Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • DFSR Authoritative

    Încărcat de

    rubenarnaiz
    103 vizualizări5 pagini

    Titlu original

    DFSR AUTHORITATIVE.docx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    103 vizualizări5 pagini

    DFSR Authoritative

    Încărcat de

    rubenarnaiz

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    http://www.nomizo.

    fr/2013/08/windows-server-2012-
    issues-with-active_16.html

    [
    Windows Server 2012] Issues with Active Directory in
    a Lab environment - Part 3

    Active Directory is a great feature in Windows Server. However, imagine that you stop your lab
    environment for several days, weeks and perhaps months. You will certainly encounter some
    troubles when you'll try to turn on again your DCs.
    In that series, I will share my own experience and show how to solve that troubles.

    1. The DNS is waiting for Active Directory - KB 2001093


    2. DFSR JET database is not shut down cleanly
    3. This server has been disconnected from other partners for 60 days
    4. The DFS Replication service failed to register the WMI providers

    3. This server has been disconnected from other partners for 60 days
    Symptoms
    You note that replication of the SYSVOL folder between your DCs doesn't work: For example, if
    you add manually a file in that folder, that file is not replicated on the other DC. That problem can
    also create some troubles on computers if they can't download the right version of their GPO.
    Of course, all DCs are online and can be joined normally.

    In Event logs,you find the Event ID 4012 with the following description:
    The DFS Replication service stopped replication on the folder with the following local path:
    C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 60
    days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60).
    DFS Replication considers the data in this folder to be stale, and this server will not replicate the
    folder until this error is corrected.
    Error: 9061 (The replicated folder has been offline for too long.)
    Replicated Folder Name: SYSVOL Share

    Cause and Resolution

    In the rest of the description you get the following resolution proposal:
    To resume replication of this folder, use the DFS Management snap-in to remove this server from
    the replication group, and then add it back to the group. This causes the server to perform an
    initial synchronization task, which replaces the stale data with fresh data from other members of
    the replication group.

    However, even if you add the DFS Management snap-in on your DCs (not installed by default),
    you can't accomplish the actions. Indeed, the SYSVOL replication group settings are protected
    and provided in read-only mode.

    To solve that issue, you need to perform an authoritative synchronization of DFSR-


    replicated SYSVOL:
    That operation is described for Windows Server 2008 R2 in KB 2218556 How to force an
    authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2"
    for FRS):
    For each DC:
    - In ADSIEDIT console, open the CN=SYSVOL Subscription,CN=Domain System
    Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain
    Controllers,DC=<domain> object

    - Modify the following attribute:


    msDFSR-Enabled=FALSE

    - For the domain controller you want to make authoritative (preferably the PDC Emulator, which
    is usually the most up to date for SYSVOL contents) ONLY, modify also the following attribute:
    msDFSR-options=1
    - Force Active Directory replication throughout the domain and validate its success on all DCs
    (open ADSIEDIT and check attributes values)

    - Restart the DFSR service of the DC set as authoritative.


    You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being
    replicated

    - Open the CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-


    LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> object of the
    DC you set as authoritative
    - Modify the following attribute:
    msDFSR-Enabled=TRUE
    - Force Active Directory replication throughout the domain and validate its success on all DCs

    - On the DC you set as authoritative, type the command line DFSRDIAG POLLAD

    Note: Microsoft indicates that on Windows Server 2008 R2 you will see Event ID 4602 in the
    DFSR event log indicating SYSVOL has been initialized. On a Windows Server 2012, I never saw
    Event ID 4602 but Event ID 46014:
    The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and
    is waiting to perform initial replication...
    Perform the previous commands on all the other DCs:
    - Restart the DFSR service. You will see Event ID 4114 in the DFSR event log.
    - Open the CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-
    LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> object
    - Modify the following attribute:
    msDFSR-Enabled=TRUE
    - Type the command line DFSRDIAG POLLAD

    To monitor the replication queue, you can use the following command line:
    Dfsrdiag backlog /sendingMember:DC2012 /RGName:"Domain System Volume"
    /RFName:"SYSVOL Share"

    To ensure SYSVOL replication works correctly, just create a file in the SYSVOL folder and ensure
    that file is replicated on all the other DCs.

    S-ar putea să vă placă și