积极答复者
高手救命啊!!!目录服务已经用完了相对标识符池
问题
-
我们公司的域控用netdom query fsmo检查,5个主机角色也无异常,但是新建用户的时候就会提示,然后Active Directory 用户和计算机就打不开了,提示找不到域,重启后又正常了。网上搜索了很久,都说是RID主机的原因,但是刚重启完检查没发现问题,DNS也是指向自己,检查没发现什么问题。下面是DCDIAG /V的结果,请大家看看。拜托各位了,非常感谢!
Testing server: Default-First-Site-Name\3G
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... 3G passed test ConnectivityDoing primary tests
Testing server: Default-First-Site-Name\3G
Starting test: Replications
* Replications Check
[Replications Check,3G] A recent replication attempt failed:
From 3G-OFFICESCAN to 3G
Naming Context: DC=ForestDnsZones,DC=jiubang,DC=org
The replication generated an error (8614):
Active Directory 不能与此服务器复制,因为距上一次与此服务器复制的时
间已经超过了 tombstone 生存时间。
The failure occurred at 2008-03-11 22:50:09.
The last success occurred at 2007-12-04 23:45:56.
2301 failures have occurred since the last success.
[Replications Check,3G] A recent replication attempt failed:
From 3G-OFFICESCAN to 3G
Naming Context: DC=DomainDnsZones,DC=jiubang,DC=org
The replication generated an error (8614):
Active Directory 不能与此服务器复制,因为距上一次与此服务器复制的时
间已经超过了 tombstone 生存时间。
The failure occurred at 2008-03-11 22:50:09.
The last success occurred at 2007-12-04 23:45:56.
2301 failures have occurred since the last success.
[Replications Check,3G] A recent replication attempt failed:
From 3G-OFFICESCAN to 3G
Naming Context: CN=Schema,CN=Configuration,DC=jiubang,DC=org
The replication generated an error (8614):
Active Directory 不能与此服务器复制,因为距上一次与此服务器复制的时
间已经超过了 tombstone 生存时间。
The failure occurred at 2008-03-11 22:50:09.
The last success occurred at 2007-12-04 23:45:55.
2301 failures have occurred since the last success.
[Replications Check,3G] A recent replication attempt failed:
From 3G-OFFICESCAN to 3G
Naming Context: CN=Configuration,DC=jiubang,DC=org
The replication generated an error (8614):
Active Directory 不能与此服务器复制,因为距上一次与此服务器复制的时
间已经超过了 tombstone 生存时间。
The failure occurred at 2008-03-11 22:50:09.
The last success occurred at 2007-12-05 00:21:47.
5406 failures have occurred since the last success.
[Replications Check,3G] A recent replication attempt failed:
From 3G-OFFICESCAN to 3G
Naming Context: DC=jiubang,DC=org
The replication generated an error (8614):
Active Directory 不能与此服务器复制,因为距上一次与此服务器复制的时
间已经超过了 tombstone 生存时间。
The failure occurred at 2008-03-11 22:50:09.
The last success occurred at 2007-12-05 00:12:46.
4796 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
3G: Current time is 2008-03-11 23:09:28.
DC=ForestDnsZones,DC=jiubang,DC=org
Last replication recieved from 3G-OFFICESCAN at 2007-12-04 23:4
56.
WARNING: This latency is over the Tombstone Lifetime of 60 dayLatency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replic
and are not verifiably latent, or dc's no longer replicating this nc. 0 had
latency information (Win2K DC).
DC=DomainDnsZones,DC=jiubang,DC=org
Last replication recieved from 3G-OFFICESCAN at 2007-12-04 23:4
56.
WARNING: This latency is over the Tombstone Lifetime of 60 dayLatency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replic
and are not verifiably latent, or dc's no longer replicating this nc. 0 had
latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=jiubang,DC=org
Last replication recieved from 3G-OFFICESCAN at 2007-12-04 23:4
55.
WARNING: This latency is over the Tombstone Lifetime of 60 dayLatency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replic
and are not verifiably latent, or dc's no longer replicating this nc. 0 had
latency information (Win2K DC).
CN=Configuration,DC=jiubang,DC=org
Last replication recieved from 3G-OFFICESCAN at 2007-12-05 00:2
47.
WARNING: This latency is over the Tombstone Lifetime of 60 dayLatency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replic
and are not verifiably latent, or dc's no longer replicating this nc. 0 had
latency information (Win2K DC).
DC=jiubang,DC=org
Last replication recieved from 3G-OFFICESCAN at 2007-12-05 00:1
46.
WARNING: This latency is over the Tombstone Lifetime of 60 dayLatency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replic
and are not verifiably latent, or dc's no longer replicating this nc. 0 had
latency information (Win2K DC).
* Replication Site Latency Check
......................... 3G passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC 3G.
* Security Permissions Check for
DC=ForestDnsZones,DC=jiubang,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=jiubang,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=jiubang,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=jiubang,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=jiubang,DC=org
(Domain,Version 2)
......................... 3G passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\3G\netlogon)
[3G] An net use or LsaPolicy operation failed with error 1203, 无任何
络提供程序接受指定的网络路径。.
......................... 3G failed test NetLogons
Starting test: Advertising
The DC 3G is advertising itself as a DC and having a DS.
The DC 3G is advertising as an LDAP server
The DC 3G is advertising as having a writeable directory
The DC 3G is advertising as a Key Distribution Center
The DC 3G is advertising as a time server
The DS 3G is advertising as a GC.
......................... 3G passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-Firs
Site-Name,CN=Sites,CN=Configuration,DC=jiubang,DC=org
Role Domain Owner = CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-Firs
Site-Name,CN=Sites,CN=Configuration,DC=jiubang,DC=org
Role PDC Owner = CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-First-S
e-Name,CN=Sites,CN=Configuration,DC=jiubang,DC=org
Role Rid Owner = CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-First-S
e-Name,CN=Sites,CN=Configuration,DC=jiubang,DC=org
Role Infrastructure Update Owner = CN=NTDS Settings,CN=3G,CN=Servers,
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jiubang,DC=org
......................... 3G passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4101 to 1073741823
* 3g.jiubang.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3601 to 4100
* rIDPreviousAllocationPool is 3601 to 4100
* rIDNextRID: 4100
* Warning :Next rid pool not allocated
* Warning :There is less than 0% available RIDs in the current pool
......................... 3G passed test RidManager
Starting test: MachineAccount
Checking machine account for DC 3G on DC 3G.
* SPN found :LDAP/3g.jiubang.org/jiubang.org
* SPN found :LDAP/3g.jiubang.org
* SPN found :LDAP/3G
* SPN found :LDAP/3g.jiubang.org/JIUBANG
* SPN found :LDAP/61a05a8d-28ff-43f7-84b1-916b1f3191e2._msdcs.jiubang
rg
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/61a05a8d-28ff-43f7-
b1-916b1f3191e2/jiubang.org
* SPN found :HOST/3g.jiubang.org/jiubang.org
* SPN found :HOST/3g.jiubang.org
* SPN found :HOST/3G
* SPN found :HOST/3g.jiubang.org/JIUBANG
* SPN found :GC/3g.jiubang.org/jiubang.org
......................... 3G passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... 3G passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
3G is in domain DC=jiubang,DC=org
Checking for CN=3G,OU=Domain Controllers,DC=jiubang,DC=org in domain
=jiubang,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-First-Site-
me,CN=Sites,CN=Configuration,DC=jiubang,DC=org in domain CN=Configuration,DC=j
bang,DC=org on 1 servers
Object is up-to-date on all servers.
......................... 3G passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... 3G passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may caus
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/11/2008 19:56:18
(Event String could not be retrieved)
......................... 3G failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 min
es.
......................... 3G passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... 3G passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=3G,OU=Domain Controllers,DC=jiubang,DC=org and backlink on
CN=3G,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
C=jiubang,DC=org
are correct.
The system object reference (frsComputerReferenceBL)
CN=ADSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
Service,CN=System,DC=jiubang,DC=org
and backlink on CN=3G,OU=Domain Controllers,DC=jiubang,DC=org are
correct.
The system object reference (serverReferenceBL)
CN=ADSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
Service,CN=System,DC=jiubang,DC=org
and backlink on
CN=NTDS Settings,CN=3G,CN=Servers,CN=Default-First-Site-Name,CN=Sites
N=Configuration,DC=jiubang,DC=org
are correct.
......................... 3G passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityErrorRunning partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatiStarting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDomRunning partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatiStarting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDomRunning partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDomRunning partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDomRunning partition tests on : jiubang
Starting test: CrossRefValidation
......................... jiubang passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... jiubang passed test CheckSDRefDomRunning enterprise tests on : jiubang.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... jiubang.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\3g.jiubang.org
Locator Flags: 0xe00003fd
PDC Name: \\3g.jiubang.org
Locator Flags: 0xe00003fd
Time Server Name: \\3g.jiubang.org
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\3g.jiubang.org
Locator Flags: 0xe00003fd
KDC Name: \\3g.jiubang.org
Locator Flags: 0xe00003fd
......................... jiubang.org passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNSC:\Program Files\Support Tools>
