域控制器之间复制故障实例分析| 错误代码1722| RPC服务器不可用|
公司有2台服务器
1. BICSVR08R2H 附加域控制器 192.168.1.16
2. DC_BIC08R2 主域控制器 192.168.1.219
这2台域控制器在复制时出现了如下现象:
主域控制器DC_BIC08R2从附加域控制器BICSVR08R2H复制 OK
附加域控制器BICSVR08R2H从主域控制器DC_BIC08R2复制 X
如下图所示:
为了解决这个问题对照了微软在官网上给出的参考文档、但最终貌似并
不能解决我所面临的问题。
在此之前做了一系列的尝试、比如(DNS检查/重做;重启netlogon;甚至
连附加域控器都推倒重来了如此种种)。
在几乎陷入了绝望的时候、我决定把这件事先放到一边,晚上好好睡一
觉。或许第二天醒来头脑清醒一下有了灵感也不一定。
第二天早晨上班时我把之前在服务器上所做的所有操作慢慢的在脑海中
回放了一遍(前一段时间勒索病毒肆掠一口气把135 137 139 445等端口
全部封掉了)时间在这里停顿了几秒、似乎隐隐看到了一道亮光。我记
得后来某种原因重新解封了137 139 445端口、便唯独135没有。
再次尝试:
步骤1
执行TELNET命令
telnet 192.168.1.16 135 X
telnet 192.168.1.219 135 OK
步骤2
netstat -an | more 检查端口是否处于监听状态。
步骤3
检查 IP security policies on local computer
问题就在这儿了,这次我直接把 Deny_135_137_139_445 设为不指派(
以前只是从中删除了 137 139 445)、然后在Active Directory 站点
和服务 中再次进行测试。
如下图所示(至此故障已解决):
总结:
因为使用IP security policies on local computer 时禁用了域控制器之间复制时所需要
用到端口从而导致复制时的故障。
关于135/以下来源于百度
135端口就是用于远程的打开对方的telnet服务 ,用于启动与远程计算机的 RPC 连接,很容
易就可以就侵入电脑。大名鼎鼎的“冲击波”就是利用135端口侵入的。 135的作用就是进行
远程,可以在被远程的电脑中写入恶意代码,危险极大。
135端口主要用于使用RPC(Remote Procedure Call,远程过程调用)协议并提供DCOM(分
布式组件对象模型)服务。
附上/出现故障时的dcdiag诊断的部份内容
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc_bic08r2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC_BIC08R2
Starting test: Connectivity
......................... DC_BIC08R2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC_BIC08R2
Starting test: Advertising
......................... DC_BIC08R2 passed test Advertising
Starting test: FrsEvent
......................... DC_BIC08R2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC_BIC08R2 failed test DFSREvent
Starting test: SysVolCheck
......................... DC_BIC08R2 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000082C
Time Generated: 11/07/2017 18:15:37
Event String:
A warning event occurred. EventID: 0x80000828
Time Generated: 11/07/2017 18:18:20
Event String:
Active Directory DNS IP ,Active Directory NetBIOS
......................... DC_BIC08R2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC_BIC08R2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC_BIC08R2 passed test MachineAccount
Starting test: NCSecDesc
......................... DC_BIC08R2 passed test NCSecDesc
Starting test: NetLogons
......................... DC_BIC08R2 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC_BIC08R2 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DC_BIC08R2] A recent replication attempt failed:
From BICSVR08R2HR to DC_BIC08R2
Naming Context: DC=ForestDnsZones,DC=burnet,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2017-11-07 18:17:13.
The last success occurred at 2017-11-07 17:55:58.
1 failures have occurred since the last success.
[BICSVR08R2HR] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
The source remains down. Please check the machine.
[Replications Check,DC_BIC08R2] A recent replication attempt failed:
From BICSVR08R2HR to DC_BIC08R2
Naming Context: DC=DomainDnsZones,DC=burnet,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2017-11-07 18:17:56.
The last success occurred at 2017-11-07 18:05:12.
2 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DC_BIC08R2] A recent replication attempt failed:
From BICSVR08R2HR to DC_BIC08R2
Naming Context: CN=Schema,CN=Configuration,DC=burnet,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2017-11-07 18:16:10.
The last success occurred at 2017-11-07 17:55:58.
1 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DC_BIC08R2] A recent replication attempt failed:
From BICSVR08R2HR to DC_BIC08R2
Naming Context: CN=Configuration,DC=burnet,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2017-11-07 18:15:49.
The last success occurred at 2017-11-07 18:01:52.
1 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DC_BIC08R2] A recent replication attempt failed:
From BICSVR08R2HR to DC_BIC08R2
Naming Context: DC=burnet,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2017-11-07 18:24:03.
The last success occurred at 2017-11-07 18:10:31.
7 failures have occurred since the last success.
The source remains down. Please check the machine.
......................... DC_BIC08R2 failed test Replications