Как устранить ошибки связанные с репликацией 2-х контроллеров домена?

Question

[NevilLasky]

Есть 2 контроллера домена которые друг друга реплицируют не давно возникла проблема что пользователь меняет свой пароль он меняется на контроллере но не реплицируется на другой контроллер домена. Как можно найти и устранить неполадку? Логи которые нужны могу показать. Спасибо!

Comments

[ldv]

dcdiag /e /v приложите

[NevilLasky]

ldv: A domain named PrimaryDC could not be located.

The error is

The specified domain either does not exist or could not be contacted.

Check syntax and validity of specified name.

The specified naming context is incorrect and will be ignored.

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine PrimaryDC, is a Directory Server.
Home Server = PrimaryDC

* Connecting to directory service on server PrimaryDC.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SDCORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

Ldap search capability attribute search failed on server SDCORE, return

value = 81
Got error while checking if the DC is using FRS or DFSR. Error:

Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail

because of this error.

* Found 3 DC(s). Testing 3 of them.

Done gathering initial info.

Doing initial required tests


Testing server: Default-First-Site-Name\SDCORE

Starting test: Connectivity

* Active Directory LDAP Services Check
The host ed08c8f0-574f-4fa7-88bf-a813fe6b6154._msdcs.micros.ucd.uz

could not be resolved to an IP address. Check the DNS server, DHCP,

server name, etc.

Neither the the server name (SDCORE.micros.ucd.uz) nor the Guid DNS

name (ed08c8f0-574f-4fa7-88bf-a813fe6b6154._msdcs.micros.ucd.uz) could

be resolved by DNS. Check that the server is up and is registered

correctly with the DNS server.
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... SDCORE failed test Connectivity


Testing server: Default-First-Site-Name\PRIMARYDC

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity


Testing server: Default-First-Site-Name\DC2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity

Doing primary tests


Testing server: Default-First-Site-Name\SDCORE

Skipping all tests, because server SDCORE is not responding to directory

service requests.

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas


Testing server: Default-First-Site-Name\PRIMARYDC

Starting test: Advertising

The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
Skip the test because the server is running DFSR.

......................... PRIMARYDC passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... PRIMARYDC passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
A warning event occurred. EventID: 0x8000082C

Time Generated: 08/05/2016 18:19:36

Event String:



This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.



Operations which require contacting a FSMO operation master will fail until this condition is corrected.



FSMO Role: DC=micros,DC=ucd,DC=uz



User Action:



1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.

2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.

3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on support.microsoft.com.



The following operations may be impacted:

Schema: You will no longer be able to modify the schema for this forest.

Domain Naming: You will no longer be able to add or remove domains from this forest.

PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.

RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.

Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

A warning event occurred. EventID: 0x80000785

Time Generated: 08/05/2016 18:26:59

Event String:

The attempt to establish a replication link for the following writable directory partition failed.



Directory partition:

DC=DomainDnsZones,DC=micros,DC=ucd,DC=uz

Source directory service:

CN=NTDS Settings,CN=SDCORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz

Source directory service address:

ed08c8f0-574f-4fa7-88bf-a813fe6b6154._msdcs.micros.ucd.uz

Intersite transport (if any):





This directory service will be unable to replicate with the source directory service until this problem is corrected.



User Action

Verify if the source directory service is accessible or network connectivity is available.



Additional Data

Error value:

8524 The DSA operation is unable to proceed because of a DNS lookup failure.

Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Domain Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role PDC Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Rid Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Infrastructure Update Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
......................... PRIMARYDC passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PrimaryDC.micros.ucd.uz/micros.ucd.uz
* SPN found :LDAP/PrimaryDC.micros.ucd.uz
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PrimaryDC.micros.ucd.uz/MICROS
* SPN found :LDAP/355f3073-aa9f-42e4-b5a7-a52e47b1fd75._msdcs.micros.ucd.uz
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/355f3073-aa9f-42e4-b5a7-a52e47b1fd75/micros.ucd.uz
* SPN found :HOST/PrimaryDC.micros.ucd.uz/micros.ucd.uz
* SPN found :HOST/PrimaryDC.micros.ucd.uz
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PrimaryDC.micros.ucd.uz/MICROS
* SPN found :GC/PrimaryDC.micros.ucd.uz/micros.ucd.uz
......................... PRIMARYDC passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC PRIMARYDC.
* Security Permissions Check for

DC=ForestDnsZones,DC=micros,DC=ucd,DC=uz
(NDNC,Version 3)
* Security Permissions Check for

DC=DomainDnsZones,DC=micros,DC=ucd,DC=uz
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=micros,DC=ucd,DC=uz
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=micros,DC=ucd,DC=uz
(Configuration,Version 3)
* Security Permissions Check for

DC=micros,DC=ucd,DC=uz
(Domain,Version 3)
......................... PRIMARYDC passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons

Starting test: ObjectsReplicated

PRIMARYDC is in domain DC=micros,DC=ucd,DC=uz
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz in domain DC=micros,DC=ucd,DC=uz on 2 servers
Authoritative attribute userAccountControl on DC2 (writeable)
usnLocalChange = 5297504
LastOriginatingDsa = DC2
usnOriginatingChange = 5297504
timeLastOriginatingChange = 2016-06-07 17:32:05
VersionLastOriginatingChange = 6
Out-of-date attribute userAccountControl on PRIMARYDC (writeable)
usnLocalChange = 5511937
LastOriginatingDsa = PRIMARYDC
usnOriginatingChange = 5511936
timeLastOriginatingChange = 2016-06-01 11:48:35
VersionLastOriginatingChange = 6
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz in domain CN=Configuration,DC=micros,DC=ucd,DC=uz on 2 servers
Object is up-to-date on all servers.
......................... PRIMARYDC failed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
[Replications Check,PRIMARYDC] A recent replication attempt failed:

From DC2 to PRIMARYDC

Naming Context: DC=micros,DC=ucd,DC=uz

The replication generated an error (8453):

Replication access was denied.

The failure occurred at 2016-08-05 17:48:33.

The last success occurred at 2016-06-01 11:48:36.

1582 failures have occurred since the last success.

The machine account for the destination PRIMARYDC.

is not configured properly.

Check the userAccountControl field.

Kerberos Error.

The machine account is not present, or does not match on the.

destination, source or KDC servers.

Verify domain partition of KDC is in sync with rest of enterprise.

The tool repadmin/syncall can be used for this purpose.

REPLICATION LATENCY WARNING

ERROR: Expected notification link is missing.

Source DC2

Replication of new changes along this path will be delayed.

This problem should self-correct on the next periodic sync.

......................... PRIMARYDC failed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 31100 to 1073741823
* PrimaryDC.micros.ucd.uz is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 30600 to 31099
* rIDPreviousAllocationPool is 29100 to 29599
* rIDNextRID: 29393
......................... PRIMARYDC passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services

Starting test: SystemLog

* The System Event log test
An error event occurred. EventID: 0xC00010E1

Time Generated: 08/05/2016 17:51:02

Event String:

The name "MICROS :1b" could not be registered on the interface with IP address 192.168.1.88. The computer with the IP address 192.168.1.8 did not allow the name to be claimed by this computer.

An error event occurred. EventID: 0xC00010E1

Time Generated: 08/05/2016 17:51:23

Event String:

The name "MICROS :1b" could not be registered on the interface with IP address 192.168.1.88. The computer with the IP address 192.168.1.8 did not allow the name to be claimed by this computer.

......................... PRIMARYDC failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=PRIMARYDC,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz and backlink

on

CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz

are correct.
The system object reference (serverReferenceBL)

CN=PRIMARYDC,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=micros,DC=ucd,DC=uz

and backlink on

CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz

are correct.
The system object reference (msDFSR-ComputerReferenceBL)

CN=PRIMARYDC,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=micros,DC=ucd,DC=uz

and backlink on

CN=PRIMARYDC,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz are correct.

......................... PRIMARYDC passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Testing server: Default-First-Site-Name\DC2

Starting test: Advertising

The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
The DS DC2 is advertising as a GC.
......................... DC2 passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
Skip the test because the server is running DFSR.

......................... DC2 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
The event log DFS Replication on server DC2.micros.ucd.uz could not be

queried, error 0x6ba "The RPC server is unavailable."

......................... DC2 failed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC2 passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
The event log Directory Service on server DC2.micros.ucd.uz could not

be queried, error 0x6ba "The RPC server is unavailable."

......................... DC2 failed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Domain Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role PDC Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Rid Owner = CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz
......................... DC2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC DC2 on DC DC2.
* SPN found :LDAP/DC2.micros.ucd.uz/micros.ucd.uz
* SPN found :LDAP/DC2.micros.ucd.uz
* SPN found :LDAP/DC2
* SPN found :LDAP/DC2.micros.ucd.uz/MICROS
* SPN found :LDAP/2d31823c-1519-440a-8aa0-04ae367602dc._msdcs.micros.ucd.uz
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2d31823c-1519-440a-8aa0-04ae367602dc/micros.ucd.uz
* SPN found :HOST/DC2.micros.ucd.uz/micros.ucd.uz
* SPN found :HOST/DC2.micros.ucd.uz
* SPN found :HOST/DC2
* SPN found :HOST/DC2.micros.ucd.uz/MICROS
* SPN found :GC/DC2.micros.ucd.uz/micros.ucd.uz
......................... DC2 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC DC2.
* Security Permissions Check for

DC=ForestDnsZones,DC=micros,DC=ucd,DC=uz
(NDNC,Version 3)
* Security Permissions Check for

DC=DomainDnsZones,DC=micros,DC=ucd,DC=uz
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=micros,DC=ucd,DC=uz
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=micros,DC=ucd,DC=uz
(Configuration,Version 3)
* Security Permissions Check for

DC=micros,DC=ucd,DC=uz
(Domain,Version 3)
......................... DC2 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\DC2\netlogon
Verified share \\DC2\sysvol
......................... DC2 passed test NetLogons

Starting test: ObjectsReplicated

DC2 is in domain DC=micros,DC=ucd,DC=uz
Checking for CN=DC2,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz in domain DC=micros,DC=ucd,DC=uz on 2 servers
Authoritative attribute lastLogonTimestamp on DC2 (writeable)
usnLocalChange = 5728594
LastOriginatingDsa = DC2
usnOriginatingChange = 5728594
timeLastOriginatingChange = 2016-07-31 10:41:53
VersionLastOriginatingChange = 68
Out-of-date attribute lastLogonTimestamp on PRIMARYDC (writeable)
usnLocalChange = 5857504
LastOriginatingDsa = PRIMARYDC
usnOriginatingChange = 5857504
timeLastOriginatingChange = 2016-08-03 22:49:02
VersionLastOriginatingChange = 66
Authoritative attribute pwdLastSet on DC2 (writeable)
usnLocalChange = 5712984
LastOriginatingDsa = DC2
usnOriginatingChange = 5712984
timeLastOriginatingChange = 2016-07-29 00:19:15
VersionLastOriginatingChange = 24
Out-of-date attribute pwdLastSet on PRIMARYDC (writeable)
usnLocalChange = 5640909
LastOriginatingDsa = PRIMARYDC
usnOriginatingChange = 5640909
timeLastOriginatingChange = 2016-06-28 10:03:51
VersionLastOriginatingChange = 23
Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz in domain CN=Configuration,DC=micros,DC=ucd,DC=uz on 2 servers
Object is up-to-date on all servers.
......................... DC2 failed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING

DC2: Current time is 2016-08-05 18:34:26.

DC=ForestDnsZones,DC=micros,DC=ucd,DC=uz
Last replication received from SDCORE at
2014-04-04 09:54:54
WARNING: This latency is over the Tombstone Lifetime of 180

days!

Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=micros,DC=ucd,DC=uz
Last replication received from SDCORE at
2014-04-04 09:54:54
WARNING: This latency is over the Tombstone Lifetime of 180

days!

Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=micros,DC=ucd,DC=uz
Last replication received from SDCORE at
2014-04-04 09:54:54
WARNING: This latency is over the Tombstone Lifetime of 180

days!

Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=micros,DC=ucd,DC=uz
Last replication received from SDCORE at
2014-04-04 09:54:54
WARNING: This latency is over the Tombstone Lifetime of 180

days!

Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=micros,DC=ucd,DC=uz
Last replication received from SDCORE at
2014-04-04 10:00:33
WARNING: This latency is over the Tombstone Lifetime of 180

days!

Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC2 passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 31100 to 1073741823
* PrimaryDC.micros.ucd.uz is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 30100 to 30599
* rIDPreviousAllocationPool is 30100 to 30599
* rIDNextRID: 30244
......................... DC2 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2 passed test Services

Starting test: SystemLog

* The System Event log test
The event log System on server DC2.micros.ucd.uz could not be queried,

error 0x6ba "The RPC server is unavailable."

......................... DC2 failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=DC2,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz and backlink on

CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz

are correct.
The system object reference (serverReferenceBL)

CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=micros,DC=ucd,DC=uz

and backlink on

CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micros,DC=ucd,DC=uz

are correct.
The system object reference (msDFSR-ComputerReferenceBL)

CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=micros,DC=ucd,DC=uz

and backlink on CN=DC2,OU=Domain Controllers,DC=micros,DC=ucd,DC=uz

are correct.
......................... DC2 passed test VerifyReferences

Test omitted by user request: VerifyReplicas


Test omitted by user request: DNS

Test omitted by user request: DNS


Test omitted by user request: DNS

Test omitted by user request: DNS


Test omitted by user request: DNS

Test omitted by user request: DNS


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : micros

Starting test: CheckSDRefDom

......................... micros passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... micros passed test CrossRefValidation


Running enterprise tests on : micros.ucd.uz

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\PrimaryDC.micros.ucd.uz

Locator Flags: 0xe000f3fd
PDC Name: \\PrimaryDC.micros.ucd.uz
Locator Flags: 0xe000f3fd
Time Server Name: \\PrimaryDC.micros.ucd.uz
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\PrimaryDC.micros.ucd.uz
Locator Flags: 0xe000f3fd
KDC Name: \\PrimaryDC.micros.ucd.uz
Locator Flags: 0xe000f3fd
......................... micros.ucd.uz passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... micros.ucd.uz passed test Intersite

[Алексей Ярков]

NevilLasky: я не в теме, но... Уберите нафиг портянку на pastebin ))) это ужасно )))

Answer 1

[SergeySL]

1. Посмотреть, какой контроллер не реплицируется, с помощью replmon;
2. Запустить на нем службу ntfrs в режиме восстановления примерно так
https://blog.it-kb.ru/2010/04/07/group-policy-repl...

Comments

[NevilLasky]

спасибо попробую.