none
Operation master: ERROR RRS feed

  • Discussione generale

  • Ciao, gestisco un dominio con 2 DC. Aprendo lo snap.in AD users and computers dal DC che non è master, selezionando Operationa masters, nella finestra dove dovrei visualizzare il nome dell'Operation masters visualizzo ERROR. Se apro lo snap-in dal DC master visualizzo tutto correttamente. Come posso risolvere ? I 2 server sono Windows 2003 server R2 standard edition.

     

    Grazie

    Lele

     

    mercoledì 30 marzo 2011 14:17

Tutte le risposte

  • Ciao Lele,

    Ma stanno replicando?

    Hai guardato gli eventi dei due DC? ci sono errori?

    scaricati:

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

    e fai un bel dcdiag /v su entrambi i DC.

    Saluti.


    mercoledì 30 marzo 2011 14:37
  • Ciao non replicano.

    Lele

    mercoledì 30 marzo 2011 15:03
  • Ciao Lele,

    Se..vabbè..con quale errore ? xD

    Saluti.

    mercoledì 30 marzo 2011 15:19
  • Nell'event viewer Directory service c'è l'errore NTDS KCC 1311. Nell'event viewer File Replication Service c'è il warning NtFrs 13508. Eseguendo dcdiag.exe ho verificato che la repiva non funziona da più di 60 giorni esattamente dal 23/01/2011. Un'altra informazione che posso dare è che i 2 DC si trovano in siti deiversi collegati da una von site_to_site.

    Lele

     

    giovedì 31 marzo 2011 13:19
  • Ciao Lele,

    NtFrs 13508:

    Non è che i due DC hanno l'orario non sincronizzato?

    http://support.microsoft.com/kb/285923

    NTDS KCC 1311:

    http://technet.microsoft.com/en-us/library/cc740252%28WS.10%29.aspx

     

    Ma cosa è successo il 23/01/2011? c'è stato un motivo per cui non si replicano più...

    Saluti.

    giovedì 31 marzo 2011 13:34
  • Non ricordo operazioni particolari il 23/01/2011. L'orario dei server differiva di 3 minuti ora li ho sincronizzando cambiando l'orario del MASTER (SERVER1). Allego il risultato di DCDIAG:


    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: SERVER2
          Starting test: Connectivity
             ......................... SERVER2 passed test Connectivity

    Doing primary tests
      
       Testing server: SERVER2
          Starting test: Replications
             [Replications Check,SERVER2] A recent replication attempt failed:
                From SERVER1 to SERVER2
                Naming Context: DC=ForestDnsZones,DC=dominio1,DC=local
                The replication generated an error (1256):
                The remote system is not available. For information about network troubleshooting, see Windows Help.
                The failure occurred at 2011-03-31 15:48:57.
                The last success occurred at 2011-01-23 06:10:52.
                6492 failures have occurred since the last success.
             [Replications Check,SERVER2] A recent replication attempt failed:
                From SERVER1 to SERVER2
                Naming Context: DC=DomainDnsZones,DC=dominio1,DC=local
                The replication generated an error (1256):
                The remote system is not available. For information about network troubleshooting, see Windows Help.
                The failure occurred at 2011-03-31 15:48:57.
                The last success occurred at 2011-01-23 06:10:52.
                6824 failures have occurred since the last success.
             [Replications Check,SERVER2] A recent replication attempt failed:
                From SERVER1 to SERVER2
                Naming Context: CN=Schema,CN=Configuration,DC=dominio1,DC=local
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2011-03-31 15:49:39.
                The last success occurred at 2011-01-23 06:10:51.
                6493 failures have occurred since the last success.
                [SERVER1] DsBindWithSpnEx() failed with error 1722,
                The RPC server is unavailable..
                The source remains down. Please check the machine.
             [Replications Check,SERVER2] A recent replication attempt failed:
                From SERVER1 to SERVER2
                Naming Context: CN=Configuration,DC=dominio1,DC=local
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2011-03-31 15:49:18.
                The last success occurred at 2011-01-23 06:12:39.
                8740 failures have occurred since the last success.
                The source remains down. Please check the machine.
             [Replications Check,SERVER2] A recent replication attempt failed:
                From SERVER1 to SERVER2
                Naming Context: DC=dominio1,DC=local
                The replication generated an error (1722):
                The RPC server is unavailable.
                The failure occurred at 2011-03-31 15:48:57.
                The last success occurred at 2011-01-23 06:10:52.
                12816 failures have occurred since the last success.
                The source remains down. Please check the machine.
             REPLICATION-RECEIVED LATENCY WARNING
             SERVER2:  Current time is 2011-03-31 15:51:33.
                DC=ForestDnsZones,DC=dominio1,DC=local
                   Last replication recieved from SERVER1 at 2011-01-23 06:08:52.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!
                DC=DomainDnsZones,DC=dominio1,DC=local
                   Last replication recieved from SERVER1 at 2011-01-23 06:08:52.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!
                CN=Schema,CN=Configuration,DC=dominio1,DC=local
                   Last replication recieved from SERVER1 at 2011-01-23 06:08:52.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!
                CN=Configuration,DC=dominio1,DC=local
                   Last replication recieved from SERVER1 at 2011-01-23 06:10:40.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!
                DC=dominio1,DC=local
                   Last replication recieved from SERVER1 at 2011-01-23 06:08:52.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!
             REPLICATION-RECEIVED LATENCY WARNING

              Source site:

             CN=NTDS Site Settings,CN=dominio1,CN=Sites,CN=Configuration,DC=dominio1,DC=local

              Current time: 2011-03-31 15:51:54

              Last update time: 2011-03-30 11:36:58

              Check if source site has an elected ISTG running.

              Check replication from source site to this server.
             ......................... SERVER2 passed test Replications
          Starting test: NCSecDesc
             ......................... SERVER2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... SERVER2 passed test NetLogons
          Starting test: Advertising
             Warning: SERVER2 is not advertising as a time server.
             ......................... SERVER2 failed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: SERVER1 is the Schema Owner, but is not responding to DS RPC Bind.
             [SERVER1] LDAP search failed with error 58,
             The specified server cannot perform the requested operation..
             Warning: SERVER1 is the Schema Owner, but is not responding to LDAP Bind.
             Warning: SERVER1 is the Domain Owner, but is not responding to DS RPC Bind.
             Warning: SERVER1 is the Domain Owner, but is not responding to LDAP Bind.
             Warning: SERVER1 is the PDC Owner, but is not responding to DS RPC Bind.
             Warning: SERVER1 is the PDC Owner, but is not responding to LDAP Bind.
             Warning: SERVER1 is the Rid Owner, but is not responding to DS RPC Bind.
             Warning: SERVER1 is the Rid Owner, but is not responding to LDAP Bind.
             Warning: SERVER1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
             Warning: SERVER1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
             ......................... SERVER2 failed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... SERVER2 failed test RidManager
          Starting test: MachineAccount
             ......................... SERVER2 passed test MachineAccount
          Starting test: Services
             ......................... SERVER2 passed test Services
          Starting test: ObjectsReplicated
             ......................... SERVER2 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... SERVER2 passed test frssysvol
          Starting test: frsevent
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             ......................... SERVER2 failed test frsevent
          Starting test: kccevent
             An Warning Event occured.  EventID: 0x8000061E
                Time Generated: 03/31/2011   15:38:44
                Event String: All domain controllers in the following site that

             An Error Event occured.  EventID: 0xC000051F
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) has

             An Warning Event occured.  EventID: 0x80000749
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) was

             An Warning Event occured.  EventID: 0x8000061E
                Time Generated: 03/31/2011   15:38:44
                Event String: All domain controllers in the following site that

             An Error Event occured.  EventID: 0xC000051F
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) has

             An Warning Event occured.  EventID: 0x80000749
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) was

             An Warning Event occured.  EventID: 0x8000061E
                Time Generated: 03/31/2011   15:38:44
                Event String: All domain controllers in the following site that

             An Error Event occured.  EventID: 0xC000051F
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) has

             An Warning Event occured.  EventID: 0x80000749
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) was

             An Warning Event occured.  EventID: 0x8000061E
                Time Generated: 03/31/2011   15:38:44
                Event String: All domain controllers in the following site that

             An Error Event occured.  EventID: 0xC000051F
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) has

             An Warning Event occured.  EventID: 0x80000749
                Time Generated: 03/31/2011   15:38:44
                Event String: The Knowledge Consistency Checker (KCC) was

             ......................... SERVER2 failed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0x40000004
                Time Generated: 03/31/2011   15:28:50
                Event String: The kerberos client received a

             An Error Event occured.  EventID: 0x40000004
                Time Generated: 03/31/2011   15:51:51
                Event String: The kerberos client received a

             ......................... SERVER2 failed test systemlog
          Starting test: VerifyReferences
             ......................... SERVER2 passed test VerifyReferences
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : dominio1
          Starting test: CrossRefValidation
             ......................... dominio1 passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... dominio1 passed test CheckSDRefDom
      
       Running enterprise tests on : dominio1.local
          Starting test: Intersite
             ......................... dominio1.local passed test Intersite
          Starting test: FsmoCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             ......................... dominio1.local failed test FsmoCheck

    Lele

    giovedì 31 marzo 2011 14:01
  • Ciao Lele,

    Da quando non li riavvii?

    hai provato a riavviare i server?

    \\nomedominio da un client risponde?

    \\server1 o \\server2 vedi la sysvol e netlogon?

    Ehm..ma i client ti fanno logon al dominio?

    Saluti.

     

    giovedì 31 marzo 2011 14:07
  • 1) Ho riavviato ieri

    2) \\nomedominio ok

    3) \\server1 \\server2 sysvol e netlogon coincidono

    4) I client che sono tutti disclocati presso il sito 1 dove si trova il DC SERVER1 che è il master si loggano

    Lele

     

    giovedì 31 marzo 2011 14:13
  • Ciao Lele,

    e i client che sono dislocati nel sito 2 dove c'è il SERVER 2 ?

    ci sono degli errori (nell'eventvwr) di netlogon sui client quando li accendi ?

    Saluti.

    giovedì 31 marzo 2011 14:19
  • Non ci sono client nel sito2.
    giovedì 31 marzo 2011 14:25
  • Ciao Lele,

    stumenti di amministrazione >> siti e servizi si active directory >> sotto Servers (vedrai i due nomi dei server) >> espandili e vedrai NTDS Settings (cliccaci sopra) >>  c'è la replica generata autometicamente (clicca destro e fai replica ora) su tutti e due gli oggetti NTDS.

    Che errore ti da?.

    Saluti.

    giovedì 31 marzo 2011 14:32
  • Se replico da SERVER1 che è ok a SERVER2 non da errore ma di fatto non replica perchè dice che essendo i 2 DC in siti diversi proverà ad eseguire la replica utilizzando le connessioni. In Event viewer dà il warning NtFrs 13508.

    La replica da SERVER2 a SERVER1 da un warninga video dicendo che non può contattare SERVER1 perchè: "The target principal name is incorrect". Non viene registrato alcun errore in Event Viewer.

    Sono andato a controllare l'event viewer System ed è presente il seguente errore:

    Event Type: Error
    Event Source: Kerberos
    Event Category: None
    Event ID: 4
    Date:  31/03/2011
    Time:  16.54.29
    User:  N/A
    Computer: SERVER2
    Description:
    The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/server1.dominio1.local.
    The target name used was dominio1\SERVER1$.
    This indicates that the password used to encrypt the kerberos service ticket
     is different than that on the target server.
    Commonly, this is due to identically named  machine accounts in the target realm (DOMINIO1.LOCAL),
    and the client realm.

    Lele


    giovedì 31 marzo 2011 14:54
  • Ho verificato che il problema "The current operations master is offline" con la scritta ERROR dove dovrebbe apparire il server master è presente anche per un altro dominio che gestisco. In questo caso però funziona tutto compreso le repliche, non ho nessun errore eseguendo dcdiag, replmon e frsdiag. L'unica cosa è questa scritta ERROR nell'operations master verificandolo tramite AD users and computers.

     

    Lele

    giovedì 7 aprile 2011 10:15
  • Ho verificato che se apro lo snp-in AD Users and computers da un altro DC e lo collego al DC dove trovo scritto ERROR compare correttamente il DC master.

    Lele

     

    giovedì 7 aprile 2011 10:41
  • Ciao Lele,

    Si ma..comunque non è un bel errore.

    Cosi nel forum non si capisce molto bene rischi di fare dei danni.

    Io ti consiglierei di farlo vedere al tuo sistemista/azienda esterna che ti segue la rete.

    Al massimo verifichi chi ha l'AD messa meglio e poi fai la dc unpromo su server che ti da i problemi e poi (dopo accurate manovre) gli rifai la dcpromo.

    Però queste procedure le devi far fare ad un esperto MS.

    Saluti.

    lunedì 11 aprile 2011 17:36