решил проапгрейдить сервер на 2003, для этого рядом поставил 2003 сервер, поднял на нем AD, после перегрезки не хочер реплицироваться, с ошибкой Access Denied.
утилита replmon показывает репликации показывает список чего конкретно должно прорепиться, но метаданные не показывает с дефолтными правами. когда ставлю администратора то все проходит ок,
вопрос - как починить права доступа системы или что еще сделать?
Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source SERVER3
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER passed test frssysvol
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
......................... SERVER passed test systemlog
Running enterprise tests on : bigbyte.com
Starting test: Intersite
......................... bigbyte.com passed test Intersite
Starting test: FsmoCheck
......................... bigbyte.com passed test FsmoCheck
==============
Testing server: Default-First-Site-Name\SERVER3
Starting test: Replications
[Replications Check,SERVER3] A recent replication attempt failed:
From SERVER to SERVER3
Naming Context: CN=Schema,CN=Configuration,DC=bigbyte,DC=com
The replication generated an error (5):
Win32 Error 5
The failure occurred at 2006-11-22 15:50:53.
The last success occurred at 2006-11-21 21:29:08.
21 failures have occurred since the last success.
[Replications Check,SERVER3] A recent replication attempt failed:
From SERVER to SERVER3
Naming Context: CN=Configuration,DC=bigbyte,DC=com
The replication generated an error (5):
Win32 Error 5
The failure occurred at 2006-11-22 16:15:05.
The last success occurred at 2006-11-21 21:29:19.
103 failures have occurred since the last success.
[Replications Check,SERVER3] A recent replication attempt failed:
From SERVER to SERVER3
Naming Context: DC=bigbyte,DC=com
The replication generated an error (5):
Win32 Error 5
The failure occurred at 2006-11-22 16:09:11.
The last success occurred at 2006-11-21 21:31:05.
104 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
SERVER3: Current time is 2006-11-22 16:18:54.
CN=Schema,CN=Configuration,DC=bigbyte,DC=com
Last replication recieved from SERVER at 2006-11-21 21:29:08.
CN=Configuration,DC=bigbyte,DC=com
Last replication recieved from SERVER at 2006-11-21 21:29:19.
DC=bigbyte,DC=com
Last replication recieved from SERVER at 2006-11-21 21:31:04.
......................... SERVER3 passed test Replications
Starting test: NCSecDesc
......................... SERVER3 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER3 passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\server.bigbyte.com, when we were trying to reach SERVER3.
Server is not responding or is not considered suitable.
......................... SERVER3 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER3 passed test KnowsOfRoleHolders
Starting test: RidManager
Warning: attribute rIdSetReferences missing from CN=SERVER3,OU=Domain Controllers,DC=bigbyte,DC=com
Could not get Rid set Reference :failed with 8481: Win32 Error 8481
......................... SERVER3 failed test RidManager
Starting test: MachineAccount
......................... SERVER3 passed test MachineAccount
Starting test: Services
......................... SERVER3 passed test Services
Starting test: ObjectsReplicated
......................... SERVER3 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER3 failed test frsevent
Starting test: kccevent
......................... SERVER3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001F60
Time Generated: 11/22/2006 15:38:01
Event String: The browser service has failed to retrieve the
......................... SERVER3 failed test systemlog
Starting test: VerifyReferences
......................... SERVER3 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : bigbyte
Starting test: CrossRefValidation
......................... bigbyte passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... bigbyte passed test CheckSDRefDom
Running enterprise tests on : bigbyte.com
Starting test: Intersite
......................... bigbyte.com passed test Intersite
Starting test: FsmoCheck
......................... bigbyte.com passed test FsmoCheck
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{E984BF0F-77C8-4323-9ABF-2201464432A7}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'server.bigbyte.com' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server '10.10.26.1' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.10.25.2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{E984BF0F-77C8-4323-9ABF-2201464432A7}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{E984BF0F-77C8-4323-9ABF-2201464432A7}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
The IPSec Policy Agent service is not started.
The command completed successfully
[/quote]
netdiag 2003
Цитата
........................................
Computer Name: SERVER3
DNS Host Name: server3.bigbyte.com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 47 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912919
KB914388
KB914389
KB917344
KB917422
KB917734
KB917953
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922760
KB922819
KB923191
KB923414
KB923980
KB924191
KB924496
KB925486
Q147222
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{72FD300E-EE4E-49C7-93F8-C4C86CF13155}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.10.25.2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{72FD300E-EE4E-49C7-93F8-C4C86CF13155}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{72FD300E-EE4E-49C7-93F8-C4C86CF13155}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'BIGBYTE' is to '\\server.bigbyte.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
[/quote]
еще в догонку сделал dcdiag /test:dns против обоих серверов
тут напротив 2003
Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : bigbyte
Running enterprise tests on : bigbyte.com
Starting test: DNS
Test results for domain controllers:
DC: server.bigbyte.com
Domain: bigbyte.com
TEST: Basic (Basc)
Warning: adapter [00000000] Intel 8255x-based PCI Ethernet Adapter (10/100) has invalid DNS server: 10.10.1.1 (<name unavailable>)
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure bigbyte.com.
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 10.10.1.1 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.10.1.1
Name resolution is not functional. _ldap._tcp.bigbyte.com. failed on the DNS server 10.10.1.1
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: bigbyte.com
server PASS WARN PASS PASS WARN PASS n/a
......................... bigbyte.com passed test DNS
[/quote]
надеюсь на помощь - все еще актуально не работает.
w2k? случайно не русифицированная?
Был похожий косяк. Запускал ADSIedit.msc, сбрасывал права на дефолтные.
Еще аудит доступа к веткам реестра ставил, смотрел чего не хватает, добавлял.
Правильно настроенный бэкап значительно сокращает трафик форумов.
DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'server.bigbyte.com' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server '10.10.26.1' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.10.25.2' and other DCs also have some of the names registered.
[/quote]
2003
Цитата
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.
[/quote]
Прописать статику на 2003 DC.
На 2003 DC: DNS Servers . . . . . . . . . . . : Primari 10.10.25.2, Alternate 2003 DC
на 2003 чтоит статика, на 2000 второй интерфейс, как видно из названия, доступ в инет.
к стати, когда на 2000 запретил сетевое соединение - репликация прошла и роли передал на 2003.
вообщем сервер как бы работает но и как бы нет - залогонится не дает, шары не пускает соотвесно, работает только роутер в нет, так что пока что писать могу.
перелопатил кучу инфы на микрософте, и т.д. непомогает
нинаю что и делать.
оригинальный сервак отключен уже и удален из списка серверов домена.
а новый сервер отказывается быть глобальным каталогом.
Петр » 22 ноя 2006, 18:20