问题[windows-server-2003](server)

在一堆服务器中，我安装了Windows 2003服务器，域控制器，企业CA，无法启动CA服务，因为“在验证当前系统时钟或签名文件中的时间戳时，所需的证书不在其有效期内”。从控制台备份 CA 和检查颁发的证书不起作用。

我安装了 Windows 2012R2 服务器、域控制器、独立 CA。CA 服务正在运行，我可以看到“颁发的证书”下没有证书。

可能（不幸的是，我不能确定）没有人使用过这些 CA。我在这里认识的没有人具备使用 Enterprise CA 的技能（和需求），包括我在内。

我可以在域成员中看到来自这些 CA 的证书放在“受信任的根证书颁发机构/证书”中，但它们都已过期，除了一个：certroot。

我们的目标是：

• 摆脱 Windows 2003 Enterprise CA 和 DC
• 摆脱 Windows 2012 Standalone CA（现在是可选的，将来是强制性的）
• 避免因 CA 移除而导致的任何类型的服务中断

问题是：

• 即使服务没有启动，是否可以从这个旧的 2003 中删除 Enterprise CA？
• 在生产环境中删除 Enterprise CA 是否安全？
• 删除是否对客户端操作（如登录、网络资源访问（如网络共享）等）有任何影响？

非常欢迎任何建议和/或建议。提前致谢

我们的企业中有许多服务器在 Windows Server (2003 - 2016) 上安装了 DNS 角色。我最近注意到我们所有服务器之间的 DNS 信息是一致的，这听起来不错，但我只看到在区域设置中启用区域传输时才会发生这种情况。我们的任何服务器都没有启用区域传输，但是当每台服务器发生更改时，数据仍会复制到每台服务器。为什么是这样？

我相信我在论坛帖子上看到，如果服务器也是 DC，DNS 信息是 AD 的一部分，并且将以这种方式共享，但我不是 100% 相信这是真的。谢谢！

所以我想降级我们良好的旧 Windows 2003 R2 DC，它是我们系统中的 2 个 DC 之一。我已经列出了成功降级控制器所需的所有步骤（imo）。在我开始之前，我想知道，我如何备份 DC？如果在这个过程中出现任何问题。在降级过程之前 - 期间和之后通常认为什么是好的做法？我很感激你的建议:)

我正在尝试将 DC 从 Windows Server 2003 SBS 迁移到 Windows Server 2016。当我尝试将 Server 2016 提升为域控制器时，问题就开始了。我在“先决条件检查”步骤中收到以下错误消息：

Verification of outbound replication failed. Error reading the NTDS settings on replication source domain controller server.mydomain.local. Domain controller data not found for the specified Active Directory domain controller

在森林中，那里有一个空的子域和一个有故障的辅助 DC（安装它的计算机很久以前就丢失了）。我已经在 的帮助下清理了这些东西，ntdsutil但无济于事。虽然dcdiag现在几乎是干净的：

    Command Line: "dcdiag.exe /v /c /d /e"

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine SERVER, is a DC. 
   * Connecting to directory service on server SERVER.
   SERVER.currentTime = 20201022103523.0Z
   SERVER.highestCommittedUSN = 12822731
   SERVER.isSynchronized = 1
   SERVER.isGlobalCatalogReady = 1
   * Collecting site info.
   * Identifying all servers.
   SERVER.currentTime = 20201022103523.0Z
   SERVER.highestCommittedUSN = 12822731
   SERVER.isSynchronized = 1
   SERVER.isGlobalCatalogReady = 1
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.


===============================================Printing out pDsInfo

GLOBAL:
    ulNumServers=1
    pszRootDomain=mcad.local
    pszNC=
    pszRootDomainFQDN=DC=mcad,DC=local
    pszConfigNc=CN=Configuration,DC=mcad,DC=local
    pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mcad,DC=local
    iSiteOptions=0
    dwTombstoneLifeTimeDays=60

    dwForestBehaviorVersion=2

    HomeServer=0, SERVER

    SERVER: pServer[0].pszName=SERVER
        pServer[0].pszGuidDNSName=12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
        pServer[0].pszDNSName=SERVER.mcad.local
        pServer[0].pszDn=CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        pServer[0].pszComputerAccountDn=CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local
        pServer[0].uuidObjectGuid=12a36ed6-9156-4bb8-9d8a-f523bd78ff47
        pServer[0].uuidInvocationId=46209efa-f56d-4587-b190-36daf538829a
        pServer[0].iSite=0 (Default-First-Site-Name)
        pServer[0].iOptions=1
        pServer[0].ftLocalAcquireTime=0c27e930 01d6a85f 

        pServer[0].ftRemoteConnectTime=0bf56780 01d6a85f 

        pServer[0].ppszMasterNCs:
            ppszMasterNCs[0]=DC=ForestDnsZones,DC=mcad,DC=local
            ppszMasterNCs[1]=DC=DomainDnsZones,DC=mcad,DC=local
            ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=mcad,DC=local
            ppszMasterNCs[3]=CN=Configuration,DC=mcad,DC=local
            ppszMasterNCs[4]=DC=mcad,DC=local

    SITES:  pSites[0].pszName=Default-First-Site-Name
        pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        pSites[0].pszISTG=CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        pSites[0].iSiteOption=0

        pSites[0].cServers=1

    NC:     pNCs[0].pszName=ForestDnsZones
        pNCs[0].pszDn=DC=ForestDnsZones,DC=mcad,DC=local

            pNCs[0].aCrInfo[0].dwFlags=0x00000201
            pNCs[0].aCrInfo[0].pszDn=CN=053f2400-35fe-4529-a535-d8d649587484,CN=Partitions,CN=Configuration,DC=mcad,DC=local
            pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.mcad.local
            pNCs[0].aCrInfo[0].iSourceServer=0
            pNCs[0].aCrInfo[0].pszSourceServer=(null)
            pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[0].aCrInfo[0].bEnabled=TRUE
            pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[0].aCrInfo[0].pszNetBiosName=(null)
            pNCs[0].aCrInfo[0].cReplicas=-1
            pNCs[0].aCrInfo[0].aszReplicas=


    NC:     pNCs[1].pszName=DomainDnsZones
        pNCs[1].pszDn=DC=DomainDnsZones,DC=mcad,DC=local

            pNCs[1].aCrInfo[0].dwFlags=0x00000201
            pNCs[1].aCrInfo[0].pszDn=CN=fc0257f3-c228-4082-8647-08354ec0dd25,CN=Partitions,CN=Configuration,DC=mcad,DC=local
            pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.mcad.local
            pNCs[1].aCrInfo[0].iSourceServer=0
            pNCs[1].aCrInfo[0].pszSourceServer=(null)
            pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[1].aCrInfo[0].bEnabled=TRUE
            pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[1].aCrInfo[0].pszNetBiosName=(null)
            pNCs[1].aCrInfo[0].cReplicas=-1
            pNCs[1].aCrInfo[0].aszReplicas=


    NC:     pNCs[2].pszName=Schema
        pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=mcad,DC=local

            pNCs[2].aCrInfo[0].dwFlags=0x00000201
            pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=mcad,DC=local
            pNCs[2].aCrInfo[0].pszDnsRoot=mcad.local
            pNCs[2].aCrInfo[0].iSourceServer=0
            pNCs[2].aCrInfo[0].pszSourceServer=(null)
            pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[2].aCrInfo[0].bEnabled=TRUE
            pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[2].aCrInfo[0].pszNetBiosName=(null)
            pNCs[2].aCrInfo[0].cReplicas=-1
            pNCs[2].aCrInfo[0].aszReplicas=


    NC:     pNCs[3].pszName=Configuration
        pNCs[3].pszDn=CN=Configuration,DC=mcad,DC=local

            pNCs[3].aCrInfo[0].dwFlags=0x00000201
            pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=mcad,DC=local
            pNCs[3].aCrInfo[0].pszDnsRoot=mcad.local
            pNCs[3].aCrInfo[0].iSourceServer=0
            pNCs[3].aCrInfo[0].pszSourceServer=(null)
            pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[3].aCrInfo[0].bEnabled=TRUE
            pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[3].aCrInfo[0].pszNetBiosName=(null)
            pNCs[3].aCrInfo[0].cReplicas=-1
            pNCs[3].aCrInfo[0].aszReplicas=


    NC:     pNCs[4].pszName=mcad
        pNCs[4].pszDn=DC=mcad,DC=local

            pNCs[4].aCrInfo[0].dwFlags=0x00000201
            pNCs[4].aCrInfo[0].pszDn=CN=MCAD,CN=Partitions,CN=Configuration,DC=mcad,DC=local
            pNCs[4].aCrInfo[0].pszDnsRoot=mcad.local
            pNCs[4].aCrInfo[0].iSourceServer=0
            pNCs[4].aCrInfo[0].pszSourceServer=(null)
            pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
            pNCs[4].aCrInfo[0].bEnabled=TRUE
            pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[4].aCrInfo[0].pszNetBiosName=(null)
            pNCs[4].aCrInfo[0].cReplicas=-1
            pNCs[4].aCrInfo[0].aszReplicas=


    5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, mcad, 
    1 TARGETS: SERVER, 

=============================================Done Printing pDsInfo

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Failure Analysis: SERVER ... OK.
         * Active Directory RPC Services Check
         ......................... SERVER passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SERVER
      Starting test: Replications
         * Replications Check
         DC=ForestDnsZones,DC=mcad,DC=local has 10 cursors.
         DC=DomainDnsZones,DC=mcad,DC=local has 9 cursors.
         CN=Schema,CN=Configuration,DC=mcad,DC=local has 10 cursors.
         CN=Configuration,DC=mcad,DC=local has 10 cursors.
         DC=mcad,DC=local has 9 cursors.
         * Replication Latency Check
            DC=ForestDnsZones,DC=mcad,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=mcad,DC=local
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=mcad,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=mcad,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=mcad,DC=local
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SERVER passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERVER passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=mcad,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERVER passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SERVER.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=mcad,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=mcad,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=mcad,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=mcad,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=mcad,DC=local
            (Domain,Version 2)
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SERVER\netlogon
         Verified share \\SERVER\sysvol
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         The DC SERVER is advertising itself as a DC and having a DS.
         The DC SERVER is advertising as an LDAP server
         The DC SERVER is advertising as having a writeable directory
         The DC SERVER is advertising as a Key Distribution Center
         The DC SERVER is advertising as a time server
         The DS SERVER is advertising as a GC.
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ridManagerReference = CN=RID Manager$,CN=System,DC=mcad,DC=local
         * Available RID Pool for the Domain is 8109 to 1073741823
         fSMORoleOwner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
         * SERVER.mcad.local is the RID Master
         * DsBind with RID Master was successful
         rIDSetReferences = CN=RID Set,CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local
         * rIDAllocationPool is 7609 to 8108
         * rIDPreviousAllocationPool is 5109 to 5608
         * rIDNextRID: 5461
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SERVER on DC SERVER.
         * SPN found :LDAP/SERVER.mcad.local/mcad.local
         * SPN found :LDAP/SERVER.mcad.local
         * SPN found :LDAP/SERVER
         * SPN found :LDAP/SERVER.mcad.local/MCAD
         * SPN found :LDAP/12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/12a36ed6-9156-4bb8-9d8a-f523bd78ff47/mcad.local
         * SPN found :HOST/SERVER.mcad.local/mcad.local
         * SPN found :HOST/SERVER.mcad.local
         * SPN found :HOST/SERVER
         * SPN found :HOST/SERVER.mcad.local/MCAD
         * SPN found :GC/SERVER.mcad.local/mcad.local
         ......................... SERVER passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERVER passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SERVER passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SERVER is in domain DC=mcad,DC=local
         Checking for CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local in domain DC=mcad,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local in domain CN=Configuration,DC=mcad,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... SERVER passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... SERVER passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... SERVER passed test systemlog
      Starting test: VerifyReplicas
         ......................... SERVER passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local and backlink on

         CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local

         are correct. 
         The system object reference (frsComputerReferenceBL)

         CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mcad,DC=local

         and backlink on CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local are

         correct. 
         The system object reference (serverReferenceBL)

         CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mcad,DC=local

         and backlink on

         CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local

         are correct. 
         ......................... SERVER passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SERVER passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC SERVER for domain mcad.local in site Default-First-Site-Name
         Checking machine account for DC SERVER on DC SERVER.
         * SPN found :LDAP/SERVER.mcad.local/mcad.local
         * SPN found :LDAP/SERVER.mcad.local
         * SPN found :LDAP/SERVER
         * SPN found :LDAP/SERVER.mcad.local/MCAD
         * SPN found :LDAP/12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/12a36ed6-9156-4bb8-9d8a-f523bd78ff47/mcad.local
         * SPN found :HOST/SERVER.mcad.local/mcad.local
         * SPN found :HOST/SERVER.mcad.local
         * SPN found :HOST/SERVER
         * SPN found :HOST/SERVER.mcad.local/MCAD
         * SPN found :GC/SERVER.mcad.local/mcad.local
         [SERVER] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SERVER passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : mcad
      Starting test: CrossRefValidation
         ......................... mcad passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mcad passed test CheckSDRefDom
   
   Running enterprise tests on : mcad.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... mcad.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\SERVER.mcad.local
         Locator Flags: 0xe00001fd
         PDC Name: \\SERVER.mcad.local
         Locator Flags: 0xe00001fd
         Time Server Name: \\SERVER.mcad.local
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\SERVER.mcad.local
         Locator Flags: 0xe00001fd
         KDC Name: \\SERVER.mcad.local
         Locator Flags: 0xe00001fd
         ......................... mcad.local passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: SERVER.mcad.local
            Domain: mcad.local

                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000010] Realtek RTL8139/810x Family Fast Ethernet NIC:
                     MAC address is 00:0E:0C:3E:56:EB
                     IP address is static
                     IP address: 192.168.1.1
                     DNS servers:
                        127.0.0.1 (server.mcad.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     195.162.32.5 (<name unavailable>) [Valid] 
                     217.25.208.6 (<name unavailable>) [Valid] 
                     217.25.209.2 (<name unavailable>) [Valid] 
                     77.88.8.1 (<name unavailable>) [Valid] 
                     77.88.8.8 (<name unavailable>) [Valid] 
                     8.8.8.8 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  Delegation information for the zone: mcad.local.
                     Delegated domain name: _msdcs.mcad.local.
                        DNS server: server.mcad.local. IP:192.168.1.1 [Valid] 
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone mcad.local.
                  Test record _dcdiag_test_record added successfully in zone mcad.local.
                  Test record _dcdiag_test_record deleted successfully in zone mcad.local.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000010] Realtek RTL8139/810x Family Fast Ethernet NIC:
                     Matching A record found at DNS server 192.168.1.1:
                     SERVER.mcad.local

                     Matching CNAME record found at DNS server 192.168.1.1:
                     12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local

                     Matching DC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.dc._msdcs.mcad.local

                     Matching GC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.gc._msdcs.mcad.local

                     Matching PDC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.pdc._msdcs.mcad.local

               Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.
               Total WMI connection time:4 min. 11 sec. Total Netuse connection time:0 min. 0 sec.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.1 (server.mcad.local.)
               All tests passed on this DNS server
               This is a valid DNS server 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               Delegation to the domain _msdcs.mcad.local. is operational
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec.
               
            DNS server: 195.162.32.5 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
               
            DNS server: 217.25.208.6 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 42 sec.
               
            DNS server: 217.25.209.2 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 42 sec.
               
            DNS server: 77.88.8.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
               
            DNS server: 77.88.8.8 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
               
            DNS server: 8.8.8.8 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server 
               Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: mcad.local
               SERVER                       PASS PASS PASS PASS PASS PASS n/a  
         
         Total Time taken to test all the DCs:4 min. 12 sec.
         ......................... mcad.local passed test DNS

除了具有复制测试的部分：

      Starting test: Replications
         * Replications Check
         DC=ForestDnsZones,DC=mcad,DC=local has 10 cursors.
         DC=DomainDnsZones,DC=mcad,DC=local has 9 cursors.
         CN=Schema,CN=Configuration,DC=mcad,DC=local has 10 cursors.
         CN=Configuration,DC=mcad,DC=local has 10 cursors.
         DC=mcad,DC=local has 9 cursors.
         * Replication Latency Check
            DC=ForestDnsZones,DC=mcad,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SERVER passed test Replications

但我不知道如何解释这些结果以及这些是否是错误。欢迎任何帮助！

我有一个新服务器（Windows Server 2019），我正在尝试将其添加到旧的 NLB 集群（它设置在以前不包含任何比 Windows Server 2003 更新的服务器的服务器上）

在集群现有成员的 NLB 管理器中，我可以加载集群。如果我尝试添加新机器，它会尝试一段时间，然后给出三个日志条目，一个用于新机器的每个 NIC...

无法读取接口“{long guid}”的配置：错误 0x8004100a

（每个网卡一个）

我已经尝试从新服务器上解决这个问题 - 我可以加载集群，我可以将此服务器添加到集群中，但是一旦我这样做了，NLB 管理器就无法从其他主机加载配置。特别是我最后一次尝试它时，我得到host is misconfigured了其他主机之一的错误（这是一个主机多年来一直在集群中没有问题）。

如果我从集群中删除新主机并刷新集群，它会毫无问题地加载其他主机。

我已经对新服务器中的网络设置进行了四次检查，但找不到任何冲突。

所有服务器都没有加入域，但这从来都不是问题（只要它们都具有相同的用户名\密码，或者在添加到 NLB 时指定了本地帐户的用户名\密码）

我当然尝试过用谷歌搜索这些错误，但运气不佳。

编辑：我现在尝试通过手动输入集群的 IP 地址作为新服务器中的额外 IP 来手动“加入”集群，然后单击网络属性屏幕中的“网络负载平衡”复选框。这似乎可行，但如果我在其他服务器之一上打开 NLB 管理器，它会显示此主机无法访问，并且我无法 ping 它。

一旦我撤消了这些手动更改，我就可以从其他服务器之一很好地 ping 服务器。

似乎尝试加入集群会使服务器无法被其他服务器检测到。

将这个 Windows 2003 Server 框重新加入域后，所有 20 多个计划任务作业都无法启动。

尝试检索任务帐户信息时发生错误。您可以继续编辑任务对象，但无法更改任务帐户信息。

具体错误是：

任务计划程序错误 0x8007000d：数据无效。

也不可能更改运行各个计划任务作业的帐户名称。

我已尝试删除所有作业，关闭计划任务窗口，并按照MS KB822904b42*中的建议删除所有文件。

如何在不重新创建所有 20 多个工作的情况下修复此错误？

我们有一个旧产品在 Win2003 服务器上运行。它调用第三方服务以允许用户进行安全付款。我们已获悉第三方将切换到 TLS 1.2。Windows Server 2003 不支持 TLS 1.2。由于超出此问题范围的原因，我们无法轻松地将代码移动到新服务器，并且我们不愿冒险将操作系统升级到生产机器。我正在寻找最简单的解决方案，以便在我们努力将该产品迁移到云端时为我们争取一些时间。我正在玩弄以下想法。

1. 使用某种代理在 TLS 1.0 和 1.2 之间架起桥梁（如果可能，我不知道如何处理这个问题。）
2. 创建一个路由请求/响应的服务，并修改服务器中的主机文件以定向到新端点。

我无法想象我是第一个处理这个问题的人——而且我很想不重新发明轮子。我有足够的经验，有人给我一个带有一些关键词的通用方法，我可以完成其余的工作。

问题：什么方法可以允许在 Windows 2003 服务器上运行的代码在升级到 TLS 1.2 后继续调用现有端点？

我的一位客户在他们的本地有 TFS 机器。现在他们正计划在云中配置一台机器——可能是 Azure。因此，他们已经拥有一个现有的 Office365 商业帐户，并在其中配置了电子邮件和用户帐户。他们希望将这些帐户与 TFS 集成，这意味着他们需要能够使用现有的 office 365 帐户登录到此 TFS 门户。

由于 office365 已经在 Azure AD 上运行，是否可以将 TFS 与 Azure AD 集成？微软博客说你需要有 VSTS 才能启用这种集成，但如果有人能指出我正确的方向，那就太好了。

在 IIS6 中，您可以进入 IIS 管理器并将文件的属性设置为永久重定向，还有其他选项卡可以设置安全性、标题等。请参见下面的屏幕截图。

IIS 管理器文件属性

有没有类似的方法可以做到这一点，但是从命令行我可以一次对一千个文件执行此操作？

背景：我们正在从这个遗留系统迁移内容，但有几个外部系统直接链接到它。这些链接将在一段时间后过期，但更新这些外部系统将是一项更大的任务，而不是仅仅将文件一个文件地重定向到新系统（如果需要，甚至可以手动）。

重要更新：我尝试使用我拥有的最旧的 VM，大小为 275GB。一旦我将其调整为 500GB 以腾出更多空间（它需要它），它现在就会显示“加载操作系统时出错”。什么可能导致这种情况？我可以缩回去吗？

- 原来的 -

由于我们需要运行旧版软件（VMware ESXi、6.5.0、4564106），我们在 VM 中运行 Windows 2003 Server Standard。最近，服务器崩溃（ESXi 紫屏），从那以后机器不再启动。

为了解决这个问题，我们恢复了前一天的备份，但奇怪的是，问题并没有消失。即使我们回去几天，它仍然无法启动。

详细问题如下：首先，我在启动时收到“加载操作系统时出错”。我可以通过使用 CD ISO 启动并执行fixboot,fixmbr和bootcfg /rebuild. 但我无法让它正常启动。我尝试了以下方法：

• 将 vsphere 中的磁盘控制器从 SCSI 更改为 IDE，重做三位一体 ( fixboot, fixmbr, bootcfg /rebuild)
• 我用debian live查看了数据，一切都在那里。autoexec.bat并且config.sys是空的（0 字节），boot.ini 是可以的。
• 我们尝试在第二个磁盘上安装 Debian，尝试使用 GRUB 启动，同样的事情（黑屏，白色光标，不闪烁）
• 我们使用 VM 版本 10 (6.0) 尝试了更多 RAM、更少 RAM、更少 CPU、更多 CPU，但没有成功
• 在另一台主机上运行
• 运行 Windows Server 2003 还原（覆盖多个系统文件），结果相同
• 跑步chkdsk /P /R

我不知道还有什么可以尝试的。我最近将 VHD 从 250GB 扩展到 500GB（并在 compmgmt.msc 中将分区大小调整为 500GB），这是我对它所做的唯一事情。在我们转换它并在 vsphere 上运行之前，VHD 曾经在 vmware Player 中运行。

有任何想法吗？