将子 Active Directory 域添加到现有林时出错

我正在同一个林中构建一个包含多个 Active Directory 域的测试环境，但是在尝试将子域添加到林根域时遇到了奇怪的问题。

所有服务器都是运行在 Azure 云平台上的 Windows Server 2012 R2 虚拟机，连接到同一个虚拟网络；它们具有静态保留的 IP 地址，并且可以在没有任何网络问题的情况下相互交谈。

我的域结构是（或至少应该是）如下：

    A0.lab (forest root)            B0.lab
   /  \                            /  \
  A1  A2                          B1  B2
  |                               |
  A3                              B3

因此：

• A0.lab（林根）
• A1.A0.实验室
• A2.A0.实验室
• A3.A1.A0.lab
• B0.lab
• B1.B0.lab
• B2.B0.lab
• B3.B1.B0.lab

我已经成功创建了林根域 (A0.lab)，并且我已经定义了一个 AD 站点及其子网；域运行正常。

接下来，我已将应成为第一个子域 (A1.A0.lab) 的域控制器的服务器配置为使用根 DC 作为其 DNS 服务器，并启动了升级向导；我已经填写了所有参数，包括根域的域管理员的用户帐户和创建 DNS 委托的选项；所有先决条件检查均成功。

当我开始实际的升级过程时，它停在“复制模式目录分区”阶段。“目录服务”事件日志反复填充几个错误：

事件 ID 1963，源 ActiveDirectory_DomainService，任务类别 DS RPC 客户端：

Internal event: The following local directory service received an exception from a
remote procedure call (RPC) connection. Extensive RPC information was requested. This
is intermediate information and might not contain a possible cause. 

Process ID:  
540  

Reported error information:  
Error value:  
Could not find the domain controller for this domain. (1908)  
directory service:  
DCA0.a0.lab  

Extensive error information:  
Error value:  
A security package specific error occurred. 1825  
directory service:  
DCA1  

Additional Data  
Internal ID:  
5000e02

事件 ID 1961，源 ActiveDirectory_DomainService，任务类别 DS RPC 客户端：

Internal event: This log entry is a continuation from the preceding extended error
information entry on the following error and directory service. 

Extended information:  
Error value:  
A security package specific error occurred. (1825)  
directory service:  
DCA1  

Supplemental information:  
Detection location:  
1461  
Generating component:  
RPC Runtime  
Time at directory service:  
2015-03-19 21:44:04  

Additional Data  
Error value:  
A security package specific error occurred. (1825)

事件 ID 2839，源 ActiveDirectory_DomainService，任务类别 DS RPC 客户端：

Internal event: This log entry is a continuation from the preceding extended error
information entry. 

Extended information:  
Extended Error Parameters:  
0  
Parameter 1:  
(NULL)  
Parameter 2:  
(NULL)  
Parameter 3:  
(NULL)  
Parameter 4:  
(NULL)  
Parameter 5:  
%6  
Parameter 6:  
%7  
Parameter 7:  
%8

事件 ID 1962，源 ActiveDirectory_DomainService，任务类别 DS RPC 客户端：

Internal event: The local directory service received an exception from a remote
procedure call (RPC) connection. Extended error information is not available. 

directory service:  
DCA0.a0.lab  

Additional Data  
Error value:  
Could not find the domain controller for this domain. (1908)

事件 ID 1125，源 ActiveDirectory_DomainService，任务类别设置：

The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to
establish connection with the following domain controller. 

Domain controller:
DCA0.a0.lab 

Additional Data  
Error value:  
1908 Could not find the domain controller for this domain.

这些错误一次又一次地重复，但没有进展或失败，推广过程只是停滞不前。

以下是该dcpromo.log文件的内容：

03/19/2015 22:43:35 [INFO] Promotion request for domain controller of new domain
03/19/2015 22:43:35 [INFO] DnsDomainName  a1.a0.lab
03/19/2015 22:43:35 [INFO]  FlatDomainName  A1
03/19/2015 22:43:35 [INFO]  SiteName  Lab
03/19/2015 22:43:35 [INFO]  SystemVolumeRootPath  C:\Windows\SYSVOL
03/19/2015 22:43:35 [INFO]  DsDatabasePath  C:\Windows\NTDS, DsLogPath  C:\Windows\NTDS
03/19/2015 22:43:35 [INFO]  ParentDnsDomainName  a0.lab
03/19/2015 22:43:35 [INFO]  ParentServer  DCA0.a0.lab
03/19/2015 22:43:35 [INFO]  Account A0\AdmA0
03/19/2015 22:43:35 [INFO]  Options  5243072
03/19/2015 22:43:35 [INFO] Validate supplied paths
03/19/2015 22:43:35 [INFO] Validating path C:\Windows\NTDS.
03/19/2015 22:43:35 [INFO]  Path is a directory
03/19/2015 22:43:35 [INFO]  Path is on a fixed disk drive.
03/19/2015 22:43:35 [INFO] Validating path C:\Windows\NTDS.
03/19/2015 22:43:35 [INFO]  Path is a directory
03/19/2015 22:43:35 [INFO]  Path is on a fixed disk drive.
03/19/2015 22:43:35 [INFO] Validating path C:\Windows\SYSVOL.
03/19/2015 22:43:35 [INFO]  Path is on a fixed disk drive.
03/19/2015 22:43:35 [INFO]  Path is on an NTFS volume
03/19/2015 22:43:35 [INFO] Child domain creation -- check the new domain name is child of parent domain name.
03/19/2015 22:43:35 [INFO] Domain Creation -- check that the flat name is unique.
03/19/2015 22:43:40 [INFO] Start the worker task
03/19/2015 22:43:40 [INFO] Request for promotion returning 0
03/19/2015 22:43:42 [INFO] Using supplied domain controller: DCA0.a0.lab
03/19/2015 22:43:42 [INFO] Using supplied site: Lab
03/19/2015 22:43:42 [INFO] Forcing time sync
03/19/2015 22:43:42 [INFO] Forcing a time sync with DCA0.a0.lab
03/19/2015 22:43:42 [INFO] Reading domain policy from the domain controller DCA0.a0.lab
03/19/2015 22:43:42 [INFO] Stopping service NETLOGON
03/19/2015 22:43:42 [INFO] Stopping service NETLOGON
03/19/2015 22:43:42 [INFO] ControlService(STOP) on NETLOGON returned 0(gle=1062)
03/19/2015 22:43:42 [INFO] Exiting service-stop loop after service NETLOGON entered STOPPED state
03/19/2015 22:43:42 [INFO] StopService on NETLOGON returned 0
03/19/2015 22:43:42 [INFO] Configuring service NETLOGON to 1 returned 0
03/19/2015 22:43:42 [INFO] Stopped NETLOGON
03/19/2015 22:43:42 [INFO] Creating the System Volume C:\Windows\SYSVOL
03/19/2015 22:43:42 [INFO] Deleting current sysvol path C:\Windows\SYSVOL 
03/19/2015 22:43:44 [INFO] Preparing for system volume replication using root C:\Windows\SYSVOL
03/19/2015 22:43:44 [INFO] Created the system volume
03/19/2015 22:43:44 [INFO] Copying initial Directory Service database file C:\Windows\system32\ntds.dit to C:\Windows\NTDS\ntds.dit
03/19/2015 22:43:44 [INFO] Installing the Directory Service
03/19/2015 22:43:44 [INFO] Calling NtdsInstall for a1.a0.lab
03/19/2015 22:43:44 [INFO] Starting Active Directory Domain Services installation
03/19/2015 22:43:44 [INFO] Validating user supplied options
03/19/2015 22:43:44 [INFO] Determining a site in which to install
03/19/2015 22:43:44 [INFO] Examining an existing forest...
03/19/2015 22:43:44 [INFO] Configuring the local computer to host Active Directory Domain Services
03/19/2015 22:43:48 [INFO] EVENTLOG (Informational): NTDS General / Service Control : 1094  
Software write caching for the following disk drive has been disabled to prevent possible data loss during system failures such as power outages or hardware component failures that can cause a sudden shutdown of the system. The disk drive that stores Active Directory Domain Services log files is the only drive affected by this change.

Disk drive:  
c:

03/19/2015 22:43:59 [INFO] EVENTLOG (Informational): NTDS Database / Internal Processing : 2013  
Active Directory Domain Services is rebuilding the following number of indices as part of the initialization process.

Number of indices:  
1

Indices:  
LCL_ABVIEW_index00000410 +ATTb590468 

03/19/2015 22:43:59 [INFO] EVENTLOG (Informational): NTDS Database / Internal Processing : 2014  
Active Directory Domain Services successfully completed rebuilding the following number of indices.

Indices:  
1

03/19/2015 22:44:00 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2120  
This Active Directory Domain Services server does not support the Recycle Bin. Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost.  Additionally, attributes of other objects that refer to the object being undeleted may also be lost.

03/19/2015 22:44:00 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2405  
This Active Directory Domain Services server does not support the "Recycle Bin Feature" optional feature.

03/19/2015 22:44:00 [INFO] Replicating the schema directory partition

在此之后，将记录事件日志中报告的相同错误。

我发现这篇文章指出如果管理员帐户在新 DC 和您正在登录的域上具有相同的密码，则可能会发生此错误；我根本没有使用内置管理员帐户，因为这些是 Azure VM，但实际上我在第一次测试期间在所有服务器上使用了相同的用户名和密码，因此我猜这确实可能是导致错误; 但是，我已经重建了所有服务器，并在每个服务器上创建了一个不同的本地管理员帐户（AdmA0、AdmA1、AdmA2...），并使用不同的密码；我还确保在表单中指定父域的凭据A0\AdmA0；但错误再次发生。

发生了什么，我该如何解决？