将子Active Directory域添加到现有林时出错

我在同一个林中构build了一个包含多个Active Directory域的testing环境，但在尝试将子域添加到林根域时出现了一些奇怪的问题。

所有服务器都是在Azure云平台上运行的Windows Server 2012 R2虚拟机，连接到同一个虚拟networking; 他们有静态保留的IP地址，他们可以互相交谈，没有任何networking问题。

我的域名结构是（或至less应该是）如下：

A0.lab (forest root) B0.lab / \ / \ A1 A2 B1 B2 | | A3 A3 

从而：

• 在ActiveDirectory中caching凭据并设置计算机
• 用于SQL Server身份validation的IIS7.5域帐户应用程序池标识
• 使用AD作为通用目录
• 如何使用GPO从本地pipe理员权限中删除我的用户？
• 如何防止terminal服务器用户在自动更新后重新启动服务器？

• A0.lab（森林根）
• A1.A0.lab
• A2.A0.lab
• A3.A1.A0.lab
• B0.lab
• B1.B0.lab
• B2.B0.lab
• B3.B1.B0.lab

我已经成功创build了林根域（A0.lab），并定义了一个AD站点及​​其子网; 域正在正确运行。

接下来，我configuration了应该成为第一个子域（A1.A0.lab）的域控制器的服务器，使用根DC作为其DNS服务器，并且我已经启动了升级向导; 我填写了所有参数，包括根域的域pipe理员的用户帐户和创buildDNS委派的选项; 所有先决条件检查都是成功的。

当我开始实际的升级过程时，它在“复制模式目录分区”阶段中停顿。 “目录服务”事件日志反复充满了几个错误：

事件ID 1963，源ActiveDirectory_DomainService，任务类别DS RPC客户端：

 Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause. Process ID: 540 Reported error information: Error value: Could not find the domain controller for this domain. (1908) directory service: DCA0.a0.lab Extensive error information: Error value: A security package specific error occurred. 1825 directory service: DCA1 Additional Data Internal ID: 5000e02 

事件ID 1961，源ActiveDirectory_DomainService，任务类别DS RPC客户端：

 Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service. Extended information: Error value: A security package specific error occurred. (1825) directory service: DCA1 Supplemental information: Detection location: 1461 Generating component: RPC Runtime Time at directory service: 2015-03-19 21:44:04 Additional Data Error value: A security package specific error occurred. (1825) 

事件ID 2839，源ActiveDirectory_DomainService，任务类别DS RPC客户端：

 Internal event: This log entry is a continuation from the preceding extended error information entry. Extended information: Extended Error Parameters: 0 Parameter 1: (NULL) Parameter 2: (NULL) Parameter 3: (NULL) Parameter 4: (NULL) Parameter 5: %6 Parameter 6: %7 Parameter 7: %8 

事件ID 1962，源ActiveDirectory_DomainService，任务类别DS RPC客户端：

 Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available. directory service: DCA0.a0.lab Additional Data Error value: Could not find the domain controller for this domain. (1908) 

事件ID 1125，源ActiveDirectory_DomainService，任务类别设置：

 The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller. Domain controller: DCA0.a0.lab Additional Data Error value: 1908 Could not find the domain controller for this domain. 

这些错误一再重复，但没有进展或失败，推广过程只是停滞不前。

这里是dcpromo.log文件的内容：

 03/19/2015 22:43:35 [INFO] Promotion request for domain controller of new domain 03/19/2015 22:43:35 [INFO] DnsDomainName a1.a0.lab 03/19/2015 22:43:35 [INFO] FlatDomainName A1 03/19/2015 22:43:35 [INFO] SiteName Lab 03/19/2015 22:43:35 [INFO] SystemVolumeRootPath C:\Windows\SYSVOL 03/19/2015 22:43:35 [INFO] DsDatabasePath C:\Windows\NTDS, DsLogPath C:\Windows\NTDS 03/19/2015 22:43:35 [INFO] ParentDnsDomainName a0.lab 03/19/2015 22:43:35 [INFO] ParentServer DCA0.a0.lab 03/19/2015 22:43:35 [INFO] Account A0\AdmA0 03/19/2015 22:43:35 [INFO] Options 5243072 03/19/2015 22:43:35 [INFO] Validate supplied paths 03/19/2015 22:43:35 [INFO] Validating path C:\Windows\NTDS. 03/19/2015 22:43:35 [INFO] Path is a directory 03/19/2015 22:43:35 [INFO] Path is on a fixed disk drive. 03/19/2015 22:43:35 [INFO] Validating path C:\Windows\NTDS. 03/19/2015 22:43:35 [INFO] Path is a directory 03/19/2015 22:43:35 [INFO] Path is on a fixed disk drive. 03/19/2015 22:43:35 [INFO] Validating path C:\Windows\SYSVOL. 03/19/2015 22:43:35 [INFO] Path is on a fixed disk drive. 03/19/2015 22:43:35 [INFO] Path is on an NTFS volume 03/19/2015 22:43:35 [INFO] Child domain creation -- check the new domain name is child of parent domain name. 03/19/2015 22:43:35 [INFO] Domain Creation -- check that the flat name is unique. 03/19/2015 22:43:40 [INFO] Start the worker task 03/19/2015 22:43:40 [INFO] Request for promotion returning 0 03/19/2015 22:43:42 [INFO] Using supplied domain controller: DCA0.a0.lab 03/19/2015 22:43:42 [INFO] Using supplied site: Lab 03/19/2015 22:43:42 [INFO] Forcing time sync 03/19/2015 22:43:42 [INFO] Forcing a time sync with DCA0.a0.lab 03/19/2015 22:43:42 [INFO] Reading domain policy from the domain controller DCA0.a0.lab 03/19/2015 22:43:42 [INFO] Stopping service NETLOGON 03/19/2015 22:43:42 [INFO] Stopping service NETLOGON 03/19/2015 22:43:42 [INFO] ControlService(STOP) on NETLOGON returned 0(gle=1062) 03/19/2015 22:43:42 [INFO] Exiting service-stop loop after service NETLOGON entered STOPPED state 03/19/2015 22:43:42 [INFO] StopService on NETLOGON returned 0 03/19/2015 22:43:42 [INFO] Configuring service NETLOGON to 1 returned 0 03/19/2015 22:43:42 [INFO] Stopped NETLOGON 03/19/2015 22:43:42 [INFO] Creating the System Volume C:\Windows\SYSVOL 03/19/2015 22:43:42 [INFO] Deleting current sysvol path C:\Windows\SYSVOL 03/19/2015 22:43:44 [INFO] Preparing for system volume replication using root C:\Windows\SYSVOL 03/19/2015 22:43:44 [INFO] Created the system volume 03/19/2015 22:43:44 [INFO] Copying initial Directory Service database file C:\Windows\system32\ntds.dit to C:\Windows\NTDS\ntds.dit 03/19/2015 22:43:44 [INFO] Installing the Directory Service 03/19/2015 22:43:44 [INFO] Calling NtdsInstall for a1.a0.lab 03/19/2015 22:43:44 [INFO] Starting Active Directory Domain Services installation 03/19/2015 22:43:44 [INFO] Validating user supplied options 03/19/2015 22:43:44 [INFO] Determining a site in which to install 03/19/2015 22:43:44 [INFO] Examining an existing forest... 03/19/2015 22:43:44 [INFO] Configuring the local computer to host Active Directory Domain Services 03/19/2015 22:43:48 [INFO] EVENTLOG (Informational): NTDS General / Service Control : 1094 Software write caching for the following disk drive has been disabled to prevent possible data loss during system failures such as power outages or hardware component failures that can cause a sudden shutdown of the system. The disk drive that stores Active Directory Domain Services log files is the only drive affected by this change. Disk drive: c: 03/19/2015 22:43:59 [INFO] EVENTLOG (Informational): NTDS Database / Internal Processing : 2013 Active Directory Domain Services is rebuilding the following number of indices as part of the initialization process. Number of indices: 1 Indices: LCL_ABVIEW_index00000410 +ATTb590468 03/19/2015 22:43:59 [INFO] EVENTLOG (Informational): NTDS Database / Internal Processing : 2014 Active Directory Domain Services successfully completed rebuilding the following number of indices. Indices: 1 03/19/2015 22:44:00 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2120 This Active Directory Domain Services server does not support the Recycle Bin. Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost. Additionally, attributes of other objects that refer to the object being undeleted may also be lost. 03/19/2015 22:44:00 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2405 This Active Directory Domain Services server does not support the "Recycle Bin Feature" optional feature. 03/19/2015 22:44:00 [INFO] Replicating the schema directory partition 

之后，logging事件日志中报告的相同错误。

我发现这篇文章指出，如果pipe理员帐户在新的DC和login的域上具有相同的密码，则会发生此错误; 我没有使用所有的内置pipe理员帐户，因为这些是Azure虚拟机，但我实际上在第一次testing时在所有的服务器上使用相同的用户名和密码，所以我猜想这可能确实是为什么错误; 不过，我已经重build了所有服务器，并在每个服务器上创build了一个不同的本地pipe理员帐户（AdmA0，AdmA1，AdmA2 …），并使用不同的密码; 我也确保以A0\AdmA0格式指定父域的凭据; 但错误再次发生。

发生了什么，我该如何解决？

 Does Virtual Network support multicast or broadcast? No. We do not support multicast or broadcast.