تخفیف های ویژه عیدانه توسینسو
تا 60 درصد تخفیف ویژه
00ساعت 00دقیقه 00ثانیه
sabtx12

اکتیو دایرکتوری

با سلام 

یک DC داریم دفتر مرکزی مون و دو تا شعبه هم در استان یکی از شعبه هامون با DC مون ارتباط داره و ریپلیکیت میکنه ولی یکی از شعبه هامون نه. شعبه ای که ریپلیکیت نمیکنه پینگ داریم ولی ریموت نمیتونیم به سرور اکتیو اون شعبه زد ولی از شعبه میشه ریموت به DC زد دلیلش چیه؟

این سوال 1 پاسخ دارد.
لذت یادگیری با توسینسو
به عنوان شخصی که مدت هاست از سایت توسینسو استفاده می کنم باید بگم که واقعاً یکی از بهترین مرجع ها برای ارتقاء دانش شخصی هست. دوره های سایت، راهکارها و مطالب، همگی عالی هستند.

سیستم عامل DC ها چیه ؟

DC شعبه ای که Replicate نمی کنه سالم هست ؟ دستور DCDiag /c /v /e /q رو روی همه DC ها اجرا کنید و خروجی رو ارسال کنید. ( لطفا از گزینه پاراگراف -> بلوک ها -> پیش برای ارسال خروجی های دستورات استفاده کنید )

خروجی دستور Repadmin /replsum رو هم ارسال کنید.

Senior Systems Engineer
sabtx12

سرور 2016

اره هفته پیش جوینش کردیم به سرور اصلی

C:\Users\s>dcdiag /c /v /e /q
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... ADDTEHRANSRV failed test Connectivity
            [DCSRV] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with error 8453,
         Source DC ADDTEHRANSRV has possible security error (1722).  Diagnosing...
               Error 2184 querying time on DC ADDTEHRANSRV.  Ignoring this DC and continuing...
               Could not open pipe with [ADDTEHRANSRV]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
         ......................... DCSRV failed test CheckSecurityError
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... DCSRV failed test DFSREvent
         [DCSRV] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... DCSRV failed test NetLogons
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=ForestDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:25:54.
            The last success occurred at 2020-01-16 15:22:33.
            149 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=DomainDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:23:05.
            The last success occurred at 2020-01-16 15:42:29.
            186 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Schema,CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:24:30.
            The last success occurred at 2020-01-16 15:22:33.
            133 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:23:47.
            The last success occurred at 2020-01-16 15:22:33.
            154 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:25:12.
            The last success occurred at 2020-01-16 16:14:21.
            3140 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... DCSRV failed test Replications
            Could not open NTDS Service on DCSRV, error 0x5 "Access is denied."
         ......................... DCSRV failed test Services
         An error event occurred.  EventID: 0x00002720
            Time Generated: 01/21/2020   15:45:26
            Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
         An error event occurred.  EventID: 0x0000166D
            Time Generated: 01/21/2020   16:23:17
            Event String: Netlogon could not register the XYZ<1B> name for the following reason:
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:17
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:20
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         ......................... DCSRV failed test SystemLog
         Source DC ADDTEHRANSRV has possible security error (1722).  Diagnosing...
               Error 2184 querying time on DC ADDTEHRANSRV.  Ignoring this DC and continuing...
               Could not open pipe with [ADDTEHRANSRV]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
         ......................... ADDSRV failed test CheckSecurityError
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... ADDSRV failed test DFSREvent
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:38:38
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:43:38
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:48:38
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:53:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:58:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:03:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:08:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:13:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:18:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:23:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:28:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:33:41
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         ......................... ADDSRV failed test SystemLog
                           ......................... ADDTEHRANSRV failed test DNS
                  ......................... DCSRV failed test DNS
         Test results for domain controllers:

            DC: DCSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Basic (Basc)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC


         DC: ADDSRV.XYZ.IR
         Domain: XYZ.IR


            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters


            DC: ADDTehranSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: XYZ.IR
               DCSRV                        PASS FAIL n/a  n/a  n/a  n/a  n/a
               ADDSRV                       PASS WARN PASS PASS WARN FAIL n/a
               ADDTehranSRV                 FAIL FAIL n/a  n/a  n/a  n/a  n/a

         ......................... XYZ.IR failed test DNS


نتیجه بالا بر روی DC اصلی هست

C:\Users\s>repadmin /replsum
Replication Summary Start Time: 2020-01-21 16:50:39

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 ADDSRV                    11m:36s    0 /   5    0
 ADDTEHRANSRV      05d.01h:28m:06s    5 /   5  100  (1722) The RPC server is unavailable.
 DCSRV                     12m:01s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 ADDSRV                    12m:01s    0 /   5    0
 DCSRV             05d.01h:28m:06s    5 /  10   50  (1722) The RPC server is unavailable.


Experienced the following operational errors trying to retrieve replication information:
        58 - ADDTehranSRV.XYZ.IR

نتیجه دستور repadmin /replsum در DC اصلی

 

C:\Users\s>dcdiag /c /v /e /q
         Server ADDSRV resolved to these IP addresses: 192.168.25.2, but none of the addresses could be reached (pinged). Please check the network.
         Error: 0x2b02 "Error due to lack of resources."
         This error more often means that the targeted server is shutdown or disconnected from the network.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... ADDSRV failed test Connectivity
         Source DC ADDTEHRANSRV has possible security error (1722).  Diagnosing...
               [ADDTEHRANSRV] User credentials does not have permission to perform this operation.
               The account used for this test must have network logon privileges
               for this machine's domain.
               [ADDTEHRANSRV] Unable to verify logon privileges on DC shares.  Please check the above output and take appropriate steps.
               [ADDTEHRANSRV] Unable to diagnose problem for this source.  See any errors reported in attempting tests.
         ......................... DCSRV failed test CheckSecurityError
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... DCSRV failed test DFSREvent
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=DomainDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:23:05.
            The last success occurred at 2020-01-16 15:42:29.
            186 failures have occurred since the last success.
            The source ADDTEHRANSRV is responding now.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=ForestDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:25:54.
            The last success occurred at 2020-01-16 15:22:33.
            149 failures have occurred since the last success.
            The source ADDTEHRANSRV is responding now.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Schema,CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:28:02.
            The last success occurred at 2020-01-16 15:22:33.
            134 failures have occurred since the last success.
            The source ADDTEHRANSRV is responding now.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:30:09.
            The last success occurred at 2020-01-16 15:22:33.
            155 failures have occurred since the last success.
            The source ADDTEHRANSRV is responding now.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:33:08.
            The last success occurred at 2020-01-16 16:14:21.
            3144 failures have occurred since the last success.
            The source ADDTEHRANSRV is responding now.
         ......................... DCSRV failed test Replications
         An error event occurred.  EventID: 0x00002720
            Time Generated: 01/21/2020   15:45:26
            Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
         An error event occurred.  EventID: 0x0000166D
            Time Generated: 01/21/2020   16:23:17
            Event String: Netlogon could not register the XYZ<1B> name for the following reason:
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:17
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:20
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         ......................... DCSRV failed test SystemLog
            [ADDTEHRANSRV] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with error 8453,
         [ADDTEHRANSRV] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... ADDTEHRANSRV failed test DFSREvent
         [ADDTEHRANSRV] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... ADDTEHRANSRV failed test NetLogons
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         [Replications Check,ADDTEHRANSRV] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied."
         ......................... ADDTEHRANSRV failed test Replications
            Could not open NTDS Service on ADDTEHRANSRV, error 0x5 "Access is denied."
         ......................... ADDTEHRANSRV failed test Services
                           ......................... ADDTEHRANSRV failed test DNS
                  ......................... ADDSRV failed test DNS
         Test results for domain controllers:

            DC: DCSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Basic (Basc)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters


            DC: ADDSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: XYZ.IR
               DCSRV                        PASS FAIL PASS PASS WARN FAIL n/a
               ADDSRV                       FAIL FAIL n/a  n/a  n/a  n/a  n/a

         ......................... XYZ.IR failed test DNS

نتیجه دستور در ADD تهرانمون

C:\Users\s>repadmin /replsum
Replication Summary Start Time: 2020-01-21 17:06:33

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 ADDSRV                    09m:32s    0 /   5    0
 ADDTEHRANSRV      05d.01h:44m:00s    5 /   5  100  (1722) The RPC server is unavailable.
 DCSRV                     43m:58s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 ADDTEHRANSRV              44m:20s    0 /   5    0
 DCSRV             05d.01h:44m:00s    5 /  10   50  (1722) The RPC server is unavailable.


Experienced the following operational errors trying to retrieve replication information:
          58 - ADDSRV.XYZ.IR

نتیجه دستور repadmin /replsum در تهران

C:\Users\s>dcdiag /c /v /e /q
         Server ADDTEHRANSRV resolved to these IP addresses: 192.168.15.2, but none of the addresses could be reached (pinged). Please check the network.
         Error: 0x2b02 "Error due to lack of resources."
         This error more often means that the targeted server is shutdown or disconnected from the network.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... ADDTEHRANSRV failed test Connectivity
         Source DC ADDTEHRANSRV has possible security error (1722).  Diagnosing...
               Error 2184 querying time on DC ADDTEHRANSRV.  Ignoring this DC and continuing...
               Could not open pipe with [ADDTEHRANSRV]:failed with 53: The network path was not found.
               Could not get NetBIOSDomainName
               Failed can not test for HOST SPN
               Failed can not test for HOST SPN
         ......................... DCSRV failed test CheckSecurityError
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... DCSRV failed test DFSREvent
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=ForestDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:25:54.
            The last success occurred at 2020-01-16 15:22:33.
            149 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=DomainDnsZones,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:23:05.
            The last success occurred at 2020-01-16 15:42:29.
            186 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Schema,CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:28:02.
            The last success occurred at 2020-01-16 15:22:33.
            134 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: CN=Configuration,DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:30:09.
            The last success occurred at 2020-01-16 15:22:33.
            155 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,DCSRV] A recent replication attempt failed:
            From ADDTEHRANSRV to DCSRV
            Naming Context: DC=XYZ,DC=IR
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2020-01-21 16:33:08.
            The last success occurred at 2020-01-16 16:14:21.
            3144 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... DCSRV failed test Replications
         An error event occurred.  EventID: 0x00002720
            Time Generated: 01/21/2020   15:45:26
            Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
         An error event occurred.  EventID: 0x0000166D
            Time Generated: 01/21/2020   16:23:17
            Event String: Netlogon could not register the XYZ<1B> name for the following reason:
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:17
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 01/21/2020   16:23:20
            Event String:
            The name "XYZ         :1b" could not be registered on the interface with IP address 192.168.5.2. The computer with the IP address 192.168.5.13 did not allow the name to be claimed by this computer.
         ......................... DCSRV failed test SystemLog
            [ADDSRV] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with error 8453,
         [ADDSRV] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:.
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... ADDSRV failed test DFSREvent
         [ADDSRV] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... ADDSRV failed test NetLogons
         ** Did not run Outbound Secure Channels test because /testdomain: was not entered
         [Replications Check,ADDSRV] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied."
         ......................... ADDSRV failed test Replications
            Could not open NTDS Service on ADDSRV, error 0x5 "Access is denied."
         ......................... ADDSRV failed test Services
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   15:58:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:03:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:08:39
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:13:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:18:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:23:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:28:40
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:33:41
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:38:41
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         An error event occurred.  EventID: 0x00000067
            Time Generated: 01/21/2020   16:43:41
            Event String: The removal of the assignment of application Mozilla Firefox 71.0 x64 en-US from policy File Fierfox MSI failed.  The error was : %%2
         ......................... ADDSRV failed test SystemLog
                           ......................... ADDSRV failed test DNS
                  ......................... ADDTEHRANSRV failed test DNS
         Test results for domain controllers:

            DC: DCSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Basic (Basc)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters


            DC: ADDTehranSRV.XYZ.IR
            Domain: XYZ.IR


               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: XYZ.IR
               DCSRV                        PASS FAIL PASS PASS WARN FAIL n/a
               ADDTehranSRV                 FAIL FAIL n/a  n/a  n/a  n/a  n/a

         ......................... XYZ.IR failed test DNS

نتیجه دستور در شعبه اولمون

C:\Users\s>repadmin /replsum
Replication Summary Start Time: 2020-01-21 17:06:53

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 ADDSRV                    09m:52s    0 /   5    0
 ADDTEHRANSRV      05d.01h:44m:20s    5 /   5  100  (1722) The RPC server is unavailable.
 DCSRV                     28m:15s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 ADDSRV                    28m:17s    0 /   5    0
 DCSRV             05d.01h:44m:21s    5 /  10   50  (1722) The RPC server is unavailable.


Experienced the following operational errors trying to retrieve replication information:
          58 - ADDTehranSRV.XYZ.IR

نتیجه دستور repadmin /replsum در شعبه دوم

 

زندگی حاصل سالها تلاش در دل سختی هاست
sabtx12
C:\Users\s>repadmin /replsum
Replication Summary Start Time: 2020-01-21 16:50:39

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 ADDSRV                    11m:36s    0 /   5    0
 ADDTEHRANSRV      05d.01h:28m:06s    5 /   5  100  (1722) The RPC server is unavailable.
 DCSRV                     12m:01s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 ADDSRV                    12m:01s    0 /   5    0
 DCSRV             05d.01h:28m:06s    5 /  10   50  (1722) The RPC server is unavailable.


Experienced the following operational errors trying to retrieve replication information:
        58 - ADDTehranSRV.XYZ.IR
زندگی حاصل سالها تلاش در دل سختی هاست

دوست عزیز لطفا از گزینه پاراگراف -> بلوک ها -> پیش برای ارسال خروجی های دستورات استفاده کنید.

Senior Systems Engineer
sabtx12

بله ممنونم از راهنمایی درست کردم بلوک بندی رو

زندگی حاصل سالها تلاش در دل سختی هاست

سیستم عامل همه ی DC ها 2016 هست ؟

دستور ipconfig /all رو روی همه DC ها اجرا کنید و خروجی رو توی یه فضای اشتراکی مثل Dropbox و ... آپلود کنید و لینکش رو بدید. خروجی ها رو لطفا اینجا پیوست نکنید خیلی طولانی میشه.

با توجه به بعضی از ارور ها فکر می کنم Command Prompt رو با سطح دسترسی ادمین دامین اجرا نکردید. لطفا CMD رو با دسترسی یوزر Domain Admin اجرا کنید و دستور DCDiag /c /v /e /q رو روی همه DC ها اجرا کنید و خروجی ها رو توی فضای اشتراکی آپلود کنید.

ارور rpc نشون دهنده اینه که فایروال داره برخی از ترافیک های مربوط به DC ها رو بلاک می کنه. موقتا فایروال همه DC ها رو خاموش کنید و یا اینکه ترافیک Remote Service Management رو توی فایروال همه DC ها به صورت دو طرفه Allow کنید.

NetBIOS Over TCP/IP رو هم توی همه DC ها Enable کنید.

از پایداری اتصال کارت شبکه Additional DC ها هم مطمئن بشید. ظاهرا یه چیزی سعی داره کارت شبکه رو فعال و غیرفعال کنه ...

دستور زیر رو هم روی DC ها اجرا کنید و خروجیش رو آپلود کنید :

DCDIAG /TEST:DNS

تاکید می کنم ، دستور رو با سطح دسترسی Domain Admin اجرا کنید. CMD رو Run as Administrator کنید.

Senior Systems Engineer
sabtx12

سلام بله همه DC ها 2016 هست

چشم همه رو به صورت فایل onedrive ارسال کردم و در زیر لینک رو قرار میدم .

فایروال همه DC ها غیر فعاله فقط یک نکته که Kaspersky بر روی DC ها نصب هست.

این نمیدونم چیه؟ NetBIOS Over TCP/IP رو هم توی همه DC ها Enable کنید.

فایروال کریو هر دو طرف داریم ولی رنج شبکه به همراه همه پورت ها رو آزاد کردم و یک نکته این که ما برای شعبه مون ارتباط MPLS داریم.

خروجی DCDIAG در DC

خروجی IPCONFIG در DC

خروجی dcdiag /testDNS در DC

خروجی IPCONFIG در ADD

خروجی dcdiag در ADD

خروجی dcdiag testdns در ADD

زندگی حاصل سالها تلاش در دل سختی هاست

روی کارت شبکه دامین کنترلر راست کلیک کنید و Properties رو بزنید بعد روی گزینه TCP/IPv4 کلیک کنید و باز هم Properties  رو بزنید و Advanced رو انتخاب کنید. تو تب WINS گزینه Enable NetBIOS Over TCP/IP رو انتخاب کنید و OK رو بزنید. پیشنهاد می کنم روی همه DC ها فعالش کنید.

فقط یک نکته که Kaspersky بر روی DC ها نصب هست.

احتمالا همین داره بلاک می کنه ترافیک رو. لطفا به صورت موقت غیرفعالش کنید و مجددا دستور DCDiag /c /v /e /q رو اجرا کنید. ارور rpc باید برطرف بشه این بار.

آدرس 4.2.2.4 و به صورت کلی آدرس Public DNS server ها رو از روی کارت شبکه DC ها بردارید و DNS address ها رو به صورت ضربدری ست کنید. یعنی Primary DNS server توی کارت شبکه هر DC باید به DC دوم و Preferred DNS server باید به خودش (127.0.0.1) اشاره کنه.

IPv6 رو هم غیرفعال کنید از توی کارت شبکه DC ها. روی کلاینت ها هم همینطور.

اگه کارت شبکه های اضافی روی DC ها دارید لطفا غیرفعالشون کنید. بعد از انجام این کار دستورات ipconfig /flushdns  و ipconfig /registerdns رو اجرا کنید. سرویس DNS server رو هم یکبار Restart کنید و بعدش سرویس Netlogon رو Restart کنید.

Senior Systems Engineer
sabtx12

Enable NetBIOS Over TCP/IP روی هر دو DC فعال کردم و همچنین kaspersky رو هم غیر فعال کردم. نتیجه دستور DCDIAG رو هم قرار میدم.

یک نکته ِِDomain Name ما دقیقا آدرس وب سایتمون هست و برای این که پرسنل بتونن به سایت دسترسی داشته باشند یک A رکورد با آدرس IP وب سایت شرکت تعریف کردیم مشکل میتونه از این باشه؟

نکته این که وب سایت شرکت روی هاست دیگری هست و روی سرور های خودمون نیست

DCDIAG on Primary DC

DCDIAG on Secondary

زندگی حاصل سالها تلاش در دل سختی هاست
sabtx12

یک چیز جالب وقتی IPv6 رو غیر فعال میکنم روی DC اصلی و بعد repadmin /syncall رو میزنم این مشکل پیش میاد

 

C:\Windows\system32>repadmin -syncall
CALLBACK MESSAGE: Error contacting server 36ee9481-0760-4dfe-b896-09dae4eccdea._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.
CALLBACK MESSAGE: Error contacting server 14520c5c-2165-4c35-8818-97cc0f1583f5._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.
CALLBACK MESSAGE: Error contacting server 0f46ba60-7ff8-4e82-8946-61376c44697f._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.

SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    The naming context specified for this replication operation is invalid.
زندگی حاصل سالها تلاش در دل سختی هاست

یک چیز جالب وقتی IPv6 رو غیر فعال میکنم روی DC اصلی و بعد repadmin /syncall رو میزنم این مشکل پیش میاد

مهم نیست بزارید غیرفعال بمونه.

یک نکته ِِDomain Name ما دقیقا آدرس وب سایتمون هست و برای این که پرسنل بتونن به سایت دسترسی داشته باشند یک A رکورد با آدرس IP وب سایت شرکت تعریف کردیم مشکل میتونه از این باشه؟

نباید این کار انجام میشد. دو تا کار میتونید برای حل این مشکل انجام بدید ، اولیش این هست که شما با استفاده از راه اندازی یک وب سرور داخلی و انجام عملیات Redirect کاری کنید که درخواست های وب شما به بیرون و سایت سازمانیتون ارسال بشه و روش بعدی استفاده از Split DNS هست.

 

Senior Systems Engineer
sabtx12

خب اینجوری که نمیتونه با DC شعبه سوم در ارتباط باشه؟

الان مشکل ریپلیکست به همین ارتباط داره؟

زندگی حاصل سالها تلاش در دل سختی هاست

خب اینجوری که نمیتونه با DC شعبه سوم در ارتباط باشه؟

میتونه

الان مشکل ریپلیکست به همین ارتباط داره؟

خیر

Senior Systems Engineer
sabtx12

خوب الان چکار باید بکنم که این دو شعبه من به هم وصل شن و ارتباط داشته باشن؟ به نظر شما؟

زندگی حاصل سالها تلاش در دل سختی هاست

وقتی توی DC شعبه ای که Replicate نمی کنه یه Object مثل یوزر اکانت میسازید میتونید توی DC های دیگه اون Object رو ببینید ؟

Senior Systems Engineer
sabtx12

خیر متاسفانه وقتی در DcC اصلی بک object ایجاد میکنم در شعبه سومم میره ولی در شعبه دومم که تهران هست نمیره و برعکس داخل شعبه تهرانم هیج objec ی به DC نمیاد و حتی DNS ها هم همینجور.

یک نکته: من داخل شبعه تهرانم site and services بندی کردم شعبه هامو ولی وقتی دیدم به شعبه اصلیم تغیرات اعمال نشد حذف کردم شعبه هارو و به حالت پیشفرض انتقال دادم

زندگی حاصل سالها تلاش در دل سختی هاست

وارد DC شعبه تهران بشید و ببینید میتونید SYSVOL share رو باز کنید ؟ 

از طریق کنسول AD Sites and Services از گزینه Replicate now استفاده کنید ببینید چه خطایی میده ؟ Connection object ها رو حتما چک کنید که وجود داشته باشن.

در ضمن زمان ( ساعت ، تاریخ ، منطقه زمانی) DC ها باید با همدیگه یکسان باشه.

 

Senior Systems Engineer
sabtx12

 آره باز میشه هم SYSVOL و هم netlog ولی netlog خالی بود

ارور RPC

اره ساعت و زمان یکی هست

 

زندگی حاصل سالها تلاش در دل سختی هاست

کنسول AD Sites and Services رو چک کردید ؟

Senior Systems Engineer
sabtx12

چیشو چک کنم

زندگی حاصل سالها تلاش در دل سختی هاست
sabtx12

از سمت DC مرکزی به DC تهران میزنم Replicate now ارور RPC میده

زندگی حاصل سالها تلاش در دل سختی هاست

گفتید وقتی IPv6 رو فعال می کنید ارور RPC برطرف میشه. این کار رو انجام دادید ؟

Senior Systems Engineer
sabtx12

نه 

چه IPv6 فعال باشه یا نباشه ارور رو داریم ولی وقتی غیر فعالش میکنیم ارور زیر میده

C:\Windows\system32>repadmin -syncall
CALLBACK MESSAGE: Error contacting server 36ee9481-0760-4dfe-b896-09dae4eccdea._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.
CALLBACK MESSAGE: Error contacting server 14520c5c-2165-4c35-8818-97cc0f1583f5._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.
CALLBACK MESSAGE: Error contacting server 0f46ba60-7ff8-4e82-8946-61376c44697f._msdcs.XYZ.IR (network error): 1722 (0x6ba):
    The RPC server is unavailable.

SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    The naming context specified for this replication operation is invalid.
زندگی حاصل سالها تلاش در دل سختی هاست

چه IPv6 فعال باشه یا نباشه ارور رو داریم

ارور RPC رو دارین یا ارور دیگه ؟ اگه RPC هست لینک زیر رو پیشنهاد می کنم ببینید :

https://theitbros.com/error-1722-the-rpc-server-is-unavailable

هر سئوالی راجب لینک بالا داشتید حتما بپرسید.

Senior Systems Engineer
sabtx12

سلام مشکل حل شد مشل از ارتباط Kerio بود و هم ارتباط روترمون هم روتر داشت Nat میکرد هم کریو که درست شد مشکل ما

زندگی حاصل سالها تلاش در دل سختی هاست
  • انتخاب شده به عنوان جواب توسط 1 نفر
پاسخ شما
برای ارسال پاسخ خود وارد شوید.
از سرتاسر توسینسو
تنظیمات حریم خصوصی
تائید صرفنظر
×