مشکل در اکتیو دایرکتوری سرور2008

این کپی ارور هست

Log Name: Directory Service

Source: Microsoft-Windows-ActiveDirectory_DomainService

Date: 20151107 02:02:06 ب.ظ

Event ID: 2042

Task Category: Replication

Level: Error

Keywords: Classic

User: ANONYMOUS LOGON

Computer: server.hekmat.edu

Description:

It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object would be recreated in the local Active Directory Domain Services database.

Time of last successful replication:

2009-01-01 01:24:19

Invocation ID of source directory server:

e63f008a-a55d-43a6-a962-aac29821f88d

Name of source directory server:

7e0d4524-e5cb-40b1-bd39-9843cd60f1c7._msdcs.hekmat.edu

Tombstone lifetime (days):

180

The replication operation has failed.

User Action:

The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.

If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin removelingeringobjects &lt;Source DC&gt; &lt;Destination DC DSA GUID&gt; &lt;NC&gt; ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".

If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.

If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:

Registry Key:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner

Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.

Alternate User Action:

Force demote or reinstall the DC(s) that were disconnected.

Event Xml:

<Event xmlns="http://schemas.microsoft.comwin200408events/event">

<System>

<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />

<EventID Qualifiers="49152">2042</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>5</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime="2015-11-07T10:32:06.704589800Z" />

<EventRecordID>1239</EventRecordID>

<Correlation />

<Execution ProcessID="536" ThreadID="1860" />

<Channel>Directory Service</Channel>

<Computer>server.hekmat.edu</Computer>

<Security UserID="S-1-5-7" />

</System>

<EventData>

<Data>2009-01-01 01:24:19</Data>

<Data>e63f008a-a55d-43a6-a962-aac29821f88d</Data>

<Data>7e0d4524-e5cb-40b1-bd39-9843cd60f1c7._msdcs.hekmat.edu</Data>

<Data>180</Data>

<Data>Allow Replication With Divergent and Corrupt Partner</Data>

<Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>

</EventData>

</Event>

سلام

چرا به فکر پاک کردن صورت مسئله هستید؟

پیام های خطا را بررسی کنید و نسبت به رفع آنها اقدام کنید.

1. از پیغام ها تصویری بگذارید.

2. Best Practice Analyzer را اجرا کنید، این ویژگی در رفع مشکلات به شما کمک زیادی خواهد کرد. از این قسمت نیز تصویری قرار دهید.

3. ساعت سرور ها، Replication بین آنها، Dns سرور های خود را چک کنید. اطمینان حاصل کنید که تمامی رکورد ها در Dns سرور شما ایجاد شده اند.

میتونی یه سرور دیگه بالا بیاری و اون به عنوان additional server راه اندازی کنی بعدش اونی که خرابه پاک کن

سلام همایون جان تشکر از جوابی که دادی. اما من additional server در شبکه دارم و سرور اصلی من دچار مشکل شده.

یعنی سرور اصلی رو پاک کنم؟ اونوقت دومین اصلی مشکل دار نمیشه؟؟ یعنی دوتا additional server داشته باشم و سرور رو پاک کنم؟

با سلام

ضمن تشکر از جناب همایون بایستی یک مورد را یادآور بشم و اون هم این هستش که در شبکه های دومینی اولین Domain Controller همه رولهای پنجگانه FSMO را در اختیار دارد و Additional Server هیچکدام از اینها را ندارد و بنابراین در این سناریو اگر شما یک Additional Server دیگر راه اندازی کنید با این حساب شما DC از نوع Primary یا اصلی ندارید که FSMOها را داشته باشد و عملا امکانپذیر نمی باشد چون Additional DC ابتدا بایستی به یک join، Primary DC شود. پس قاعدتا یک PDC بجای DC خراب ایجاد کرد و FSMOها را درآن Seize کرد. از اساتید گرامی خواهش می کنم نسبت به ارایه نظر در این مورد دریغ نکنند. ضمن آنکه مشاهده لینک زیر خالی از لطف نیست.

• FSMO چیست؟ معرفی Operation Master Roles و نحوه انتقال آنها