监视远程访问服务器的配置分发状态Monitor the configuration distribution status of the Remote Access server

适用于:Windows Server(半年频道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

注意: Windows Server 2012 将 DirectAccess 和远程访问服务 (RAS) 组合到一个远程访问角色中。Note: Windows Server 2012 combines DirectAccess and Remote Access Service (RAS) into a single Remote Access role.

远程访问管理控制台将来自所有受监视服务器的配置版本进行比较,以验证它们是否匹配以及是否使用最新的配置版本。The Remote Access Management Console compares the configuration versions from all the monitored servers to verify that they match and are using the latest configuration version. 这将显示是否已将最新的配置版本(在组策略对象或 GPO 中指定)分发到所有服务器,以及它是否已成功应用到服务器。This shows whether the latest configuration version (which is specified in the Group Policy Objects or GPOs) was distributed to all of the servers and whether it was successfully applied on the servers.

使用监视仪表板来监视配置分发To use the monitoring dashboard to monitor the configuration distribution

  1. 在“服务器管理器”**** 中,单击“工具”****,然后单击“远程访问管理”****。In Server Manager, click Tools, and then click Remote Access Management.

  2. 单击“仪表板”**** 以导航到“远程访问管理控制台”**** 中的“远程访问仪表板”****。Click DASHBOARD to navigate to Remote Access Dashboard in the Remote Access Management Console.

  3. 在监视仪表板上,请注意位于顶部中心的“配置状态”**** 磁贴。On the monitoring dashboard, notice the Configuration Status tile at the top center. 此磁贴显示配置分发的当前状态。This tile shows the current status of the configuration distribution.

下表显示了由“配置状态”**** 磁贴生成的消息、其含义以及必要的管理操作(如果有)。The following table shows the messages that are generated by the Configuration Status tile, their meanings, and the necessary administrative action (if any).

严重性Severity 消息Message 含义Meaning 怎么办?What to do?
SuccessSuccess 已成功分发配置。The configuration was distributed successfully. GPO 中的配置已成功应用到服务器。The configuration in the GPO was successfully applied on the server. 无需执行任何操作。No action needed.
警告Warning 未从域控制器检索到服务器 [服务器名称] 的配置。Configuration for server [server name] not retrieved from the domain controller. GPO 未链接。The GPO is not linked. GPO 中的配置尚未传播到服务器。The configuration in the GPO did not yet reach the server. 这可能是因为 GPO 未链接到服务器。This could be because the GPO is not linked to the server. 将 GPO 链接到应用于服务器的管理作用域,或者在暂存 GPO 方案中,手动从暂存 GPO 导出设置并将它们导入生产 GPO。Link the GPO to a scope of management that is applied to the server, or in a staging GPO scenario, manually export the settings from the staging GPO and import them to the production GPO. 有关暂存 Gpo 的详细信息,请参阅在步骤 1-计划-DirectAccess 基础结构管理具有有限权限的远程访问 gpoFor more information about staging GPOs, see Managing Remote Access GPOs with limited permissions in Step-1-Plan-the-DirectAccess-Infrastructure. 有关 GPO 暂存步骤,请参阅步骤1:配置 DirectAccess 基础结构的配置具有有限权限的远程访问 gpoFor GPO staging steps, see Configuring Remote Access GPOs with limited permissions in Step 1: Configure the DirectAccess Infrastructure.
警告Warning 尚未从域控制器检索到服务器 [服务器名称] 的配置。Configuration for server [server name] not yet retrieved from the domain controller. GPO 中的配置尚未传播到服务器。The configuration in the GPO did not yet reach the server.

可能需要花费长达 10 分钟的时间来传播新配置。It can take up to 10 minutes to propagate a new configuration.

允许花更多时间将策略更新到服务器。Allow more time for the policies to update on the server.
错误Error 未从域控制器检索到服务器 [服务器名称] 的配置。Configuration for server [server name] cannot be retrieved from the domain controller. GPO 中的配置未传播到该服务器,并且自配置更改之后已过去超过 10 分钟的时间。The configuration in the GPO did not reach the server, and more than 10 minutes have passed since the configuration was changed. 这可能在下列任一种情况中发生:This could happen in one of the following scenarios:

-服务器未连接到域来更新策略。- The server has no connectivity to the domain to update the policies. 可以在服务器上运行 "gpupdate/force" 来强制进行策略更新。You can run "gpupdate /force" on the server to force a policy update.
-可能需要 GPO 复制来检索更新的配置。- GPO replication might be required to retrieve the updated configuration.
-远程访问服务器的 Active Directory 站点中没有可写的域控制器。- There is no writable domain controller in the Active Directory site of the Remote Access server.

等待 GPO 复制到所有域控制器,然后使用 Windows PowerShell cmdlet Set-DAEntryPointDC 将入口点与远程访问服务器中 Active Directory 的可写域控制器相关联。Wait for GPOs to replicate to all domain controllers, and then use the Windows PowerShell cmdlet Set-DAEntryPointDC to associate the entry point with a writable domain controller in Active Directory in the Remote Access server.

警告Warning 已从域控制器检索到服务器 [服务器名称] 的配置,但尚未应用。Configuration for server [server name] retrieved from the domain controller, but not yet applied. GPO 中的配置已传播到服务器,但尚未应用。The configuration in the GPO reached the server but is not yet applied.

可能在长达 15 分钟后才会应用配置。It can take up to 15 minutes before the configuration is applied.

允许花更多时间将配置完全应用到服务器。Allow more time for the configuration to be fully applied to the server.
错误Error 不能应用从域控制器检索的服务器 [服务器名称] 的配置。Configuration for server [server name] retrieved from the domain controller cannot be applied. GPO 中的配置已传播到服务器但未成功应用,并且自配置更改之后已过去超过 15 分钟的时间。The configuration in the GPO reached the server but is not successfully applied, and more than 15 minutes have passed since the configuration was changed. 这可能在下列任一种情况中发生:This could happen in one of the following scenarios:

1. 配置目前正在应用的过程中。1. The configuration is currently in the process of being applied. 它显示为错误的原因在于可能需要花费很长时间才能从 GPO 中检索到配置。This is shown as an error because it may have taken a long time to retrieve the configuration from the GPO.
若要验证是否由于该原因出错,请使用“任务计划程序”**** 并导航到 Microsoft\Windows\RemoteAccess 以验证 RAConfigTask 当前是否正在运行。To verify whether this is the reason, use Task Scheduler and navigate to Microsoft\Windows\RemoteAccess to verify that RAConfigTask is currently running.
2. 如果RAConfigTask当前未运行,则它可能无法在服务器上应用配置。2. If RAConfigTask is not currently running, it may have failed to apply the configuration on the server.
请在远程访问服务器操作通道下的“事件查看器”**** 中检查错误,该通道位于 \Applications and Services Logs\Microsoft\Windows\RemoteAccess-RemoteAccessServer。Check for errors in Event Viewer under the Remote Access server operations channel, which is located at \Applications and Services Logs\Microsoft\Windows\RemoteAccess-RemoteAccessServer.
请在远程访问管理控制台的“操作状态”**** 中检查错误。Check for errors in OPERATIONS STATUS in the Remote Access Management Console. 有关详细信息,请参阅监视远程访问服务器及其组件的操作状态For more information, see Monitor the Operations Status of the Remote Access server and its components.

错误Error 已从域控制器检索到多站点服务器的配置。Configuration for multisite servers retrieved from the domain controller. 该配置并没有在所有服务器上匹配。The configuration does not match on all servers. 多站点部署中的服务器 GPO 配置版本之间存在不一致。There is an inconsistency between the configuration versions of the server GPOs in the multisite deployment.

理想情况下,用于所有入口点的所有服务器 GPO 将具有相同的全局配置,但由于某种原因,它们并未同步。Ideally, all the server GPOs for all entry points will have the same global configuration, but for some reason, they are out of sync.

当配置更改失败并且未成功回滚时,可能发生此情况。This can happen when a configuration change failed and was not rolled back successfully.

应该从所有服务器 GPO 已同步的备份状态中还原 GPO。You should restore the GPOs from a backup state where all server GPOs were synchronized. 有关可用脚本的信息,请参阅备份和还原远程访问配置For information about a script that you can use, see Back up and Restore Remote Access Configuration.