انتقال رولهای دامین کنترلر
با سلام. یک ویندوز 2008R2 دارم که Primary هست و تمام رولهای dc رو از روی اون به یک ویندوز 2016 انتقال دادم. و الان 2016 به عنوان primary و ویندوز 2008 به عنوان secondary میباشد. مشکل اینجاست که اگر 2008 در شبکه قطع بشه سرور 2016 هم قطع میشه. با تشکر.
11 پاسخ
سلام خوشحالم که مشکلتون برطرف شده. علت بوجود اومدن این مشکل اینه که تو این جور مواقع سرویس Netlogon میاد و SysvolReady Flag رو از توی Registry به سرعت میخونه. بعد سرویس Netlogon سعی می کنه که پوشه Windows\SYSVOL\domain\scripts\ رو Share کنه درست قبل از اینکه سرویس NTFRS این پوشه رو ایجاد کنه. که با تغییر دادن مقدار کلید SysvolReady به یک این مشکل برطرف میشه.
چون شما تبدیل کردید سرورها رو تعداد خطاها این وسط زیاد هست در خروجی DCDiag لطف کنید مراحل زیر رو به ترتیب و با نظم انجام بدید و بعد خروجی بگیرید و مجدد ارسال کنید :
- در سرور 2008 آدرس DNS سرور اول کارت شبکه رو سرور 2016 بدید
- در سرور 2008 آدرس DNS سرور دوم کارت شبکه رو سرور 2008 بدید ( خودش دوم باشه )
- در سرور 2016 آدرس DNS سرور اول رو سرور 2008 بدید
- در سرور 2016 آدرس DNS سرور دوم رو سرور 2016 بدید ( خودش دوم باشه )
- وارد Event Viewer سرور 2016 بشید و کل لاگها رو Clear کنید
- وارد Event Viewer سرور 2008 بشید و کل لاگها رو Clear کنید
- در DHCP سرورتون آدرس DNS سرور رو دو تا قرار بدید هم سرور 2008 و هم سرور 2016
- سرور 2008 رو Restart کنید و بزارید کامل بوت بشه و بهش login کنید
- سرور 2016 رو بعد از Login به سرور 2008 و بوت شدنش Restart کنید و بزارید بوت بشه و بعد لاگین کنید بهش
- حالا مجددا لاگ های Event Viewer رو حذف کنید و بعد خروجی دستور رو قرار بدید
دقت کنید که مراحل به ترتیب و با نظم انجام بشن ...
عرض سلام مجدد حضور همه عزیزان. پس از کلی گشت و وب گردی در آخر در یک سایت به مطلبی برخورد کردم که خوشبختانه مشکلم حل شد و اون رو به اشتراک شما میزارم . شاید یک روز هم بدرد شما بخوره. در این وب سایت گفته بود به آدرس رجیستری زیر برید و کلید SysVolReady رو به 1 تغییر بدید و دامین کنترلر رو یک بار ریست کنید. این آدرس به قار زیر است:
HLM\system\currentcontrolsert\services\netlogon\parameters
ولی نفهمیدم این کلید کارش چیه ! اگه کسی میدونه ممنون میشم. ضمنا از همه عزیزان بخصوص آقای نصیری که وقت گذاشتند تشکر و قدردانی میکنم.
دستورات مطابق فوق انجام شد و خروجی بصورت زیر میباشد :
سرور 2016:
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PRDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRDC
Starting test: Connectivity
......................... PRDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRDC
Starting test: Advertising
Warning: DsGetDcName returned information for \\PRIDC.insig.ir, when we were trying to reach PRDC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... PRDC failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... PRDC passed test FrsEvent
Starting test: DFSREvent
......................... PRDC passed test DFSREvent
Starting test: SysVolCheck
......................... PRDC passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 03132019 13:34:47
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
......................... PRDC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PRDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PRDC passed test MachineAccount
Starting test: NCSecDesc
......................... PRDC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PRDC\netlogon)
[PRDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... PRDC failed test NetLogons
Starting test: ObjectsReplicated
......................... PRDC passed test ObjectsReplicated
Starting test: Replications
......................... PRDC passed test Replications
Starting test: RidManager
......................... PRDC passed test RidManager
Starting test: Services
......................... PRDC passed test Services
Starting test: SystemLog
......................... PRDC passed test SystemLog
Starting test: VerifyReferences
......................... PRDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : insig
Starting test: CheckSDRefDom
......................... insig passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... insig passed test CrossRefValidation
Running enterprise tests on : insig.ir
Starting test: LocatorCheck
......................... insig.ir passed test LocatorCheck
Starting test: Intersite
......................... insig.ir passed test Intersite
سرور 2008 :
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PRIDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIDC
Starting test: Connectivity
......................... PRIDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIDC
Starting test: Advertising
......................... PRIDC passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PRIDC passed test FrsEvent
Starting test: DFSREvent
......................... PRIDC passed test DFSREvent
Starting test: SysVolCheck
......................... PRIDC passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 03132019 13:30:04
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
......................... PRIDC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PRIDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PRIDC passed test MachineAccount
Starting test: NCSecDesc
......................... PRIDC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PRIDC\netlogon)
[PRIDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... PRIDC failed test NetLogons
Starting test: ObjectsReplicated
......................... PRIDC passed test ObjectsReplicated
Starting test: Replications
......................... PRIDC passed test Replications
Starting test: RidManager
......................... PRIDC passed test RidManager
Starting test: Services
......................... PRIDC passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000165B
Time Generated: 03132019 13:37:44
Event String:
The session setup from computer 'MILGERD-YAARAHM' failed because the security database does not contain a trust account 'MILGERD-YAARAHM$' re
ferenced by the specified computer.
......................... PRIDC failed test SystemLog
Starting test: VerifyReferences
......................... PRIDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : insig
Starting test: CheckSDRefDom
......................... insig passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... insig passed test CrossRefValidation
Running enterprise tests on : insig.ir
Starting test: LocatorCheck
......................... insig.ir passed test LocatorCheck
Starting test: Intersite
......................... insig.ir passed test Intersite
C:\Windows\system32>
سه مورد رو در وهله اول چک کنید :
- Replication بین دومین کنترلرها درست انجام میشه ؟ با دستور repadmin /syncall می تونید تست کنید
- آیا روی جفت سرورهای DC آدرس IP سرور بعدی به عنوان DNS دومی قرار گرفته ؟
- مورد سوم رو هم اضافه کنم که سرویس DHCP شما باید آدرس هر دو سرور رو به عنوان DNS کلاینت ها بده
با زدن این دستور خطای Replication access was denied. ظاهر میشه ولی جالب اینجاست که من روی هرکدوم از DCها یک یوزر میسازم روی دومی هم ساخته میشه و این یعنی عمل replication انجام شده.
سلام ، مشکلتون این هست که زمانی که کلاینت ها بوت میشن و میان بالا از DNS سرور Primary برای پیدا کردن دامین کنترلر استفاده می کنن و زمانی که دامین کنترلر Primary تو مدار هست تلاش نمی کنن برن سراغ Secondary DNS Server. کاری که باید بکنید این هست که کلاینت هایی که هنگام بوت نمیتونن با دامین کنترلر ارتباط برقرار کنن رو یکبار Restart کنید. اگه درست نشد در فایل Hosts کلاینت ها آدرس هر دو دامین کنترلر رو وارد کنید و فایل رو ذخیره کنید. در ضمن حتما هر دو دامین کنترلر رو به عنوان Global Catalog Server تنظیم کنید.
خروجی دستور روی سرور 2016
C:\WINDOWS\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PRDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRDC
Starting test: Connectivity
......................... PRDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRDC
Starting test: Advertising
Warning: DsGetDcName returned information for \\TDC.insig.ir, when we were trying to reach PRDC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... PRDC failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... PRDC passed test FrsEvent
Starting test: DFSREvent
......................... PRDC passed test DFSREvent
Starting test: SysVolCheck
......................... PRDC passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 03/13/2019 11:19:01
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
......................... PRDC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PRDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PRDC passed test MachineAccount
Starting test: NCSecDesc
......................... PRDC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PRDC\netlogon)
[PRDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... PRDC failed test NetLogons
Starting test: ObjectsReplicated
......................... PRDC passed test ObjectsReplicated
Starting test: Replications
......................... PRDC passed test Replications
Starting test: RidManager
......................... PRDC passed test RidManager
Starting test: Services
......................... PRDC passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:14:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00002720
Time Generated: 03/13/2019 11:14:56
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
A warning event occurred. EventID: 0x000727A5
Time Generated: 03/13/2019 11:14:59
Event String: The WinRM service is not listening for WS-Management requests.
An error event occurred. EventID: 0x0000040B
Time Generated: 03/13/2019 11:19:06
Event String:
The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data.
An error event occurred. EventID: 0x0000040C
Time Generated: 03/13/2019 11:19:06
Event String:
The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data.
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/13/2019 11:19:06
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.insig.ir. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x0000000C
Time Generated: 03/13/2019 11:19:18
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x00002724
Time Generated: 03/13/2019 11:19:26
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:20:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0x00001796
Time Generated: 03/13/2019 11:21:37
Event String:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
An error event occurred. EventID: 0x00002720
Time Generated: 03/13/2019 11:22:36
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:25:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
......................... PRDC failed test SystemLog
Starting test: VerifyReferences
......................... PRDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : insig
Starting test: CheckSDRefDom
......................... insig passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... insig passed test CrossRefValidation
Running enterprise tests on : insig.ir
Starting test: LocatorCheck
......................... insig.ir passed test LocatorCheck
Starting test: Intersite
......................... insig.ir passed test Intersite
C:\WINDOWS\system32>
خروجی دستور روی سرور 2008R2
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PRIDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIDC
Starting test: Connectivity
......................... PRIDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIDC
Starting test: Advertising
......................... PRIDC passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PRIDC passed test FrsEvent
Starting test: DFSREvent
......................... PRIDC passed test DFSREvent
Starting test: SysVolCheck
......................... PRIDC passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 03/13/2019 11:24:26
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
......................... PRIDC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PRIDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PRIDC passed test MachineAccount
Starting test: NCSecDesc
......................... PRIDC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\PRIDC\netlogon)
[PRIDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... PRIDC failed test NetLogons
Starting test: ObjectsReplicated
......................... PRIDC passed test ObjectsReplicated
Starting test: Replications
......................... PRIDC passed test Replications
Starting test: RidManager
......................... PRIDC passed test RidManager
Starting test: Services
......................... PRIDC passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 03/13/2019 11:17:37
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verifi
ed. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate usin
g certutil.exe or enroll for a new KDC certificate.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/13/2019 11:18:02
Event String: The session setup from the computer ZOB-YASINZAD failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:18:32
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934
F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/13/2019 11:24:20
Event String: The MAC Bridge service failed to start due to the following error:
A warning event occurred. EventID: 0x8000001D
Time Generated: 03/13/2019 11:24:23
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verifi
ed. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate usin
g certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x800009CF
Time Generated: 03/13/2019 11:24:27
Event String:
The server service was unable to recreate the share NETLOGON because the directory C:\Windows\SYSVOL\sysvol\insig.ir\SCRIPTS no longer exists
. Please run "net share NETLOGON /delete" to delete the share, or recreate the directory C:\Windows\SYSVOL\sysvol\insig.ir\SCRIPTS.
An error event occurred. EventID: 0x0000164A
Time Generated: 03/13/2019 11:24:31
Event String: The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\insig.ir\SCRIPTS. The following error occurred:
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/13/2019 11:24:39
Event String: Name resolution for the name 11.0.168.192.in-addr.arpa timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00001795
Time Generated: 03/13/2019 11:24:44
Event String:
The program lsass.exe, with the assigned process ID 620, could not authenticate locally by using the target name ldap/ForestDnsZones.insig.ir
. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
An error event occurred. EventID: 0xC2000001
Time Generated: 03/13/2019 11:24:59
Event String: Unexpected failure. Error code: 490@01010004
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:25:00
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934
F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:25:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934
F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000457
Time Generated: 03/13/2019 11:25:26
Event String:
Driver Xerox WorkCentre 5845 PCL6 required for printer Xerox WorkCentre 5845 PCL6 is unknown. Contact the administrator to install the driver
before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/13/2019 11:25:27
Event String:
Driver Foxit Reader PDF Printer Driver required for printer Foxit Reader PDF Printer is unknown. Contact the administrator to install the dri
ver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/13/2019 11:25:40
Event String:
Driver hp LaserJet 1160 required for printer !!192.168.1.10!hp LaserJet 1160 is unknown. Contact the administrator to install the driver befo
re you log in again.
An error event occurred. EventID: 0x0000165B
Time Generated: 03/13/2019 11:26:09
Event String:
The session setup from computer 'EDARI-BORAJEE' failed because the security database does not contain a trust account 'EDARI-BORAJEE$' refere
nced by the specified computer.
A warning event occurred. EventID: 0x000727AA
Time Generated: 03/13/2019 11:27:04
Event String: The WinRM service failed to create the following SPNs: WSMAN/PRIDC.insig.ir; WSMAN/PRIDC.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/13/2019 11:28:14
Event String: The session setup from the computer EDARI-BORAJEE failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x00000422
Time Generated: 03/13/2019 11:30:03
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\insig.ir\SysVol\insig.ir\Policies\{31DB35AA-2927-4976-AE83-FC6934
F850F1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x0000165B
Time Generated: 03/13/2019 11:30:50
Event String:
The session setup from computer 'ZOB-YASINZAD' failed because the security database does not contain a trust account 'ZOB-YASINZAD$' referenc
ed by the specified computer.
......................... PRIDC failed test SystemLog
Starting test: VerifyReferences
......................... PRIDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : insig
Starting test: CheckSDRefDom
......................... insig passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... insig passed test CrossRefValidation
Running enterprise tests on : insig.ir
Starting test: LocatorCheck
CMD رو باز دسترسی Administrator باز می کنید ؟ آدرس های DNS رو ضربدری روی سرورها وارد کنید یکیش رو Restart کنید منتظر بمونید که Start بشه کامل و وارد سیستم عامل بشید و سرور دوم رو Restart کنید و منتظر بشید بالا بیاد کامل ، ترجیحا کل محتویات Event Viewer رو حذف کنید که در گزارشتون خطاهای جدید دیده بشه نه قدیمی ، لطفا خروجی نتیجه دستور زیر رو هم ارسال کنید :
dcdiag
این کار رو هم انجام دادم. مشکل اینه که هنوز سرور جدید 2016 (که حالاشده primary) به سرور قبلی 2008 که شده secondary وابسته است و به محض خاموش شدن 2008 کلاینتها نمیتونن از 2016 سرویس بگیرن.
مشکل DNS دارید احتمالا هر دو سرور رو به عنوان DNS به کلاینت ها بدید.