同一個AD Site裡,W2K3 DC與W2K8 RODC並存,會發生如下的錯誤訊息,此錯誤訊息可忽略的說明如下:
Event Type: Error
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 1645
Date: 11/29/2010
Time: 10:04:26 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Server Name
Description:
Active Directory did not perform an authenticated remote procedure call (RPC) to another domain controller because the desired service principal name (SPN) for the destination domain controller is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.
訊息解釋說明如下:
-The event is caused when W2K8 RODC’s ask (full) W2K3 DC’s to provide change notification.
-This event may indicate that full DC’s and RODC’s are in the same AD site.
-Do not add the e351… AD replication SPN for the RODC as implied by the message text for the 1645 event. RODC's do not register the replication SPN.
-If the existence of the full DC in the same AD site as the RODC is temporary, ignore this event. Otherwise, place full DC’s and RODC’s in different AD sites.
2010年11月28日 星期日
2010年11月25日 星期四
2010年11月22日 星期一
子網域發生USN RollBack
由於此台DC為子域中唯一一台網域控制站,所以暫時先添加另一台網域控制站入子域,使其與問題DC先進行複製,之後再對問題DC進行降級。同時為了避免與父系網域之間的複製再次導致Inbound & Outbound複製被disable,請手動刪除與父系網域DC之間的複製連結。
而子網域發生USN RollBack 建議採用以下步驟進行.看是否有機會可以避免重作網域的可能性
處理步驟:
1. 加入新Win 2003 Server
2. 在 Child DC,開啟 AD 站台及服務 手動將 Child DC 下 NTDS 中與 Root DC "自動產生"連線 刪除
3. 修改機碼
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
修改此機碼值為 “0” “Dsa Not Writable”
4. repadmin 開啟 Inbound /outbound 覆寫
repadmin /options Child DC -DISABLE_INBOUND_REPL
repadmin /options Child DC -DISABLE_OUTBOUND_REPL
5. 請確認 Netlogon Service 狀態為 “啟動”
6. 進行 New Child DC dcpromo
7. 確認新DC 覆寫正常後.進行 Old Child DC 降級
8. 確認新DC 正常與父網域覆寫後,進行Old Child DC 升級網域
9. 再確認網域覆寫無誤後.就可以進行轉移角色回 Old Child DC
參考文件:
How to detect and recover from a USN rollback in Windows Server 2003
而子網域發生USN RollBack 建議採用以下步驟進行.看是否有機會可以避免重作網域的可能性
處理步驟:
1. 加入新Win 2003 Server
2. 在 Child DC,開啟 AD 站台及服務 手動將 Child DC 下 NTDS 中與 Root DC "自動產生"連線 刪除
3. 修改機碼
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
修改此機碼值為 “0” “Dsa Not Writable”
4. repadmin 開啟 Inbound /outbound 覆寫
repadmin /options Child DC -DISABLE_INBOUND_REPL
repadmin /options Child DC -DISABLE_OUTBOUND_REPL
5. 請確認 Netlogon Service 狀態為 “啟動”
6. 進行 New Child DC dcpromo
7. 確認新DC 覆寫正常後.進行 Old Child DC 降級
8. 確認新DC 正常與父網域覆寫後,進行Old Child DC 升級網域
9. 再確認網域覆寫無誤後.就可以進行轉移角色回 Old Child DC
參考文件:
How to detect and recover from a USN rollback in Windows Server 2003
2010年11月8日 星期一
IT Compliance Management Series
The IT Compliance Management Series—a combination of IT Compliance Management Libraries for Windows Server 2008, Windows Server 2008 R2, Windows 7, and Microsoft System Center—provides prescriptive guidance that helps IT pros configure Microsoft products to address specific IT governance, risk, and compliance (GRC) requirements.
IT Compliance Management Series
IT Compliance Management Series
Communicator for Mac 2011 Deployment Guide
Intended for IT Professionals, the Microsoft Communicator for Mac 2011 Deployment Guide provides guidance for using Microsoft Communicator for Mac 2011 with Microsoft Office Communications Server 2007 R2.
Communicator for Mac 2011 Deployment Guide
Communicator for Mac 2011 Deployment Guide
Infrastructure Planning and Design
The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.
Infrastructure Planning and Design
Infrastructure Planning and Design
訂閱:
文章 (Atom)
-
錯誤訊息如下: 解決方法: 試試看檢查下面幾項動作 1.Netlogon Service有沒有啟動或者服務重新啟動 2.是否有此值 HKLM\System\CCS\Services\NTDS\Parameters 底下的 "DSA Not Writable&... -
問題描述 : Windows 2008 R2 KMS Server 上,輸入Windows 8.1 大量啟用序號,會產生如圖示的錯誤碼 解決方法 : 關於您目前無法延用現有的 Windows 2008 KMS Host 去啟用 ...