Mancata Replica AD

Ciao a tutti,

sono nuovo del forum e vorrei salutare tutti e ringraziare chi può aiutarmi a risolvere il mio problema.

Ho un AD con 2 DC un w2k8 (Macchina Virtuale) PDC e un w2k3 (Macchina Fisica) promosso a DC in un secondo momento, entrambe hanno il server DNS installato.

Tutto è filato liscio fino a quando un bel giorno il PDC non si è più avviato, schermata blu e riavvio continuo. Ho rimesso in piedi la macchina virtuale da una copia di BK che mensilmente faccio.

Tutto sembrava funzionare correttamente, gli utenti si autenticano correttamente in dominio e il DNS svolge correttamente il suo lavoro, fino a quando ho formattato un Postazione di Lavoro e al momento di fargli prendere le policy di dominio con un gpupdate /force, mi si è aperto un modo parallelo e nascosto....[:)]. Il comando mi da il seguente errore:

Impossibile aggiornare i criteri utente. Si sono verificati gli errori seguenti:

Elaborazione dei Criteri di gruppo non riuscita. È stato tentato il recupero del le nuove impostazioni dei Criteri di gruppo per l'utente o il computer corrente. Per ottenere il codice e una descrizione dell'errore, vedere la scheda dei dettagli. L'operazione verrà ritentata automaticamente durante il ciclo di aggiornamento successivo. Per l'individuazione di nuovi oggetti Criteri di gruppo e delle relative impostazioni, i computer aggiunti al dominio devono disporre di un servizio di risoluzione dei nomi appropriato e di connettività di rete a un controller di dominio. Al completamento dell'elaborazione dei Criteri di gruppo verrà registrato un evento.Impossibile aggiornare i criteri computer. Si sono verificati gli errori seguenti:

Elaborazione dei Criteri di gruppo non riuscita. È stato tentato il recupero delle nuove impostazioni dei Criteri di gruppo per l'utente o il computer corrente. Per ottenere il codice e una descrizione dell'errore, vedere la scheda dei dettagli. L'operazione verrà ritentata automaticamente durante il ciclo di aggiornamento successivo. Per l'individuazione di nuovi oggetti Criteri di gruppo e delle relative impostazioni, i computer aggiunti al dominio devono disporre di un servizio di risoluzione dei nomi appropriato e di connettività di rete a un controller di dominio. Al completamento dell'elaborazione dei Criteri di gruppo verrà registrato un evento.

Per diagnosticare l'errore, esaminare il registro eventi o eseguire GPRESULT /H GPReport.html dalla riga di comando per accedere alle informazioni sui risultati di Criteri di gruppo.

In realtà, alcune policy vengono applicate, altre no...

Facendo un po di troubleshooting mi sono reso conto che qualcosa non andava nelle repliche di Active Directory, sia nel registro eventi dei 2 DC che con i comandi di diagnostica avevo parecchi problemi.

Vi scrivo in dettaglio quanto sto riscontrando sui 2 server:

W2k3

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\W2k3

Starting test: Connectivity

......................... W2k3 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\W2k3

Starting test: Replications

[Replications Check,W2k3] A recent replication attempt failed:

From W2k8 to W2k3

Naming Context: DC=ForestDnsZones,DC=dominio,DC=local

The replication generated an error (1256):

Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.

The failure occurred at 2016-07-20 11:56:23.

The last success occurred at 2016-06-01 12:54:16.

1176 failures have occurred since the last success.

[W2k8] DsBindWithSpnEx() failed with error -2146893022,

Nome principale di destinazione scorretto..

[Replications Check,W2k3] A recent replication attempt failed:

From W2k8 to W2k3

Naming Context: DC=DomainDnsZones,DC=dominio,DC=local

The replication generated an error (1256):

Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.

The failure occurred at 2016-07-20 11:56:23.

The last success occurred at 2016-05-06 23:47:48.

2331 failures have occurred since the last success.

[Replications Check,W2k3] A recent replication attempt failed:

From W2k8 to W2k3

Naming Context: CN=Schema,CN=Configuration,DC=dominio,DC=local

The replication generated an error (-2146893022):

Nome principale di destinazione scorretto.

The failure occurred at 2016-07-20 11:56:23.

The last success occurred at 2016-06-01 12:54:16.

1176 failures have occurred since the last success.

[Replications Check,W2k3] A recent replication attempt failed:

From W2k8 to W2k3

Naming Context: CN=Configuration,DC=dominio,DC=local

The replication generated an error (-2146893022):

Nome principale di destinazione scorretto.

The failure occurred at 2016-07-20 11:56:23.

The last success occurred at 2016-06-01 12:54:15.

1184 failures have occurred since the last success.

[Replications Check,W2k3] A recent replication attempt failed:

From W2k8 to W2k3

Naming Context: DC=dominio,DC=local

The replication generated an error (-2146893022):

Nome principale di destinazione scorretto.

The failure occurred at 2016-07-20 12:18:42.

The last success occurred at 2016-06-01 13:02:06.

8877 failures have occurred since the last success.

REPLICATION-RECEIVED LATENCY WARNING

W2k3: Current time is 2016-07-20 12:19:02.

DC=ForestDnsZones,DC=dominio,DC=local

Last replication recieved from W2k8 at 2016-06-01 12:53:16.

DC=DomainDnsZones,DC=dominio,DC=local

Last replication recieved from W2k8 at 2016-05-06 23:47:48.

CN=Schema,CN=Configuration,DC=dominio,DC=local

Last replication recieved from W2k8 at 2016-06-01 12:53:16.

CN=Configuration,DC=dominio,DC=local

Last replication recieved from W2k8 at 2016-06-01 12:53:16.

DC=dominio,DC=local

Last replication recieved from W2k8 at 2016-06-01 13:01:07.

......................... W2k3 passed test Replications

Starting test: NCSecDesc

......................... W2k3 passed test NCSecDesc

Starting test: NetLogons

......................... W2k3 passed test NetLogons

Starting test: Advertising

Warning: W2k3 is not advertising as a time server.

......................... W2k3 failed test Advertising

Starting test: KnowsOfRoleHolders

Warning: W2k8 is the Schema Owner, but is not responding to DS RPC Bind.

[W2k8] LDAP bind failed with error 8341,

Errore del servizio directory..

Warning: W2k8 is the Schema Owner, but is not responding to LDAP Bind.

Warning: W2k8 is the Domain Owner, but is not responding to DS RPC Bind.

Warning: W2k8 is the Domain Owner, but is not responding to LDAP Bind.

Warning: W2k8 is the PDC Owner, but is not responding to DS RPC Bind.

Warning: W2k8 is the PDC Owner, but is not responding to LDAP Bind.

Warning: W2k8 is the Rid Owner, but is not responding to DS RPC Bind.

Warning: W2k8 is the Rid Owner, but is not responding to LDAP Bind.

Warning: W2k8 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.

Warning: W2k8 is the Infrastructure Update Owner, but is not responding to LDAP Bind.

......................... W2k3 failed test KnowsOfRoleHolders

Starting test: RidManager

......................... W2k3 failed test RidManager

Starting test: MachineAccount

......................... W2k3 passed test MachineAccount

Starting test: Services

......................... W2k3 passed test Services

Starting test: ObjectsReplicated

......................... W2k3 passed test ObjectsReplicated

Starting test: frssysvol

......................... W2k3 passed test frssysvol

Starting test: frsevent

There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL

replication problems may cause Group Policy problems.

......................... W2k3 failed test frsevent

Starting test: kccevent

......................... W2k3 passed test kccevent

Starting test: systemlog

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 11:23:54

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 11:24:09

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC000001B

Time Generated: 07/20/2016 11:25:23

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 11:42:19

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 11:54:10

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 11:54:10

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC000001A

Time Generated: 07/20/2016 11:56:53

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 12:19:03

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 07/20/2016 12:19:06

(Event String could not be retrieved)

......................... W2k3 failed test systemlog

Starting test: VerifyReferences

......................... W2k3 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : dominio

Starting test: CrossRefValidation

......................... dominio passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... dominio passed test CheckSDRefDom

Running enterprise tests on : dominio.local

Starting test: Intersite

......................... dominio.local passed test Intersite

Starting test: FsmoCheck

Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355

A Good Time Server could not be located.

......................... dominio.local failed test FsmoCheck

*******************************************************************************************************************

Repadmin.exe /showreps

Default-First-Site-Name\W2k3

DC Options: IS_GC

Site Options: (none)

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

DC invocationID: 21af6366-86e6-4a0f-a3fe-c6048edd4a8e

==== INBOUND NEIGHBORS ======================================

DC=dominio,DC=local

Default-First-Site-Name\W2k8 via RPC

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

Last attempt @ 2016-07-20 12:33:42 failed, result -2146893022 (0x80090322):

Nome principale di destinazione scorretto.

8887 consecutive failure(s).

Last success @ 2016-06-01 13:02:06.

CN=Configuration,DC=dominio,DC=local

Default-First-Site-Name\W2k8 via RPC

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

Last attempt @ 2016-07-20 11:56:23 failed, result -2146893022 (0x80090322):

Nome principale di destinazione scorretto.

1184 consecutive failure(s).

Last success @ 2016-06-01 12:54:15.

CN=Schema,CN=Configuration,DC=dominio,DC=local

Default-First-Site-Name\W2k8 via RPC

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

Last attempt @ 2016-07-20 11:56:23 failed, result -2146893022 (0x80090322):

Nome principale di destinazione scorretto.

1176 consecutive failure(s).

Last success @ 2016-06-01 12:54:16.

DC=DomainDnsZones,DC=dominio,DC=local

Default-First-Site-Name\W2k8 via RPC

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

Last attempt @ 2016-07-20 11:56:23 failed, result 1256 (0x4e8):

Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida

di Windows.

2331 consecutive failure(s).

Last success @ 2016-05-06 23:47:48.

DC=ForestDnsZones,DC=dominio,DC=local

Default-First-Site-Name\W2k8 via RPC

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

Last attempt @ 2016-07-20 11:56:23 failed, result 1256 (0x4e8):

Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida

di Windows.

1176 consecutive failure(s).

Last success @ 2016-06-01 12:54:16.

Source: Default-First-Site-Name\W2k8

******* 8884 CONSECUTIVE FAILURES since 2016-06-01 13:02:06

Last error: -2146893022 (0x80090322):

Nome principale di destinazione scorretto.

*******************************************************************************************************************

Nltest /dsgetdc: /pdc /force /avoidself

DC: \W2k8.dominio.local

Address: \10.1.10.21

Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a

Dom Name: dominio.local

Forest Name: dominio.local

Dc Site Name: Default-First-Site-Name

Our Site Name: Default-First-Site-Name

Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x1000

The command completed successfully

*******************************************************************************************************************

nltest /dsgetdc: /gc /force

DC: \W2k3.dominio.local

Address: \10.1.10.56

Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a

Dom Name: dominio.local

Forest Name: dominio.local

Dc Site Name: Default-First-Site-Name

Our Site Name: Default-First-Site-Name

Flags: GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE

The command completed successfully

*******************************************************************************************************************

W2k8

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\W2k8

Starting test: Connectivity

......................... W2k8 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\W2k8

Starting test: Replications

REPLICATION LATENCY WARNING

ERROR: Expected notification link is missing.

Source W2k3

Replication of new changes along this path will be delayed.

This problem should self-correct on the next periodic sync.

......................... W2k8 passed test Replications

Starting test: NCSecDesc

......................... W2k8 passed test NCSecDesc

Starting test: NetLogons

......................... W2k8 passed test NetLogons

Starting test: Advertising

Warning: W2k8 is not advertising as a time server.

......................... W2k8 failed test Advertising

Starting test: KnowsOfRoleHolders

......................... W2k8 passed test KnowsOfRoleHolders

Starting test: RidManager

......................... W2k8 passed test RidManager

Starting test: MachineAccount

......................... W2k8 passed test MachineAccount

Starting test: Services

w32time Service is stopped on [W2k8]

......................... W2k8 failed test Services

Starting test: ObjectsReplicated

......................... W2k8 passed test ObjectsReplicated

Starting test: frssysvol

......................... W2k8 passed test frssysvol

Starting test: frsevent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.

......................... W2k8 failed test frsevent

Starting test: kccevent

......................... W2k8 passed test kccevent

Starting test: systemlog

......................... W2k8 passed test systemlog

Starting test: VerifyReferences

......................... W2k8 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : dominio

Starting test: CrossRefValidation

......................... dominio passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... dominio passed test CheckSDRefDom

Running enterprise tests on : dominio.local

Starting test: Intersite

......................... dominio.local passed test Intersite

Starting test: FsmoCheck

Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355

A Good Time Server could not be located.

......................... dominio.local failed test FsmoCheck

*******************************************************************************************************************

Repadmin.exe /showreps

Default-First-Site-Name\W2k8

DC Options: IS_GC

Site Options: (none)

DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5

DC invocationID: 4650e772-3559-4454-9f47-bb283b501cb5

==== INBOUND NEIGHBORS ======================================

DC=dominio,DC=local

Default-First-Site-Name\W2k3 via RPC

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

Last attempt @ 2016-07-20 11:53:19 was successful.

CN=Configuration,DC=dominio,DC=local

Default-First-Site-Name\W2k3 via RPC

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

Last attempt @ 2016-07-20 11:53:19 was successful.

CN=Schema,CN=Configuration,DC=dominio,DC=local

Default-First-Site-Name\W2k3 via RPC

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

Last attempt @ 2016-07-20 11:53:19 was successful.

DC=DomainDnsZones,DC=dominio,DC=local

Default-First-Site-Name\W2k3 via RPC

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

Last attempt @ 2016-07-20 11:53:19 was successful.

DC=ForestDnsZones,DC=dominio,DC=local

Default-First-Site-Name\W2k3 via RPC

DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7

Last attempt @ 2016-07-20 11:53:19 was successful.

*******************************************************************************************************************

Nltest /dsgetdc: /pdc /force /avoidself

DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

*******************************************************************************************************************

nltest /dsgetdc: /gc /force

DC: \W2k8.dominio.local

Address: \10.1.10.21

Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a

Dom Name: dominio.local

Forest Name: dominio.local

Dc Site Name: Default-First-Site-Name

Our Site Name: Default-First-Site-Name

Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x1000

The command completed successfully

*******************************************************************************************************************

La cosa che mi balza subito all'occhio è che se provo ad accedere dal File System da W2K3 a W2k8 con il nome della macchina (\W2K8) ottengo il seguente errore

Impossibile accedere a \W2K8. L'utente potrebbe non disporrre dell'autorizzazione necessaria per l'utilizzo della risorsa di rete. Errore di Accesso. Il nome dell'account di destinazione non è corretto.

Mentre inserendo l'ip funziona correttamente (\10.1.10.21)

Questo mi capita su tutti i pc della rete.

Quindi il problema dovrebbe risiedere nel DNS?? ho controllato più volte e sia nella di ricerca diretta (Host presente) che inversa (PTR presente) è tutto configurato.

Per ulteriore analisi ho messo su l'Active Directory Replication Monitor e per W2k8 è tutto corretto non ho nessun errore, per il W2k3, invece tutte le repliche hanno l'avviso di errore (cerchietto rosso con x bianca) con il seguente errore: Nome principale di destinazione scorretto.

Qualcuno riesce ad illuminarmi? [:D][:D]

Grazie a tutti.

Condividi tramite

2 risposte aggiuntive