Хелп. Восстановление GP и PDC на WS2003-м

Модераторы: Trinity admin`s, Free-lance moderator`s

Ответить
san379
Junior member
Сообщения: 4
Зарегистрирован: 02 авг 2011, 10:46
Откуда: Санкт-Петербург

Хелп. Восстановление GP и PDC на WS2003-м

Сообщение san379 » 02 авг 2011, 12:11

Добрый день всем.

Возникла вот такого рода проблемка:
Было 3 контролёра домена на WS2003: Server01, Server02, FServer. Вроде как все равнозначны, но вспоминается лет 5 назад устанавливая на Server02, какие-то роли были даны как PDC. На днях Server02 умер, а точнее в один из дней дал сбой и после перезагрузки стал выводить сообщение:

Код: Выделить всё

lsass.exe - System Error 
Security Accounts Manager initialization failed
because of the following error: Directory Service cannot start. Error Status:
0xc00002e1. Please click OK to shutdown this system and reboot into Directory
Services Restore Mode, check the event log for more detailed information. 
И кнопка ОК, при нажатии уходит в перезагрузку и по кругу.

Вроде всё работает, люди входят, но на двух оставшихся нет возможности открыть GP и КАК ТЕПЕРЬ ПРАВИЛЬНО ПЕРЕТЯНУТЬ? главные роли на Server01, потому-что в логе Directory Service - Server01:

Код: Выделить всё

The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently. 
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
 
FSMO Role: DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
FSMO Server DN: CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
Latency threshold (hours): 24 
Elapsed time since last successful replication (hours): 133 
 
User Action: 
 
This server has not replicated successfully with the FSMO role holder server. 
1. The FSMO role holder server may be down or not responding. Please address the problem with this server. 
2. Determine whether the role is set properly on the FSMO role holder server. If the role needs to be adjusted, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 
3. If the FSMO role holder server used to be a domain controller, but was not demoted successfully, then the objects representing that server are still in the forest. This can occur if a domain controller has its operating system reinstalled or if a forced removal is performed.  These lingering state objects should be removed using the NTDSUTIL.EXE metadata cleanup function. 
4. The FSMO role holder may not be a direct replication partner. If it is an indirect or transitive partner, then there are one or more intermediate replication partners through which replication data must flow. The total end to end replication latency should be smaller than the replication latency threshold, or else this warning may be reported prematurely. 
5. Replication is blocked somewhere along the path of servers between the FSMO role holder server and this server.  Consult your forest topology plan to determine the likely route for replication between these servers. Check the status of replication using repadmin /showrepl at each of these servers. 
 
The following operations may be impacted: 
Schema: You will no longer be able to modify the schema for this forest. 
Domain Naming: You will no longer be able to add or remove domains from this forest. 
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts. 
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. 
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently. 
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
 
FSMO Role: CN=Infrastructure,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
FSMO Server DN: CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
Latency threshold (hours): 24 
Elapsed time since last successful replication (hours): 133 
 

***************

The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently. 
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
 
FSMO Role: CN=RID Manager$,CN=System,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
FSMO Server DN: CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
Latency threshold (hours): 24 
Elapsed time since last successful replication (hours): 133 
 
User Action: 
 
**************

This is the replication status for the following directory partition on the local domain controller. 
 
Directory partition:
DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
 
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. 
 
Latency Interval (Hours): 
24 
Number of domain controllers in all sites:
1 
Number of domain controllers in this site:
1 
 
The latency interval can be modified with the following registry key. 
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. 
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


**************

The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently. 
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
 
FSMO Role: CN=Partitions,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
FSMO Server DN: CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
Latency threshold (hours): 24 
Elapsed time since last successful replication (hours): 133 
 
User Action: 
 
...

*************


This is the replication status for the following directory partition on the local domain controller. 
 
Directory partition:
CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
 
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. 
 
Latency Interval (Hours): 
24 
Number of domain controllers in all sites:
1 
Number of domain controllers in this site:
1 
 
The latency interval can be modified with the following registry key. 
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. 
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*****************



The remote server which is the owner of a FSMO role is not responding.  This server has not replicated with the FSMO role owner recently. 
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
 
FSMO Role: CN=Schema,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
FSMO Server DN: CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
Latency threshold (hours): 24 
Elapsed time since last successful replication (hours): 133 
 
User Action: 

... 


*************

This is the replication status for the following directory partition on the local domain controller. 
 
Directory partition:
CN=Schema,CN=Configuration,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
 
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. 
 
Latency Interval (Hours): 
24 
Number of domain controllers in all sites:
1 
Number of domain controllers in this site:
1 
 
The latency interval can be modified with the following registry key. 
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. 
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*************


This is the replication status for the following directory partition on the local domain controller. 
 
Directory partition:
DC=DomainDnsZones,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
 
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. 
 
Latency Interval (Hours): 
24 
Number of domain controllers in all sites:
1 
Number of domain controllers in this site:
1 
 
The latency interval can be modified with the following registry key. 
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. 
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*************


This is the replication status for the following directory partition on the local domain controller. 
 
Directory partition:
DC=ForestDnsZones,DC=s-petersburg,DC=ХХХХ,DC=spb,DC=ru 
 
The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. 
 
Latency Interval (Hours): 
24 
Number of domain controllers in all sites:
1 
Number of domain controllers in this site:
1 
 
The latency interval can be modified with the following registry key. 
 
Registry Key:  
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
 
To identify the domain controllers by name, install the support tools included on the installation  CD and run dcdiag.exe. 
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest.   The command is "repadmin /showvector /latency <partition-dn>".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Roman14
Junior member
Сообщения: 8
Зарегистрирован: 26 июл 2011, 11:49
Откуда: Москва

Re: Хелп. Восстановление GP и PDC на WS2003-м

Сообщение Roman14 » 04 авг 2011, 08:21

При "падении" одного из DC, а также при замене на новое железо, для передачи ролей я пользовался статьей http://support.microsoft.com/kb/255504/RU/.
Также, нужно проверить, где сейчас расположен Глобальный каталог. Можно сделать его обоих оставшихся DC

san379
Junior member
Сообщения: 4
Зарегистрирован: 02 авг 2011, 10:46
Откуда: Санкт-Петербург

Re: Хелп. Восстановление GP и PDC на WS2003-м

Сообщение san379 » 08 авг 2011, 17:27

Roman14 писал(а):При "падении" одного из DC, а также при замене на новое железо, для передачи ролей я пользовался статьей http://support.microsoft.com/kb/255504/RU/.
Также, нужно проверить, где сейчас расположен Глобальный каталог. Можно сделать его обоих оставшихся DC
Согласен статья хорошая, тоже её нашёл, по ней и сделал.
А как глобальный каталог распределить чтоб на обоих оставшихся был?

Ответить

Вернуться в «Серверы - ПО, Windows система, приложения.»

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 8 гостей