Mancata Replica AD

mercoledì 20 luglio 2016 - 16.58
Tag Elenco Tags  Windows Server 2008 R2  |  Windows Server 2003  |  Windows 7

fabiopig Profilo | Newbie

Ciao a tutti,
sono nuovo del forum e vorrei salutare tutti e ringraziare chi può aiutarmi a risolvere il mio problema.
Ho un AD con 2 DC un w2k8 (Macchina Virtuale) PDC e un w2k3 (Macchina Fisica) promosso a DC in un secondo momento, entrambe hanno il server DNS installato.
Tutto è filato liscio fino a quando un bel giorno il PDC non si è più avviato, schermata blu e riavvio continuo. Ho rimesso in piedi la macchina virtuale da una copia di BK che mensilmente faccio.
Tutto sembrava funzionare correttamente, gli utenti si autenticano correttamente in dominio e il DNS svolge correttamente il suo lavoro, fino a quando ho formattato un Postazione di Lavoro e al momento di fargli prendere le policy di dominio con un gpupdate /force, mi si è aperto un modo parallelo e nascosto..... Il comando mi da il seguente errore:

Impossibile aggiornare i criteri utente. Si sono verificati gli errori seguenti:

Elaborazione dei Criteri di gruppo non riuscita. È stato tentato il recupero del le nuove impostazioni dei Criteri di gruppo per l'utente o il computer corrente. Per ottenere il codice e una descrizione dell'errore, vedere la scheda dei dettagli. L'operazione verrà ritentata automaticamente durante il ciclo di aggiornamento successivo. Per l'individuazione di nuovi oggetti Criteri di gruppo e delle relative impostazioni, i computer aggiunti al dominio devono disporre di un servizio di risoluzione dei nomi appropriato e di connettività di rete a un controller di dominio. Al completamento dell'elaborazione dei Criteri di gruppo verrà registrato un evento.Impossibile aggiornare i criteri computer. Si sono verificati gli errori seguenti:

Elaborazione dei Criteri di gruppo non riuscita. È stato tentato il recupero delle nuove impostazioni dei Criteri di gruppo per l'utente o il computer corrente. Per ottenere il codice e una descrizione dell'errore, vedere la scheda dei dettagli. L'operazione verrà ritentata automaticamente durante il ciclo di aggiornamento successivo. Per l'individuazione di nuovi oggetti Criteri di gruppo e delle relative impostazioni, i computer aggiunti al dominio devono disporre di un servizio di risoluzione dei nomi appropriato e di connettività di rete a un controller di dominio. Al completamento dell'elaborazione dei Criteri di gruppo verrà registrato un evento.

Per diagnosticare l'errore, esaminare il registro eventi o eseguire GPRESULT /H GPReport.html dalla riga di comando per accedere alle informazioni sui risultati di Criteri di gruppo.

In realtà, alcune policy vengono applicate, altre no...

Facendo un po di troubleshooting mi sono reso conto che qualcosa non andava nelle repliche di Active Directory, sia nel registro eventi dei 2 DC che con i comandi di diagnostica avevo parecchi problemi.
Vi scrivo in dettaglio quanto sto riscontrando sui 2 server:

W2k3

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\W2k3
Starting test: Connectivity
......................... W2k3 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\W2k3
Starting test: Replications
[Replications Check,W2k3] A recent replication attempt failed:
From W2k8 to W2k3
Naming Context: DC=ForestDnsZones,DC=dominio,DC=local
The replication generated an error (1256):
Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.
The failure occurred at 2016-07-20 11:56:23.
The last success occurred at 2016-06-01 12:54:16.
1176 failures have occurred since the last success.
[W2k8] DsBindWithSpnEx() failed with error -2146893022,
Nome principale di destinazione scorretto..
[Replications Check,W2k3] A recent replication attempt failed:
From W2k8 to W2k3
Naming Context: DC=DomainDnsZones,DC=dominio,DC=local
The replication generated an error (1256):
Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.
The failure occurred at 2016-07-20 11:56:23.
The last success occurred at 2016-05-06 23:47:48.
2331 failures have occurred since the last success.
[Replications Check,W2k3] A recent replication attempt failed:
From W2k8 to W2k3
Naming Context: CN=Schema,CN=Configuration,DC=dominio,DC=local
The replication generated an error (-2146893022):
Nome principale di destinazione scorretto.
The failure occurred at 2016-07-20 11:56:23.
The last success occurred at 2016-06-01 12:54:16.
1176 failures have occurred since the last success.
[Replications Check,W2k3] A recent replication attempt failed:
From W2k8 to W2k3
Naming Context: CN=Configuration,DC=dominio,DC=local
The replication generated an error (-2146893022):
Nome principale di destinazione scorretto.
The failure occurred at 2016-07-20 11:56:23.
The last success occurred at 2016-06-01 12:54:15.
1184 failures have occurred since the last success.
[Replications Check,W2k3] A recent replication attempt failed:
From W2k8 to W2k3
Naming Context: DC=dominio,DC=local
The replication generated an error (-2146893022):
Nome principale di destinazione scorretto.
The failure occurred at 2016-07-20 12:18:42.
The last success occurred at 2016-06-01 13:02:06.
8877 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
W2k3: Current time is 2016-07-20 12:19:02.
DC=ForestDnsZones,DC=dominio,DC=local
Last replication recieved from W2k8 at 2016-06-01 12:53:16.
DC=DomainDnsZones,DC=dominio,DC=local
Last replication recieved from W2k8 at 2016-05-06 23:47:48.
CN=Schema,CN=Configuration,DC=dominio,DC=local
Last replication recieved from W2k8 at 2016-06-01 12:53:16.
CN=Configuration,DC=dominio,DC=local
Last replication recieved from W2k8 at 2016-06-01 12:53:16.
DC=dominio,DC=local
Last replication recieved from W2k8 at 2016-06-01 13:01:07.
......................... W2k3 passed test Replications
Starting test: NCSecDesc
......................... W2k3 passed test NCSecDesc
Starting test: NetLogons
......................... W2k3 passed test NetLogons
Starting test: Advertising
Warning: W2k3 is not advertising as a time server.
......................... W2k3 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: W2k8 is the Schema Owner, but is not responding to DS RPC Bind.
[W2k8] LDAP bind failed with error 8341,
Errore del servizio directory..
Warning: W2k8 is the Schema Owner, but is not responding to LDAP Bind.
Warning: W2k8 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: W2k8 is the Domain Owner, but is not responding to LDAP Bind.
Warning: W2k8 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: W2k8 is the PDC Owner, but is not responding to LDAP Bind.
Warning: W2k8 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: W2k8 is the Rid Owner, but is not responding to LDAP Bind.
Warning: W2k8 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: W2k8 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... W2k3 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... W2k3 failed test RidManager
Starting test: MachineAccount
......................... W2k3 passed test MachineAccount
Starting test: Services
......................... W2k3 passed test Services
Starting test: ObjectsReplicated
......................... W2k3 passed test ObjectsReplicated
Starting test: frssysvol
......................... W2k3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... W2k3 failed test frsevent
Starting test: kccevent
......................... W2k3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 11:23:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 11:24:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001B
Time Generated: 07/20/2016 11:25:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 11:42:19
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 11:54:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 11:54:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001A
Time Generated: 07/20/2016 11:56:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 12:19:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 07/20/2016 12:19:06
(Event String could not be retrieved)
......................... W2k3 failed test systemlog
Starting test: VerifyReferences
......................... W2k3 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : dominio
Starting test: CrossRefValidation
......................... dominio passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... dominio passed test CheckSDRefDom

Running enterprise tests on : dominio.local
Starting test: Intersite
......................... dominio.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... dominio.local failed test FsmoCheck

*******************************************************************************************************************

Repadmin.exe /showreps



Default-First-Site-Name\W2k3
DC Options: IS_GC
Site Options: (none)
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
DC invocationID: 21af6366-86e6-4a0f-a3fe-c6048edd4a8e

==== INBOUND NEIGHBORS ======================================

DC=dominio,DC=local
Default-First-Site-Name\W2k8 via RPC
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
Last attempt @ 2016-07-20 12:33:42 failed, result -2146893022 (0x80090322):
Nome principale di destinazione scorretto.
8887 consecutive failure(s).
Last success @ 2016-06-01 13:02:06.

CN=Configuration,DC=dominio,DC=local
Default-First-Site-Name\W2k8 via RPC
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
Last attempt @ 2016-07-20 11:56:23 failed, result -2146893022 (0x80090322):
Nome principale di destinazione scorretto.
1184 consecutive failure(s).
Last success @ 2016-06-01 12:54:15.

CN=Schema,CN=Configuration,DC=dominio,DC=local
Default-First-Site-Name\W2k8 via RPC
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
Last attempt @ 2016-07-20 11:56:23 failed, result -2146893022 (0x80090322):
Nome principale di destinazione scorretto.
1176 consecutive failure(s).
Last success @ 2016-06-01 12:54:16.

DC=DomainDnsZones,DC=dominio,DC=local
Default-First-Site-Name\W2k8 via RPC
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
Last attempt @ 2016-07-20 11:56:23 failed, result 1256 (0x4e8):
Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida
di Windows.
2331 consecutive failure(s).
Last success @ 2016-05-06 23:47:48.

DC=ForestDnsZones,DC=dominio,DC=local
Default-First-Site-Name\W2k8 via RPC
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
Last attempt @ 2016-07-20 11:56:23 failed, result 1256 (0x4e8):
Il sistema remoto non è disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida
di Windows.
1176 consecutive failure(s).
Last success @ 2016-06-01 12:54:16.

Source: Default-First-Site-Name\W2k8
******* 8884 CONSECUTIVE FAILURES since 2016-06-01 13:02:06
Last error: -2146893022 (0x80090322):
Nome principale di destinazione scorretto.


*******************************************************************************************************************

Nltest /dsgetdc: /pdc /force /avoidself


DC: \\W2k8.dominio.local
Address: \\10.1.10.21
Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
Dom Name: dominio.local
Forest Name: dominio.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x1000
The command completed successfully



*******************************************************************************************************************


nltest /dsgetdc: /gc /force


DC: \\W2k3.dominio.local
Address: \\10.1.10.56
Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
Dom Name: dominio.local
Forest Name: dominio.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE
The command completed successfully


*******************************************************************************************************************


W2k8

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\W2k8
Starting test: Connectivity
......................... W2k8 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\W2k8
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source W2k3
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... W2k8 passed test Replications
Starting test: NCSecDesc
......................... W2k8 passed test NCSecDesc
Starting test: NetLogons
......................... W2k8 passed test NetLogons
Starting test: Advertising
Warning: W2k8 is not advertising as a time server.
......................... W2k8 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... W2k8 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... W2k8 passed test RidManager
Starting test: MachineAccount
......................... W2k8 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [W2k8]
......................... W2k8 failed test Services
Starting test: ObjectsReplicated
......................... W2k8 passed test ObjectsReplicated
Starting test: frssysvol
......................... W2k8 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... W2k8 failed test frsevent
Starting test: kccevent
......................... W2k8 passed test kccevent
Starting test: systemlog
......................... W2k8 passed test systemlog
Starting test: VerifyReferences
......................... W2k8 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : dominio
Starting test: CrossRefValidation
......................... dominio passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... dominio passed test CheckSDRefDom

Running enterprise tests on : dominio.local
Starting test: Intersite
......................... dominio.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... dominio.local failed test FsmoCheck

*******************************************************************************************************************

Repadmin.exe /showreps


Default-First-Site-Name\W2k8
DC Options: IS_GC
Site Options: (none)
DC object GUID: 4650e772-3559-4454-9f47-bb283b501cb5
DC invocationID: 4650e772-3559-4454-9f47-bb283b501cb5

==== INBOUND NEIGHBORS ======================================

DC=dominio,DC=local
Default-First-Site-Name\W2k3 via RPC
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
Last attempt @ 2016-07-20 11:53:19 was successful.

CN=Configuration,DC=dominio,DC=local
Default-First-Site-Name\W2k3 via RPC
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
Last attempt @ 2016-07-20 11:53:19 was successful.

CN=Schema,CN=Configuration,DC=dominio,DC=local
Default-First-Site-Name\W2k3 via RPC
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
Last attempt @ 2016-07-20 11:53:19 was successful.

DC=DomainDnsZones,DC=dominio,DC=local
Default-First-Site-Name\W2k3 via RPC
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
Last attempt @ 2016-07-20 11:53:19 was successful.

DC=ForestDnsZones,DC=dominio,DC=local
Default-First-Site-Name\W2k3 via RPC
DC object GUID: 0d5a48aa-bcf4-41e7-b620-33d0dd235aa7
Last attempt @ 2016-07-20 11:53:19 was successful.

*******************************************************************************************************************
Nltest /dsgetdc: /pdc /force /avoidself

DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

*******************************************************************************************************************

nltest /dsgetdc: /gc /force

DC: \\W2k8.dominio.local
Address: \\10.1.10.21
Dom Guid: eccbfd0e-1aa1-479f-9c25-9c635c3e523a
Dom Name: dominio.local
Forest Name: dominio.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x1000
The command completed successfully

*******************************************************************************************************************

La cosa che mi balza subito all'occhio è che se provo ad accedere dal File System da W2K3 a W2k8 con il nome della macchina (\\W2K8) ottengo il seguente errore

Impossibile accedere a \\W2K8. L'utente potrebbe non disporrre dell'autorizzazione necessaria per l'utilizzo della risorsa di rete. Errore di Accesso. Il nome dell'account di destinazione non è corretto.

Mentre inserendo l'ip funziona correttamente (\\10.1.10.21)
Questo mi capita su tutti i pc della rete.
Quindi il problema dovrebbe risiedere nel DNS?? ho controllato più volte e sia nella di ricerca diretta (Host presente) che inversa (PTR presente) è tutto configurato.

Per ulteriore analisi ho messo su l'Active Directory Replication Monitor e per W2k8 è tutto corretto non ho nessun errore, per il W2k3, invece tutte le repliche hanno l'avviso di errore (cerchietto rosso con x bianca) con il seguente errore: Nome principale di destinazione scorretto.

Qualcuno riesce ad illuminarmi?

Grazie a tutti.
Partecipa anche tu! Registrati!
Hai bisogno di aiuto ?
Perchè non ti registri subito?

Dopo esserti registrato potrai chiedere
aiuto sul nostro Forum oppure aiutare gli altri

Consulta le Stanze disponibili.

Registrati ora !
Copyright © dotNetHell.it 2002-2017
Running on Windows Server 2008 R2 Standard, SQL Server 2012 & ASP.NET 3.5