepl<\/p>\n
Repadmin: running command \/showrepl against full DC localhost
\nDefault-First-Site-Name\\EXCALIBUR
\nDSA Options: IS_GC
\nSite Options: (none)
\nDSA object GUID: 57e27dc2-70fd-49e2-8c71-702f9f125f22
\nDSA invocationID: ea8948bc-8291-40c2-b7b4-722497a869f5<\/p>\n==== INBOUND NEIGHBORS ======================================<\/p>\n
DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:42:59 was successful.<\/p>\nCN=Configuration,DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:21:51 was successful.<\/p>\nCN=Schema,CN=Configuration,DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:14:37 failed, result 1908 (0x774):
\nCould not find the domain controller for this domain.
\n55 consecutive failure(s).
\nLast success @ 2020-07-22 18:52:45.<\/p>\nDC=DomainDnsZones,DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:15:38 failed, result 1908 (0x774):
\nCould not find the domain controller for this domain.
\n57 consecutive failure(s).
\nLast success @ 2020-07-22 18:52:45.<\/p>\nDC=ForestDnsZones,DC=CONTOSO,DC=local
\nDefault-First-Site-Name\\DC1 via RPC
\nDSA object GUID: 455543f8-4b64-4128-9f12-61c1c3705652
\nLast attempt @ 2020-08-28 17:34:45 was successful.<\/p>\nSource: Default-First-Site-Name\\DC1
\n******* 57 CONSECUTIVE FAILURES since 2020-07-22 18:52:45
\nLast error: 1908 (0x774):
\nCould not find the domain controller for this domain.<\/p><\/blockquote>\nMaximum f\u00e9l \u00f3ra ut\u00e1n mindent sz\u00e9pen replik\u00e1l.<\/p>\n
DFSR hiba<\/h1>\n
Ezut\u00e1n sz\u00e9pen be lehetett jelentkezni mindenhova, majd ha nyomtam egy gpupdate-et akkor k\u00f6z\u00f6lte, hogy sikertelen volt, nem tal\u00e1lja a megadott policyt, szerveren event viewerben is l\u00e1tsz\u00f3dott a hiba:<\/p>\n
– EventData<\/p>\n
SupportInfo1 1
\nSupportInfo2 4875
\nProcessingMode 0
\nProcessingTimeInMilliseconds 610
\nErrorCode 3
\nErrorDescription The system cannot find the path specified.
\nDCName \\\\EXCALIBUR.CONTOSO.local
\nExtensionName Group Policy Power Options
\nExtensionId {E62688F0-25FD-4c90-BFF5-F508B9D2E31F}<\/p><\/blockquote>\nVal\u00f3ban be\u00edrva az int\u00e9z\u0151be nem tal\u00e1lthat\u00f3 a policy, m\u00edg a DC1 szerveren igen. Ezzel az a probl\u00e9ma, hogy nagyon r\u00e9gen \u00e1llt le, amit nem tal\u00e1lt policy az valamikor febru\u00e1rban sz\u00fcletett. Nem tudom, hogy nem der\u00fclt ez ki kor\u00e1bban, mindenesetre event logban:<\/p>\n
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication. <\/span><\/span><\/p>\n
Additional Information:
\nVolume: C:
\nGUID: CA16872C-04BB-11E3-93E8-806E6F6E6963
\nRecovery Steps
\n1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
\n2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
\nwmic \/namespace:\\\\root\\microsoftdfs path dfsrVolumeConfig where volumeGuid=”CA16872C-04BB-11E3-93E8-806E6F6E6963″ call ResumeReplication <\/span><\/span><\/span><\/p>\nFor more information, see http:\/\/support.microsoft.com\/kb\/2663685<\/a>.<\/span><\/span><\/p><\/blockquote>\n
Teh\u00e1t ott is van mit kell csin\u00e1lni, gyors backup mindk\u00e9t DC-n (sima f\u00e1jlm\u00e1sol\u00e1s) a c:\\windows\\SYSVOL\\domain k\u00f6nyvt\u00e1rr\u00f3l majd futtatni a<\/p>\n
wmic \/namespace:\\\\root\\microsoftdfs path dfsrVolumeConfig where volumeGuid=”CA16872C-04BB-11E3-93E8-806E6F6E6963″ call ResumeReplication <\/span><\/span><\/span><\/p><\/blockquote>\n
Ha szerencs\u00e9sek vagyunk ennyi el\u00e9g is, miut\u00e1n nekem nagyon r\u00e9gen sz\u00e9tcs\u00faszott ez\u00e9rt az al\u00e1bbi hiba\u00fczenetet dobta:<\/p>\n
The DFS Replication service stopped replication on the folder with the following local path: C:\\Windows\\SYSVOL\\domain. This server has been disconnected from other partners for 267 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.<\/p>\n
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.<\/p>\n
Additional Information:
\nError: 9061 (The replicated folder has been offline for too long.)
\nReplicated Folder Name: SYSVOL Share
\nReplicated Folder ID: 6E031177-CEA1-49CC-97BD-7E20A2DEFA70
\nReplication Group Name: Domain System Volume
\nReplication Group ID: 2AB23F75-C70A-45F4-BE47-43BFCC8F2FDA
\nMember ID: A9B0D353-863C-4E4E-A325-06E072CA5F3F<\/p><\/blockquote>\n267 nap. Az sz\u00e9p eset. F\u0151leg, hogy fel sem t\u0171nt. Annyi baj legyen kellene egy force szinkron.<\/p>\n
Non-authoritive \u00e9s authoritive szinkron<\/h2>\n
K\u00e9t lehet\u0151s\u00e9g\u00fcnk van non-authoritive szinkront csin\u00e1lni, ez ilyen kb. automata, kital\u00e1lja, hogy mi a j\u00f3 nek\u00fcnk, ezt akkor j\u00e1tszhatjuk meg ha t\u00f6bb mint 2 DC-nk van \u00e9s t\u00f6bb mint a DC-k 50% rendben van(2<\/a>). Az, hogy mi van rendben azt al\u00e1bbival ellen\u0151r\u00edzhetj\u00fck:<\/p>\n
for \/f %i IN (‘dsquery server -o rdn’) do @echo %i && @wmic \/node:”%i” \/namespace:\\\\root\\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername=’SYSVOL share’ get replicationgroupname,replicatedfoldername,state<\/p><\/blockquote>\n
Egy ilyen p\u00e9ld\u00e1ul nem j\u00f3:<\/p>\n
EXCALIBUR
\nNo Instance(s) Available.
\nDC1
\nReplicatedFolderName\u00a0 ReplicationGroupName\u00a0 State
\nSYSVOL Share\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Domain System Volume\u00a0 2<\/p><\/blockquote>\nNekem nincs meg legal\u00e1bb az 50+1 % \u00edgy marad az authoritive szinkron, nagy elt\u00e9r\u00e9s nincs a kett\u0151 k\u00f6zt am\u00fagy, egy attrib\u00fatum \u00e9rt\u00e9k. Mi a nagyj\u00e1b\u00f3li menet?<\/p>\n
Non authoritive eset\u00e9ben:<\/h3>\n
- \n
- Kivenni a rossz szervert a replik\u00e1ci\u00f3b\u00f3l<\/li>\n
- Friss\u00edteni a DFS szinkroniz\u00e1l\u00e1st AD-b\u00f3l<\/li>\n
- Visszarakni a rossz szervert a replik\u00e1b\u00f3l<\/li>\n
- Friss\u00edteni a DFS szinkroniz\u00e1l\u00e1st AD-b\u00f3l<\/li>\n<\/ol>\n
Authoritive eset\u00e9ben:<\/h3>\n
- \n
- Le\u00e1ll\u00edtani a DFS replik\u00e1ci\u00f3kat<\/li>\n
- Le\u00e1ll\u00edteni mindenhol a replik\u00e1ci\u00f3t \u00e9s kinevezni egy “master”-t<\/li>\n
- “master”-en elindulhat a DFS replik\u00e1ci\u00f3<\/li>\n
- Visszarakni a “master”-t<\/li>\n
- Friss\u00edteni a DFS szinkroniz\u00e1l\u00e1st AD-b\u00f3l a masteren<\/li>\n
- Mindenhol m\u00e1sutt elind\u00edthat\u00f3 a DFS replik\u00e1ci\u00f3<\/li>\n
- Visszarakni a t\u00f6bbi szervert is<\/li>\n
- Friss\u00edteni a DFS szinkroniz\u00e1l\u00e1st AD-b\u00f3l<\/li>\n<\/ol>\n
Authoritive akkor, hogyan is n\u00e9z ki pontosan:<\/p>\n
\u00c1ll\u00edtsuk le a DFS replik\u00e1ci\u00f3t mindenhol<\/p>\n
net stop dfsr<\/p><\/blockquote>\n
Nyissunk meg egy ADSI editort \u00e9s m\u00f3dos\u00edtsuk az al\u00e1bbit(egyszer\u0171s\u00e9g kedv\u00e9\u00e9rt \u00e9rdemes ezt a kiszemelt masteren csin\u00e1lni):<\/p>\n
![\"ADSI](\"\/\/debnar.org\/wp\/wp-content\/uploads\/2020\/08\/adsieditor_authoritivedfsReplication-300x165.png\")
<\/a><\/p>\n![\"SYSVOL](\"https:\/\/debnar.org\/wp\/wp-content\/uploads\/2020\/08\/GPOEditor-300x185.png\")
<\/a>