发生了什么:
为了维护目的,我们必须重新启动位于VLAN 1上的一个域控制器(DC)。
我们在3个VLAN上总共有4个DC,所以我们认为这不会影响我们的生产服务器,因为会发生故障切换。
但在重新启动期间,需要对我们的DC进行身份validation并且位于与重新启动的DC相同的VLAN上的服务器上的网站在20分钟内无法从外部(Internet)访问。
我倾向于认为,VLAN 1上的生产服务器上的IIS与域的连接断开,无法使用位于VLAN 2或VLAN 3上的任何其他DC,而在VLAN 1上的DC正在重新引导。
组态:
运行Win Svr 2K8 SP2的第一个DC位于VLAN 1的第二和第三个DC上,两个运行的Win Svr 2003 R2位于VLAN 2第4 DC,运行Win Svr 2K8 SP2,位于VLAN 3受影响的服务器上,所有运行Win Svr 2K8 SP2,IIS 7.0和.Net 4.0是VLAN 1的一部分
在所有4个DC上运行DNS服务域function级别:启用Windows 2000本地networking负载平衡
采取的步骤:
在第一个DC提升的命令提示符下运行REPADMIN / SHOWREPS
命令的输出:
DC = ForestDnsZones,DC = WXYZ,DC = COM
站点名称2 \ DC2通过RPC
DSA object GUID: Last attempt @ 2013-06-19 14:50:45 was successful. Site-Name2\DC3 via RPC DSA object GUID: Last attempt @ 2013-06-19 14:50:45 was successful. Site-Name2\DC2 via RPC DSA object GUID: Last attempt @ 2013-06-19 14:52:19 was successful. 所以复制正在发生。
我已经validation并确认VLAN 1中的所有服务器都具有静态IP地址,在其NIC中configuration了主DNS和备用DNS。 所有服务器都可以ping全部3个DNS服务器。
我跟着KBase“如何validation域控制器的SRVlogging的创build”( http://support.microsoft.com/kb/241515 )我使用了Nslookup并按照3个步骤操作。 输出结果显示,所有4个DC / DNS服务器都已经注册,而且我得到了所有这些服务器:
_ldap._tcp.dc._msdcs.mydomainname SRV服务位置:
priority = 0 weight = 100 port = 389 svr hostname =
问题:
这可能是一个Kerberos的问题? 还是一个故障转移的问题?
我将不胜感激,如果有人可以提供一些故障排除步骤或工具,我可以用来find问题,并解决它。
跟进:
我为每个DC运行了以下命令行:
dcdiag / s:dcname / u:domain \ adminusername / p: / a / v / c *并返回以下结果:
开始testing:Intersite
Doing intersite inbound replication test on site VLAN1: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site VLAN1 is: DC1. Checking for down bridgeheads ... Bridghead VLAN1\DC1 is up and replicating fine. Bridghead VLAN2\DC2 is up and replicating fine. Bridghead VLAN2\DC3 is up and replicating fine. Bridghead VLAN3\DC4 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site VLAN1
开始testing:Intersite
Doing intersite inbound replication test on site VLAN2: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site VLAN2 is: DC2. Checking for down bridgeheads ... Bridghead VLAN1\DC1 is up and replicating fine. Bridghead VLAN2\DC2 is up and replicating fine. Bridghead VLAN2\DC3 is up and replicating fine. Bridghead VLAN3\DC4 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site VLAN2
开始testing:Intersite
Doing intersite inbound replication test on site VLAN2: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site VLAN2 is: DC2. Checking for down bridgeheads ... Bridghead VLAN1\DC1 is up and replicating fine. Bridghead VLAN2\DC2 is up and replicating fine. Bridghead VLAN2\DC3 is up and replicating fine. Bridghead VLAN3\DC4 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site VLAN2.
开始testing:Intersite
Doing intersite inbound replication test on site VLAN3: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site VLAN3 is: DC4. Checking for down bridgeheads ... Bridghead VLAN1\DC1 is up and replicating fine. Bridghead VLAN2\DC2 is up and replicating fine. Bridghead VLAN2\DC3 is up and replicating fine. Bridghead VLAN3\DC4 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site VLAN3.
确认以前的命令行REPADMIN / SHOWREPS 。
这4个DC都在生产,我不能让任何停机时间,因此重新启动DC1导致同样的行为将是我最后的select。
有人有任何疑难解答的build议吗? 使用Wireshark会有用吗?
谢谢你的帮助。