none
Проблема с переходом на репликацию SYSVOL по DFS-R RRS feed

  • Общие обсуждения

  •      Здравствуйте коллеги.

    Столкнулся с проблемой при переходе на репликацию SYSVOL по DFS-R. После выполнения dfsrmig /setGlobalState 1. контроллеры не перешли в состояние Prepared, шара SYSVOL_DFSR не появилась. В журнале событий DFS регистрируется следующая ошибка

    Миграции DFSR не удалось выполнить переход в состояние "ПОДГОТОВЛЕНО" для контроллера домена SRV-DC-3. Служба DFSR повторит попытку при следующем опросе Active Directory. Для немедленного выполнения повторной попытки выполните команду "dfsrdiag /pollad".
     
    Дополнительные сведения:
    Контроллер домена: SRV-DC-3
    Ошибка: 5 (Отказано в доступе.)

    В журнале безопасности регистрируется аудит отказа

    Выполнена операция с объектом.

    Субъект:
        ИД безопасности:        СИСТЕМА
        Имя учетной записи:        SRV-DC-3$
        Домен учетной записи:        FIRMA
        Код входа:        0x41AE39

    Объект:
        Сервер объекта:        DS
        Тип объекта:        msDFSR-LocalSettings
        Имя объекта:        CN=DFSR-LocalSettings,CN=SRV-DC-3,OU=Domain Controllers,DC=firma,DC=local
        Код дескриптора:        0x0

    Операция:
        Тип операции:        Object Access
        Операции доступа:        WRITE_DAC
                    WRITE_OWNER
                    ACCESS_SYS_SEC
                    
        Маска доступа:        0x10C0000
        Свойства:        ---
        {fa85c591-197f-477e-83bd-ea5a43df2239}


    Дополнительные сведения:
        Параметр 1:        -
        Параметр 2:       

    Ошибка наблюдается на всех контроллерах в домене.

    Смотрел через ADSI Edit на объект DFSR-LocalSettings, учетная запись системы имеет там полный доступ

    12 января 2014 г. 7:28

Все ответы

  • Приведу ещё свой ACL на объект CN=DFSR-LocalSettings,CN=SRV-DC-3,OU=Domain Controllers,DC=firma,DC=local


    IdentityReference     : NT AUTHORITY\Прошедшие проверку
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : NT AUTHORITY\СИСТЕМА
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Администраторы домена
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : ExtendedRight

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : ExtendedRight

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild, DeleteChild, ListChildren

    IdentityReference     : FIRMA\Администраторы предприятия
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty, WriteProperty

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\ADadmins
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : DeleteTree, WriteDacl

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : DeleteTree, WriteDacl

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Windows Permissions
    AccessControlType     : Allow
    ActiveDirectoryRights : Delete

    IdentityReference     : FIRMA\Exchange Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteDacl

    IdentityReference     : NT AUTHORITY\Прошедшие проверку
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : NT AUTHORITY\SELF
    AccessControlType     : Allow
    ActiveDirectoryRights : WriteProperty

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead, WriteDacl

    IdentityReference     : FIRMA\Администраторы предприятия
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : FIRMA\Администраторы предприятия
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : NT AUTHORITY\NETWORK SERVICE
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : NT AUTHORITY\Прошедшие проверку
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty

    IdentityReference     : NT AUTHORITY\SELF
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty, WriteProperty

    IdentityReference     : NT AUTHORITY\SELF
    AccessControlType     : Allow
    ActiveDirectoryRights : ReadProperty, WriteProperty, ExtendedRight

    IdentityReference     : FIRMA\Exchange Enterprise Servers
    AccessControlType     : Allow
    ActiveDirectoryRights : ListChildren

    IdentityReference     : FIRMA\Exchange Recipient Administrators
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : FIRMA\Organization Management
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : FIRMA\Exchange Trusted Subsystem
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericRead

    IdentityReference     : FIRMA\Администраторы предприятия
    AccessControlType     : Allow
    ActiveDirectoryRights : GenericAll

    IdentityReference     : BUILTIN\Пред-Windows 2000 доступ
    AccessControlType     : Allow
    ActiveDirectoryRights : ListChildren

    IdentityReference     : BUILTIN\Администраторы
    AccessControlType     : Allow
    ActiveDirectoryRights : CreateChild, Self, WriteProperty, ExtendedRight, Delete
                            , GenericRead, WriteDacl, WriteOwner

    12 января 2014 г. 10:47