Репликация файлов.

**Mike Stepanov** · 6 апреля, 2009

Всем здрасьте!

Есть два контроллера домена - основной(major) и вторичный(miner) (оба под windows server 2003)

Проблема в следующем , с определенного момента(после переустановки винды на втором контроллере домена) перестала работать репликация active directory, пишет в логах вторичного домена: (event id 13559)

The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.

This was detected for the following replica set:

"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.

[1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.

[2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.

При запуске dcdiag пишет следующее(не полностью вывел):

Testing server: Default-First-Site\MINER

Starting test: Replications

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: DC=DomainDnsZones,DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-06 11:53:43.

The last success occurred at 2008-10-11 22:29:03.

4220 failures have occurred since the last success.

Помогите пожалуйста, не могу разобраться чего ему не нравится.

Заранее спасибо.

**Maikll** · 6 апреля, 2009

Начнем как обычно:

ipconfig /all

netdiag

dcdiag

с больного DC

с определенного момента(после переустановки винды на втором контроллере домена)

а с этого места поподробнее... выполнялась полная переустановка или восстановление из архивной копии? Почему-то у меня такое подозрение что первое и притом имя машины использовалось такое же, как и у старого.

Если да, то сперва надо очищать AD от остатков старой машины (ибо хоть имя и то же, для первого DC это совершенно другой партнер по репликации) читаем Удаление данных из Active Directory после неудачного понижения роли контроллера домена

Понадобится вывести переустановленный DC из домена (с предварительным понижением роли), чистка и затем повторный ввод.

Если имело место восстановление из бекапа, то стоит сперва попробовать выполнить что просит система

Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.

Перевожу. Идём в c:\windows\sysvol\domain. Создаём файлик с названием NTFRS_CMD_FILE_MOVE_ROOT и перегружаемся.

После наблюдаем в логах события

File Replication Service is scanning the data in the system volume. Computer MYSERVER cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:

net share

When File Replication Service completes the scanning process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

и

The File Replication Service successfully added this computer to the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

Information related to this event is shown below:

Computer DNS name is "myserver.domain.local"

Replica set member name is "MYSERVER"

Replica set root path is "c:\windows\sysvol\domain"

Replica staging directory path is "c:\windows\sysvol\staging\domain"

Replica working directory path is "c:\windows\ntfrs\jet"

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Если все прошло удачно, в дальнейшем реплики пойдут как надо.

P.S. и в доменах уровня 2003/8 нет понятия основной и вторичный DC (PDC и BDC) - это элементы домена уровня 2000/nt. Есть только хозяева ролей FSMO.

**Mike Stepanov** · 7 апреля, 2009

Начнем как обычно:

ipconfig /all

netdiag

dcdiag

с больного DC

а с этого места поподробнее... выполнялась полная переустановка или восстановление из архивной копии? Почему-то у меня такое подозрение что первое и притом имя машины использовалось такое же, как и у старого.

Если да, то сперва надо очищать AD от остатков старой машины (ибо хоть имя и то же, для первого DC это совершенно другой партнер по репликации) читаем Удаление данных из Active Directory после неудачного понижения роли контроллера домена

Понадобится вывести переустановленный DC из домена (с предварительным понижением роли), чистка и затем повторный ввод.

Если имело место восстановление из бекапа, то стоит сперва попробовать выполнить что просит система

Перевожу. Идём в c:\windows\sysvol\domain. Создаём файлик с названием NTFRS_CMD_FILE_MOVE_ROOT и перегружаемся.

После наблюдаем в логах события

и

Если все прошло удачно, в дальнейшем реплики пойдут как надо.

P.S. и в доменах уровня 2003/8 нет понятия основной и вторичный DC (PDC и BDC) - это элементы домена уровня 2000/nt. Есть только хозяева ролей FSMO.

Выкладываю все данные по больному DC

C:\Program Files (x86)\Support Tools>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : miner

Primary Dns Suffix . . . . . . . : Geo-logistics.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Geo-logistics.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : geo-logistics.local

Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad

apter

Physical Address. . . . . . . . . : 00-19-BB-33-39-78

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.158.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.158.254

DNS Servers . . . . . . . . . . . : 192.168.158.102

C:\Program Files (x86)\Support Tools>netdiag

.......................................

Computer Name: MINER

DNS Host Name: miner.Geo-logistics.local

System info : Microsoft Windows Server 2003 (Build 3790)

Processor : EM64T Family 6 Model 15 Stepping 6, GenuineIntel

List of installed hotfixes :

Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : miner.geo-logistics.local

IP Address . . . . . . . . : 192.168.158.110

Subnet Mask. . . . . . . . : 255.255.255.0

Default Gateway. . . . . . : 192.168.158.254

Dns Servers. . . . . . . . : 192.168.158.102

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

No names have been found.

WINS service test. . . . . : Skipped

There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed

List of NetBt transports currently configured:

NetBT_Tcpip_{111C07FB-77D8-4082-BD2B-8E49D1DF968B}

1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

[WARNING] You don't have a single interface with the <00> 'WorkStation Servi

ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed

[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for read

ing.

[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Failed

List of NetBt transports currently bound to the Redir

NetBT_Tcpip_{111C07FB-77D8-4082-BD2B-8E49D1DF968B}

The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser

NetBT_Tcpip_{111C07FB-77D8-4082-BD2B-8E49D1DF968B}

The browser is bound to 1 NetBt transport.

[FATAL] Cannot send mailslot message to 'GEO-LOGISTICS*' via browser. [ERROR

_INVALID_FUNCTION]

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Failed

[FATAL] Cannot get list of trusted domains for domain GEO-LOGISTICS from Net

logon. [RPC_NT_UNKNOWN_IF]

[FATAL] Cannot get secure channel status for domain 'GEO-LOGISTICS' from Net

logon. [RPC_S_UNKNOWN_IF]

Kerberos test. . . . . . . . . . . : Failed

[FATAL] Cannot lookup package Kerberos.

The error occurred was: (null)

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped

No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

C:\Program Files (x86)\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\MINER

Starting test: Connectivity

......................... MINER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\MINER

Starting test: Replications

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: DC=DomainDnsZones,DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-07 09:53:44.

The last success occurred at 2008-10-11 22:29:03.

4245 failures have occurred since the last success.

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: DC=ForestDnsZones,DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-07 09:53:44.

The last success occurred at 2008-10-11 22:28:45.

4230 failures have occurred since the last success.

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: CN=Schema,CN=Configuration,DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-07 09:53:44.

The last success occurred at 2008-10-11 22:28:45.

4227 failures have occurred since the last success.

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: CN=Configuration,DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-07 10:02:09.

The last success occurred at 2008-10-11 22:28:45.

4358 failures have occurred since the last success.

[Replications Check,MINER] A recent replication attempt failed:

From MAJOR to MINER

Naming Context: DC=Geo-logistics,DC=local

The replication generated an error (8614):

Win32 Error 8614

The failure occurred at 2009-04-07 10:31:32.

The last success occurred at 2008-10-11 22:31:48.

6849 failures have occurred since the last success.

REPLICATION-RECEIVED LATENCY WARNING

MINER: Current time is 2009-04-07 10:31:44.

DC=DomainDnsZones,DC=Geo-logistics,DC=local

Last replication recieved from MAJOR at 2008-10-11 22:29:08.

WARNING: This latency is over the Tombstone Lifetime of 60 days!

DC=ForestDnsZones,DC=Geo-logistics,DC=local

Last replication recieved from MAJOR at 2008-10-11 22:28:51.

WARNING: This latency is over the Tombstone Lifetime of 60 days!

CN=Schema,CN=Configuration,DC=Geo-logistics,DC=local

Last replication recieved from MAJOR at 2008-10-11 22:28:51.

WARNING: This latency is over the Tombstone Lifetime of 60 days!

CN=Configuration,DC=Geo-logistics,DC=local

Last replication recieved from MAJOR at 2008-10-11 22:28:51.

WARNING: This latency is over the Tombstone Lifetime of 60 days!

DC=Geo-logistics,DC=local

Last replication recieved from MAJOR at 2008-10-11 22:31:48.

WARNING: This latency is over the Tombstone Lifetime of 60 days!

......................... MINER passed test Replications

Starting test: NCSecDesc

......................... MINER passed test NCSecDesc

Starting test: NetLogons

Unable to connect to the NETLOGON share! (\\MINER\netlogon)

[MINER] An net use or LsaPolicy operation failed with error 1203, Win32

Error 1203.

......................... MINER failed test NetLogons

Starting test: Advertising

Warning: DsGetDcName returned information for \\major.Geo-logistics.loc

al, when we were trying to reach MINER.

Server is not responding or is not considered suitable.

......................... MINER failed test Advertising

Starting test: KnowsOfRoleHolders

......................... MINER passed test KnowsOfRoleHolders

Starting test: RidManager

......................... MINER passed test RidManager

Starting test: MachineAccount

......................... MINER passed test MachineAccount

Starting test: Services

kdc Service is stopped on [MINER]

w32time Service is stopped on [MINER]

NETLOGON Service is stopped on [MINER]

......................... MINER failed test Services

Starting test: ObjectsReplicated

......................... MINER passed test ObjectsReplicated

Starting test: frssysvol

......................... MINER passed test frssysvol

Starting test: frsevent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.

......................... MINER failed test frsevent

Starting test: kccevent

An Error Event occured. EventID: 0xC00007FA

Time Generated: 04/07/2009 10:16:52