authoritative restore system state
Pregunta
-
Escenario:
Un forest
DC=srv1.stany.com
OU=sales (mas varios OU hijos)
DNS integrated=192.168.1.1
Backup system state=ok
FSMO=Schema master
Domain role owner
PDC
RID
InfrastructureDC=srv2.stany.com
Backup system state=ok
DNS integrated=192.168.1.2
Backup system state=ok
FSMO=noneEn srv1 elimino el contenido de OU sales, reinicio como dsrepair, ejecuto dsutil y aparece el suiguiente mensaje adjuntado, que puede ser o que estoy haciendo mal ?
Respuestas
Todas las respuestas
-
Coloco:
authotitative restore: res sub "ou=sales,dc=stany,dc=com"
y luego:
-
Sebastian, hice todos los pasos pero no funcionó
Guillermo te respondo:
DN esta bien escrito
Se hizo un backup y luego de eliminó"Aparentemente el bkp estaba dañado" Reinicié el DC en modo normal, cree nuevamente las OUs, realicé bkp, eliminé el contenido de SALES, reinicio en modo DR, ejecuto ntdsutil (adjunto imagen), lo hace bien, reinicio en modo normal pero me doy cuenta que no está el contenido de SALES, y cuando intento crear un grupo aparece popup (imagen)
-
Pude realizar todos los pasos sin problemas, reinicio en normal mode, (adjunto imagenes), no puedo crear objetos en "test ou".
- Editado Ignacio Barrios sábado, 5 de mayo de 2012 16:47
-
Deja crear OUs en otro lugar del dominio, incluso da un evento (adjunto imagen). Copio rta del dcdiag /v.
parte 1:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine srv1, is a DC.
* Connecting to directory service on server srv1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.Doing initial required tests
Testing server: site1\SRV1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SRV1 passed test ConnectivityDoing primary tests
Testing server: site1\SRV1
Starting test: Replications
* Replications Check
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: DC=ForestDnsZones,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 21:57:38.
The last success occurred at 2012-04-27 13:30:56.
18 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV4 to SRV1
Naming Context: DC=ForestDnsZones,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 21:58:30.
The last success occurred at 2012-04-27 12:48:25.
11 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV3 to SRV1
Naming Context: DC=ForestDnsZones,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 22:27:49.
The last success occurred at 2012-05-01 12:59:40.
50 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: DC=DomainDnsZones,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 21:57:38.
The last success occurred at 2012-04-27 13:30:56.
18 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV3 to SRV1
Naming Context: DC=DomainDnsZones,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 22:27:49.
The last success occurred at 2012-05-01 12:59:40.
50 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV4 to SRV1
Naming Context: CN=Schema,CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 22:00:03.
The last success occurred at 2012-04-27 12:47:42.
10 failures have occurred since the last success.
[SRV4] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:37:47:597
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.Detection location is 322
Error Record 2, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:37:47:597
Generating component is 8 (winsock)
Status is 11001: No such host is known.Detection location is 320
NumberOfParameters is 1
Unicode string: 2c9ba0bf-81df-4aca-8738-6cf3be2cc8eb._msdcs.stany.com
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: CN=Schema,CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 22:00:24.
The last success occurred at 2012-04-27 13:30:56.
17 failures have occurred since the last success.
[SRV2] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:8:557
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.Detection location is 323
Error Record 2, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:8:557
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.Detection location is 313
Error Record 3, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:8:557
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:8:557
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.Detection location is 318
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV3 to SRV1
Naming Context: CN=Schema,CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 22:28:31.
The last success occurred at 2012-05-01 12:59:19.
49 failures have occurred since the last success.
[SRV3] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:29:487
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.Detection location is 323
Error Record 2, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:29:487
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.Detection location is 313
Error Record 3, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:29:487
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3768 (DcDiag)
System Time is: 5/6/2012 1:38:29:487
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.Detection location is 318
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV4 to SRV1
Naming Context: CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 21:58:30.
The last success occurred at 2012-04-27 12:47:21.
11 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 21:58:51.
The last success occurred at 2012-04-27 13:30:56.
18 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV3 to SRV1
Naming Context: CN=Configuration,DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 22:28:10.
The last success occurred at 2012-05-01 12:58:07.
50 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 21:57:38.
The last success occurred at 2012-04-27 13:30:56.
17 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV3 to SRV1
Naming Context: DC=stany,DC=com
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2012-05-05 22:27:49.
The last success occurred at 2012-05-01 12:59:40.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV2 to SRV1
Naming Context: DC=child,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 21:57:38.
The last success occurred at 2012-04-27 13:30:56.
15 failures have occurred since the last success.
[Replications Check,SRV1] A recent replication attempt failed:
From SRV4 to SRV1
Naming Context: DC=child,DC=stany,DC=com
The replication generated an error (1256):
Win32 Error 1256
The failure occurred at 2012-05-05 21:58:30.
The last success occurred at 2012-04-27 12:48:25.
8 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
SRV1: Current time is 2012-05-05 22:37:43.
DC=ForestDnsZones,DC=stany,DC=com
Last replication recieved from SRV2 at 2012-04-27 13:31:03.
Last replication recieved from SRV3 at 2012-05-01 12:59:46.
Last replication recieved from SRV4 at 2012-04-27 12:48:29.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=stany,DC=com
Last replication recieved from SRV2 at 2012-04-27 13:31:03.
Last replication recieved from SRV3 at 2012-05-01 12:59:46.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=stany,DC=com
Last replication recieved from SRV2 at 2012-04-27 13:31:03.
Last replication recieved from SRV3 at 2012-05-01 12:59:25.
Last replication recieved from SRV4 at 2012-04-27 12:47:47.
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=stany,DC=com
Last replication recieved from SRV2 at 2012-04-27 13:31:03.
Last replication recieved from SRV3 at 2012-05-01 12:58:13.
Last replication recieved from SRV4 at 2012-04-27 12:47:26.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=stany,DC=com
Last replication recieved from SRV2 at 2012-04-27 13:31:03.
Last replication recieved from SRV3 at 2012-05-01 12:59:46.
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=child,DC=stany,DC=com
Last replication recieved from SRV4 at 2012-04-27 12:48:29.
Latency information for 3 entries in the vector were ignored.
2 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
REPLICATION-RECEIVED LATENCY WARNINGSource site:
CN=NTDS Site Settings,CN=site2,CN=Sites,CN=Configuration,DC=stany,DC=com
Current time: 2012-05-05 22:38:29
Last update time: 2012-04-27 13:04:09
Check if source site has an elected ISTG running.
Check replication from source site to this server.
REPLICATION-RECEIVED LATENCY WARNINGSource site:
CN=NTDS Site Settings,CN=site3,CN=Sites,CN=Configuration,DC=stany,DC=com
Current time: 2012-05-05 22:38:29
Last update time: 2012-05-01 12:39:10
Check if source site has an elected ISTG running.
Check replication from source site to this server.
......................... SRV1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SRV1.
* Security Permissions Check for
DC=ForestDnsZones,DC=stany,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=stany,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=stany,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=stany,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=stany,DC=com
(Domain,Version 2)
* Security Permissions Check for
DC=child,DC=stany,DC=com
(Domain,Version 2)
......................... SRV1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SRV1\netlogon)
[SRV1] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203.
......................... SRV1 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SRV1) call failed, error 1355
The Locator could not find the server.
......................... SRV1 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRV1,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=stany,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SRV1,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=stany,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SRV1,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=stany,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SRV2,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=stany,DC=com
Warning: SRV2 is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
[SRV2] LDAP search failed with error 58,
Win32 Error 58.
Warning: SRV2 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRV2,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=stany,DC=com
Warning: SRV2 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
Warning: SRV2 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... SRV1 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4603 to 1073741823
* srv2.stany.com is the RID Master
......................... SRV1 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC SRV1 on DC SRV1.
* SPN found :LDAP/srv1.stany.com/stany.com
* SPN found :LDAP/srv1.stany.com
* SPN found :LDAP/SRV1
* SPN found :LDAP/srv1.stany.com/STANY
* SPN found :LDAP/24a99e62-056a-43f4-b177-102a34dd6e34._msdcs.stany.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a99e62-056a-43f4-b177-102a34dd6e34/stany.com
* SPN found :HOST/srv1.stany.com/stany.com
* SPN found :HOST/srv1.stany.com
* SPN found :HOST/SRV1
* SPN found :HOST/srv1.stany.com/STANY
* SPN found :GC/srv1.stany.com/stany.com
......................... SRV1 passed test MachineAccount -
Compmrendo, mira buscando soporte por internet aplique lo siguiente:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
Luego de reiniciar, hice:
seize rid master
seize infrastructure master(Adjunto imagen) ahora puedo crear objetos dentro de OU "test OU", pero mi gran duda es
cual es la diferencia de hacer un authoritative restore y no-authoritative restore ?
