DC2(VM)未同步到 DC1(物理服务器)。在 DC2 上,我得到:
PS C:\> w32tm /query /source
Local CMOS Clock
我必须做什么才能使 DC2 同步到 DC1 作为其时间源?
背景: 我不得不更换 DC1,它是我的操作大师。没有机会优雅地降级 DC1;它只是从域中消失了。当我成功重新创建 DC1 时,DC2 是操作主机。AD DS 正确复制,我将 fsmo 角色转移到新的 DC1 并将 DC1 设置为“0.us.pool.ntp.org”。DC1 返回一个良好的条形图。我再次确认所有 fsmo 角色都设置为 DC1。我已确认 DC2 的 Hyper-V 集成服务未选中时间同步。
我花了一些时间研究这个,但到目前为止还没有找到将 DC2 移出它的 CMOS 时钟的 w32tm 序列/命令。在这一点上,我需要一点帮助或提醒如何做到这一点。
在初始帖子后添加:我确实发现了以下 DC2 dcdiag 错误:
Starting test: Advertising
Warning: VSVR-WBC-DC02 is not advertising as a time server.
......................... VSVR-WBC-DC02 failed test Advertising
A warning event occurred. EventID: 0x00000081
Time Generated: 12/27/2018 14:50:05
Event String:
NtpClient was unable to set a domain peer to use as a time source
because of discovery error. NtpClient will
try again in 15 minutes and double the reattempt interval thereafter.
The error was: The entry is not found. (0x800706E1)
Running enterprise tests on : wbc.local
Starting test: LocatorCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
A Good Time Server could not be located.
......................... wbc.local failed test LocatorCheck
DC1 dcdiag 错误:
Starting test: Advertising
Warning: DsGetDcName returned information for \\vsvr-wbc-dc02.wbc.local,
when we were trying to reach SVR-WBC-DC01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SVR-WBC-DC01 failed test Advertising
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SVR-WBC-DC01\netlogon)
[SVR-WBC-DC01] An net use or LsaPolicy operation failed with error
67, The network name cannot be found..
Starting test: SystemLog
A warning event occurred. EventID: 0x0000002F
Time Generated: 12/27/2018 14:56:32
Event String:
Time Provider NtpClient: No valid response has been received from
manually configured peer 0.us.pool.ntp.org
after 8 attempts to contact it. This peer will be discarded as a
time source and NtpClient will attempt to discover a new peer
with this DNS name. The error was: The peer is unreachable.
Running enterprise tests on : wbc.local
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... wbc.local failed test LocatorCheck
这个答案解决了我的问题,但不一定是对其他人发布的问题的直接答案。我提供这个答案是因为另一个人可能会带着同样的问题来到这里,而事实上,问题有很大不同,正如 Greg Askew 的第一条评论所表明的那样。
对我来说真正的问题是新域控制器上不存在 SYSVOL 和 NETLOGON 共享,我应该尽早检查一下——愚蠢的错误。这可以在 power shell 中看到:
当这些卷不存在时,就会出现更大的问题。就我而言,DCDIAG 报告了广告失败,这太笼统而无法查明问题。
根据此Microsoft 支持页面,我的特定问题已通过强制对 DFSR 复制的 SYSVOL 进行权威同步来解决。
对我来说,过去失败的广告是因为 PDC 时间源无法正常工作而导致的。那次经历使我对这个案例中问题的性质得出了一个结论,但这个结论是不正确的。
如果 PDC 时间源是一个问题,那么这个ServerFault 帖子可能很有价值。
因为我在没有优雅降级的情况下突然删除了我的一个域控制器,所以我还需要清理元数据。尽管我在Active Directory 用户和计算机以及Active Directory 站点和计算机中正确地做到了这一点,但我在DNS中未能做到这一点。我在清理DNS方面的经验是丢失的域控制器存在于整个DNS中,我必须遍历每个子树才能找到对旧控制器的引用,有时只是通过 IP 或其他数字标识,因为旧的域服务器名称有在某些 DNS 条目中丢失。
感谢那些在上面发表评论的人为我指明了正确的方向。