none
在一個forest中有二個domain tree的複寫問題... RRS feed

  • 問題

  • 請教各位大大,當第二個domain tree加入到forest中時,在第二個doamin中用repadmin /showreps測複寫是正常的,但在原本的第一個domain tree中,測複寫卻會出現以下的error-->Last error: 8524 (0x214c):DSA 操作無法繼續,因為 DNS 對應失敗。我已重裝過多次但error還是一樣...

    請問當建好第二個domain tree後,需要在AD中另外再手動作些什麼樣的設定, 二個domain tree間的複寫才會正常?

    2007年3月17日 上午 08:45

解答

  • 請參考以下知識文件並嘗試以下 Troubleshooting Steps:

    319202 Active Directory does not replicate when DNS lookup is not successful
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;319202
    To resolve this issue, follow these steps:
    1.  Ping the Domain Controller. To do so, type ping YourDomainController . YourDomain .com at the command prompt, and then press ENTER.
    If you receive a reply that the ping request could not find the host, the domain controller's SRV record is not populated in the DNS Database. 
    2.  Check the configuration of DNS and make sure that Allow Dynamic Updates is enabled. To do this, follow these steps:
    a.  Click Start, point to Programs, click Administrative Tools, and then click DNS. 
    b.  Expand the DNS folder. 
    c.  Expand the Forward Lookup Zones folder. 
    d.  Right-click the folder, and then click Properties. 
    e.  In the Allow Dynamic Updates box, click Yes. 
    f.  Click OK. 
    g.  Stop and then restart DNS.  
    3.  Stop and then restart the Netlogon service on YourDomainController .

    By doing this, you force the domain controller to register the appropriate SRV records. The change is then replicated to DNS. 

    249256 How to troubleshoot intra-site replication failures

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;249256
    "The DSA operation is unable to proceed because of a DNS lookup failure" error
    To troubleshoot this error:
    1.  Use the Nltest /dsgetdc: /pdc /force /avoidself command to determine if the correct PDC is returned. 
    2.  If there a connection object and not a replication link reported by the REPLMON or REPADMIN commands, the problem might be related to the KCC. 
    3.  Run the following commands on the PDC, and then submit the output to Microsoft PSS for more troubleshooting:
    nltest /DBFLAG:0x2000FFFF
    -and-
    nltest /DSGETDC: /GC 
    4.  Run the nltest /dsgetdc: /gc /force command to determine if you can contact a global catalog server (GC). 
    5.  Check the "password last changed" parameter on both the PDC and the server(s) with which you experience the problem. 


    2007年3月19日 上午 12:59