Windows 2012 下如何强制同步 AD SYSVOL

豆子昨天晚上临下班前遇见一个问题,一个分公司的员工无法更新组策略,查看域控发现了以下报错:

Event ID 2213


The DFS Replication service stopped replication on volume E:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.


Additional Information:

Volume: E:

GUID: C2B76452-2993-11E3-93F5-00155D801816


Recovery Steps

1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.

2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="C2B76452-2993-11E3-93F5-00155D801816" call ResumeReplication


这个问题我曾经遇见过,无非就是dirty shutdown造成的不同步罢了http://blogs.technet.com/b/filecab/archive/2012/07/23/understanding-dfsr-dirty-unexpected-shutdown-recovery.aspx),按照指示2直接运行这个wmic命令就能修复。不过这次,运气没那么好了,老革命遇见了新问题,运行完指令之后,同步仍然不工作,而且出现了一个新的报错。


Event ID 4012


The DFS Replication service stopped replication on the folder with the following local path: E:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 62 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected.


To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.


Additional Information:

Error: 9061 (The replicated folder has been offline for too long.)

Replicated Folder Name: SYSVOL Share

Replicated Folder ID: F913D21E-E002-4CB2-B259-449DE3A755F2

Replication Group Name: Domain System Volume

Replication Group ID: DFF93A1B-EA01-4DCB-8424-A93523BF5950


经过网上研究搜索,可以用以下方式解决:


1.首先在DFS managment里面查看replication 的设置


wKiom1MqLUOSKJePAACpUd7zF-o844.png


可以通过右击 domain system volume进行健康诊断报告

wKioL1MqLR2C3o3DAABWkFEfHkM482.png


如果是正常的DC,最后的报告状态最后会显示 Normal,如果有问题的话,会显示 Failed


wKiom1MqLinjsgL5AAA0Et8YN9M026.png


2. 对于报错的DC,怎么处理呢?首先那个Event Viewer里面的解决方案是行不通的,因为 DFS management根本就不会允许你从同步组里面删除DC或者添加DC。我们需要通过更改DC的属性来Disable 和 Enable 对应的DC。具体方法可以参考

http://support.microsoft.com/kb/2218556


简单的说,在出问题的DC上,打开ADSIEDIT.MSC, 找到对应的域控,然后msDFSR-Enable 的属性改成False,然后AD site and services上手动同步一下


wKioL1MqM13ADnC1AADOKYy5ypI596.png



wKiom1MqNKGj2I3aAABMp29vhww965.png


然后点开之前打开的DFS Mangement -> Replication, 注意观察membership status的变化,同步之后该状态会变成 Disable

wKioL1MqNHuQYYmQAACE2DPaAYo195.png


3. 然后在第二步里面的msDFSR-Enable 的属性重新改为True,然后AD site and service重新replicate一遍,观察DFS managment里面的状态变化。(之前disable的状态会变成enable)


4.最后去看看DC的日志。该DC会重新自动同步。


wKiom1MqNdajrsIwAACxX939WZQ509.png


通过这种Enable状态的更改,可以在windows 2012 下强制AD DC同步。


你可能感兴趣的:(windows,2012,ad,SYSVOL)