疑難排解網域控制站部署Troubleshooting Domain Controller Deployment

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題涵蓋詳細的網域控制站設定和部署疑難排解的方法。This topic covers detailed methodology on troubleshooting domain controller configuration and deployment.

疑難排解簡介Introduction to Troubleshooting


疑難排解選項Troubleshooting Options

登入選項Logging Options

建登的樂器最重要的網域控制站升級降級的問題進行疑難排解。The built-in logs are the most important instrument for troubleshooting issues with domain controller promotion and demotion. 這些登的所有功能,而且預設設定為最大的詳細資訊。All of these logs are enabled and configured for maximum verbosity by default.

階段Phase 登入Log
伺服器管理員或 ADDSDeployment Windows PowerShell 作業Server Manager or ADDSDeployment Windows PowerShell operations -%systemroot%\debug\dcpromoui.log- %systemroot%\debug\dcpromoui.log

-%systemroot%\debug\dcpromoui.log- %systemroot%\debug\dcpromoui.log
安裝日 Promotion 網域控制站Installation/Promotion of the domain controller -%systemroot%\debug\dcpromo.log- %systemroot%\debug\dcpromo.log

-%systemroot%\debug\dcpromo.log- %systemroot%\debug\dcpromo.log

事件 viewer\Windows logs\System- Event viewer\Windows logs\System

事件 viewer\Windows logs\Application- Event viewer\Windows logs\Application

事件 viewer\Applications 和服務 logs\Directory 服務- Event viewer\Applications and services logs\Directory Service

事件 viewer\Applications 和服務 logs\File 複寫服務- Event viewer\Applications and services logs\File Replication Service

事件 viewer\Applications 和服務 logs\DFS 複寫- Event viewer\Applications and services logs\DFS Replication
樹系或網域升級Forest or domain upgrade -%systemroot%\debug\adprep\\adprep.log- %systemroot%\debug\adprep\\adprep.log

-%systemroot%\debug\adprep\\csv.log- %systemroot%\debug\adprep\\csv.log

-%systemroot%\debug\adprep\\dspecup.log- %systemroot%\debug\adprep\\dspecup.log

-%systemroot%\debug\adprep\\ldif.log- %systemroot%\debug\adprep\\ldif.log
伺服器管理員 ADDSDeployment Windows PowerShell 部署引擎Server Manager ADDSDeployment Windows PowerShell deployment engine 事件 viewer\Applications 和服務 logs\Microsoft\Windows\DirectoryServices-Deployment\Operational- Event viewer\Applications and services logs\Microsoft\Windows\DirectoryServices-Deployment\Operational
Windows 維護Windows Servicing -%systemroot%\Logs\CBS\- %systemroot%\Logs\CBS\

-%systemroot%\servicing\sessions\sessions.xml- %systemroot%\servicing\sessions\sessions.xml

-%systemroot%\winsxs\poqexec.log- %systemroot%\winsxs\poqexec.log

-%systemroot%\winsxs\pending.xml- %systemroot%\winsxs\pending.xml

工具和疑難排解網域控制站設定的命令Tools and Commands for Troubleshooting Domain Controller Configuration

若要登不解釋問題的疑難排解,使用下列工具做為起點:To troubleshoot issues not explained by the logs, use the following tools as a starting point:

一般的網域控制站設定進行疑難排解的方法General Methodology for Troubleshooting Domain Controller Configuration

  1. 是否有簡單語法問題會造成錯誤?Did a simple syntax issue cause the error?

    1. 您輸入錯誤或忘記 ADDSDeployment Windows PowerShell 來提供引數嗎?Did you mistype or forget to provide an argument to ADDSDeployment Windows PowerShell? 例如,如果使用 ADDSDeployment Windows PowerShell,忘記新增所需的引數的網域名稱及有效的名稱嗎?For example, if using ADDSDeployment Windows PowerShell, did you forget to add required argument -domainname with a valid name?

    2. 檢查仔細以查看完全它失敗的原因剖析命令列所提供的 Windows PowerShell 主控台輸出。Examine the Windows PowerShell console output carefully to see exactly why it is failing to parse the command-line provided.

  2. 必要條件的失敗是錯誤?Is the error a prerequisite failure?

    1. 必要條件檢查現在無法用來顯示為嚴重促銷結果許多錯誤。Many errors that used to appear as fatal promotion results are now prevented by the prerequisite checker.

    2. 必要條件錯誤的文字仔細地檢查,他們提供所需的指導方針解析大部分的問題,只要在受控制的案例。Examine the text of the prerequisite errors carefully, they provide the necessary guidance to resolve most issues, as they are controlled scenarios.

  3. 是在升級,因此嚴重錯誤?Is the error in promotion and therefore fatal?

    1. 仔細地檢查結果:許多錯誤有例如輸入錯誤的密碼、網路名稱的解析度或重大離線網域控制站簡單解釋。Examine the results carefully: many errors have simple explanations such as bad passwords, network name resolution, or critical offline domain controllers.

    2. 檢查的 Dcpromoui.log 與 dcpromo.log 的輸出] 中顯示的錯誤則運作向後,才能看見指示發生失敗的原因。Examine the Dcpromoui.log and dcpromo.log for the errors shown in the output, then work backwards from them to see indications of why the failure occurred.

      1. 隨時比較正常運作的範例登入Always compare to a working sample log

      2. 才結果表示延伸架構或準備的樹系或網域有問題,請檢查有錯誤 ADPrep 登。Examine the ADPrep logs for errors only if the results indicate a problem extending the schema or preparing the forest or domain.

      3. 只有 Dcpromoui.log 缺少詳細資料,或結束任意因為例外未在設定程序,請檢查有錯誤對部署事件登入。Examine the DirectoryServices-Deployment event log for errors only if the Dcpromoui.log lacks detail or ends arbitrarily due to an unhandled exception in the configuration process.

    3. 檢查其他設定問題的指標 Directory 服務、系統和應用程式事件登。Examine the Directory Services, System, and Application event logs for other indicators of a configuration issue. 通常時間網域控制站升級是只會影響所有分散式的系統其他網路設定錯誤的問題。Often times, the domain controller promotion is just a symptom of other network misconfiguration that would affect all distributed systems.

    4. 使用 dcdiag.exe 和 repadmin.exe 驗證整體的樹系健康狀態,表示細微錯誤,可能會使進一步網域控制站升級設定。Use dcdiag.exe and repadmin.exe to validate the overall forest health and indicate subtle misconfigurations that may prevent further domain controller promotion.

    5. 使用 AutoRuns.exe、工作管理員] 中或 MSinfo32.exe 來檢查電腦的協力廠商軟體可能會干擾。Use AutoRuns.exe, Task Manager, or MSinfo32.exe to examine the computer for third party software that may be interfering.

      1. 移除協力廠商軟體(不只會停用「軟體」; 不會阻止載入驅動程式)。Remove third party software (do not simply disable the software; that does not prevent drivers loading).
    6. 無法升級,以及複寫合作夥伴網域控制站和分析升級程序與雙面網路擷取的電腦上安裝 NetMon 3.4。Install NetMon 3.4 on the computer that fails to promote as well the replication partner domain controller and analyze the promotion process with double-sided network captures.

      1. 比較此工作 lab 環境了解良好的升級的外觀及失敗的位置。Compare this to your working lab environment to understand what a healthy promotion looks like and where it is failing.

      2. 此時的樹系物件、變更預設的安全性,或網路時,可能會錯誤,而且這個新的網域控制站買錯誤設定 DNS、防火牆、主機入侵防護軟體,或其他外因素而有所不同。At this point, the errors are likely with the forest objects, non-default security changes, or the network, and this new domain controller is a victim of misconfigurations in DNS, firewalls, host intrusion protection software, or other outside factors.

特定的問題進行疑難排解Troubleshooting Specific Problems

事件及錯誤訊息Events and Error Messages

網域控制站升級並隨時降級傳回結尾的作業,並不大多數程式中,像執行無法退貨零成功的程式碼。Domain controller promotion and demotion always returns a code at the end of operation and unlike most programs, do not return zero for success. 若要查看結尾的網域控制站設定的程式碼,您有數個選項:To see the code at the end of a domain controller configuration, you have several options:

  1. 當使用伺服器管理員中,檢查促銷結果中自動重新開機前 10 秒。When using Server Manager, examine the promotion results in the ten seconds prior to automatic reboot.

  2. 當使用 ADDSDeployment Windows PowerShell,請檢查促銷結果中自動重新開機前 10 秒。When using ADDSDeployment Windows PowerShell, examine the promotion results in the ten seconds prior to automatic reboot. 或者,選擇不要在下載完成度時自動重新開機。Alternatively, choose not to restart automatically on completion. 您應該會新增格式清單以方便朗讀輸出管線。You should add the Format-List pipeline to make the output easier to read. 例如:For example:

    Install-addsdomaincontroller <options> -norebootoncompletion:$true | format-list  

    必要條件驗證,驗證錯誤不會繼續放以重新開機,讓他們會顯示在所有的案例。Errors in prerequisite validation and verification do not continue on to a reboot, so they are visible in all cases. 例如:For example:


  3. 在任何案例中,檢查 dcpromo.log 和 dcpromoui.log。In any scenario, examine the dcpromo.log and dcpromoui.log.


    一些的錯誤,以下是不會再可能因為較新的作業系統中的作業系統和網域控制站設定變更。Some of the errors listed below are no longer possible due to operating system and domain controller configuration changes in later operating systems. 新的 ADDSDeployment Windows PowerShell 代碼也會防止特定錯誤,但 dcpromo.exe//unattend 不;這是另一個切換所有已取代帶領 ADDSDeployment Windows PowerShell 來您目前自動化的理由。The new ADDSDeployment Windows PowerShell codes also prevents certain errors, but the dcpromo.exe /unattend does not; this is another compelling reason to switch all of your current automation from the deprecated DCPromo to ADDSDeployment Windows PowerShell.

促銷和降級返回下列成功郵件的驗證碼。Promotion and demotion return the following success message codes.

錯誤碼Error Code 解釋Explanation 注意Note
11 結束成功Exit, success 您仍必須重新開機,這只是資訊自動重新旗標已移除You still must reboot, this just notes that the automatic restart flag was removed
22 結束,成功,必須重新開機Exit, success, need to reboot
33 結束的成功、失敗嚴重的Exit, success, with a non-critical failure 通常會看到時傳回 DNS 委派警告。Typically seen when returning the DNS Delegation warning. 如果未設定 DNS 委派,使用:If not configuring DNS delegation, use:

-creatednsdelegation: $false-creatednsdelegation:$false
44 結束時,使用嚴重的錯誤的成功、需要重新開機Exit, success, with a non-critical failure, need to reboot 通常會看到時傳回 DNS 委派警告。Typically seen when returning the DNS Delegation warning. 如果未設定 DNS 委派,使用:If not configuring DNS delegation, use:

-creatednsdelegation: $false-creatednsdelegation:$false

促銷和降級返回下列失敗郵件的驗證碼。Promotion and demotion return the following failure message codes. 另外還有可能延伸的錯誤訊息。隨時朗讀整個錯誤仔細,而不只的數字的部分。There is also likely to be an extended error message; always read the entire error carefully, not just the numeric portion.

錯誤碼Error Code 解釋Explanation 建議的解析度Suggested resolution
1111 已執行網域控制站升級Domain controller promotion is already running 無法執行一個執行個體的網域控制站升級一次相同的目標電腦比Do not run than one instance of domain controller promotion at the same time for the same target computer
1212 使用者必須是系統管理員User must be administrator 以系統管理員群組並確定您的 UAC 提高建成員登入Logon as a member of the built-in Administrators group and ensure you are elevating with UAC
1313 憑證授權單位已安裝Certification Authority is installed 您無法降級這個網域控制站,也很憑證授權單位。You cannot demote this domain controller, as it is also a Certification Authority. 不要的移除 CA 之前您仔細庫存其使用方式-如果這發行憑證,移除的角色,會導致服務中斷。Do not remove the CA before you carefully inventory its usage - if it is issuing certificates, removing the role will cause an outage. 建議您執行的網域控制站 CaRunning CAs on domain controllers is discouraged
1414 在 [安全開機模式執行Running in safe-boot mode 伺服器開機進入標準模式Boot the server into normal mode
1515 角色變更已進行中] 或 [需要重新開機Role change is in progress or needs reboot 您必須重新開機(因為先前的設定變更)升級之前You must restart the server (due to prior configuration changes) before promotion
1616 執行錯誤平台Running on wrong platform 不可能會收到這個錯誤訊息Not likely to get this error
1717 不 NTFS 5 磁碟機存在No NTFS 5 drives exist 這個錯誤不能在 Windows Server 2012,這需要至少 %系統磁碟機格式化為 NTFSThis error is not possible in Windows Server 2012, which requires at least the %systemdrive% be formatted with NTFS
1818 在 [windir 空間不足Not enough space in windir 免費使用 cleanmgr.exe %系統磁碟機 %磁碟區上的空間Free up space on the %systemdrive% volume using cleanmgr.exe
1919 名稱變更為擱置中、需要重新開機Name change pending, needs reboot 重新開機伺服器Reboot the server
2020 電腦名稱是語法Computer name is invalid syntax 重新命名電腦的有效的名稱Rename the computer with a valid name
2121 這個網域控制站保留故障、是 GC、和/或是 DNS 伺服器This domain controller holds FSMO roles, is a GC, and/or is a DNS server 新增-demoteoperationmasterrole使用-forceremovalAdd -demoteoperationmasterrole when using -forceremoval.
2222 TCP/IP 必須安裝或無法運作TCP/IP needs to be installed or isn't functioning 檢查電腦有 TCP/IP 設定,繫結,且可正常運作Verify computer has TCP/IP configured, bound, and working correctly
2323 DNS client 必須第一次設定DNS client needs to be configured first 加入網域新的網域控制站時設定的主要 DNS 伺服器Set a primary DNS server when adding a new domain controller to a domain
2424 提供的認證會是無效或遺失必要的項目Supplied credentials are invalid or missing required elements 確認您的使用者名稱和密碼正確無誤Verify your user name and password is correct
2525 找不到指定的網域網域控制站Domain controller for the specified domain could not be located 驗證免 DNS client 設定Validate DNS client settings, firewall rules
2626 無法從樹系讀取的網域清單List of domains could not be read from the forest 驗證 DNS client 設定、免 LDAP 功能Validate DNS client settings, LDAP functionality, firewall rules
2727 遺失的網域名稱Missing domain name 指定當中學網域Specify a domain when promoting or demoting
2828 錯誤的網域名稱Bad domain name 升級時,請選擇其他、有效的 DNS 網域名稱Choose a different, valid DNS domain name when promoting
2929 家長網域不會存在Parent domain does not exist 請確認建立新的子女網域或樹網域時指定父系網域Verify the parent domain specified when creating a new child domain or tree domain
3030 不在森林中的網域Domain not in forest 提供驗證的網域名稱Verify the domain name provided
3131 子女網域已存在Child Domain already exists 指定不同的網域名稱Specify a different domain name
3232 錯誤 NetBIOS 的網域名稱Bad NetBIOS domain name 指定有效 NetBIOS 網域名稱Specify a valid NetBIOS domain name
3333 IFM 檔案的路徑不正確Path to the IFM files is invalid 驗證您的路徑,從媒體安裝資料夾Validate your path to the Install From Media folder
3434 IFM 資料庫是錯誤The IFM database is bad 使用正確安裝的媒體此作業系統和角色(相同的作業系統版本、相同類型的網域控制站-與 RWDC RODC)Use the correct Install From Media for this operating system and role (same operating system version, same type of domain controller - RODC versus RWDC)
3535 遺失 SYSKEYMissing SYSKEY 從媒體安裝已加密,您必須提供有效的 SYSKEY 使用The Install from Media is encrypted and you must provide a valid SYSKEY to use it
3737 路徑 NTDS 資料庫或其登不正確Path for NTDS Database or its logs is invalid 修正的 NTFS 磁碟區,不對應的磁碟機或底色變更資料庫和登的路徑Change path of Database and Logs to a fixed NTFS volume, not a mapped drive or UNC path
3838 磁碟區不是針對 NTDS 資料庫或登空間不足Volume does not have enough space for NTDS database or logs 釋出空間使用 cleanmgr.exe、新增更多磁碟空間,以手動方式清除空間其他地方移動不必要的資料Free up space using cleanmgr.exe, add more disk space, manually clear space by moving unnecessary data elsewhere
3939 路徑 SYSVOL 不正確Path for SYSVOL is invalid 變更路徑 SYSVOL 資料夾的 NTFS 修正磁碟區,不對應的磁碟機或底色Change path of SYSVOL folder to a fixed NTFS volume, not a mapped drive or UNC path
4040 無效的網站名稱Invalid site name 提供存在網站名稱Provide a site name that exists
4141 必須指定密碼的安全模式Need to specify a password for safe-mode 提供密碼 DSRM 帳號,並無法空白不論密碼原則設定的方式Provide a password for the DSRM account, it cannot be blank no matter how the password policy is configured
4242 安全模式密碼不符合條件(僅限促銷)Safe-mode password does not meet criteria (promotion only) 符合密碼的原則設定的規則 DSRM account 提供的密碼Provide a password for the DSRM account that meets the password policy's configured rules
4343 系統管理員密碼不符合條件(僅限降級)Admin password does not meet criteria (demotion only) 提供的密碼本機系統管理員 account 符合密碼的原則設定規則Provide a password for the local administrator account that meets the password policy's configured rules
4444 無效的樹系指定的名稱The specified name for the forest is invalid 指定有效的樹系根 DNS 網域名稱Specify a valid forest root DNS domain name
4545 樹系指定名稱已存在A forest with the specified name already exists 選擇不同的樹系根 DNS 網域名稱Choose a different forest root DNS domain name
4646 無效的名稱指定樹The specified name for the tree is invalid 指定樹有效的 DNS 網域名稱Specify a valid tree DNS domain name
4747 樹指定名稱已存在A tree with the specified name already exists 選擇不同的樹 DNS 網域名稱Choose a different tree DNS domain name
4848 樹名稱並不適用於樹系結構The tree name does not fit into the forest structure 選擇不同的樹 DNS 網域名稱Choose a different tree DNS domain name
4949 指定的網域不會存在The specified domain does not exist 確認您的輸入的網域名稱Verify your typed domain name
5050 在降級,最後一個網域控制站偵測到即使在不是,或指定了一個網域控制站,但不是During demote, last domain controller was detected even though it is not, or last domain controller was specified, but it is not 未指定網域中的最後一個網域控制站(-lastdomaincontrollerindomain) 除非它。Do not specify Last Domain Controller in the Domain (-lastdomaincontrollerindomain) unless it is true. 使用-ignorelastdcindomainmismatch若要覆寫如果其實這是最後一個的網域控制站且虛設網域控制站中繼資料Use -ignorelastdcindomainmismatch to override if this is truly the last domain controller and there is phantom domain controller metadata
5151 在這個網域控制站的應用程式的磁碟分割存在App partitions exist on this domain controller 若要指定移除應用程式的磁碟分割(-removeapplicationpartitions)Specify to Remove Application Partitions (-removeapplicationpartitions)
5252 需要找不到命令列引數(也就是回應檔案必須指定命令列上)Required command-line argument is missing (that is, an answer file must be specified on the command-line) 僅限看過的帶領//unattend,這會取代。Only seen with dcpromo /unattend, which is deprecated. 查看較舊的文件See older documentation
5353 促銷日降級失敗,電腦必須重新開機以清理The promotion/demotion failed, machine must be rebooted to clean up 檢查登和延伸的錯誤Examine the extended error and logs
5454 促銷日降級失敗The promotion/demotion failed 檢查登和延伸的錯誤Examine the extended error and logs
5555 促銷日降級使用者已取消The promotion/demotion was canceled by the user 檢查登和延伸的錯誤Examine the extended error and logs
5656 促銷日降級被取消使用者,若要清除的電腦必須重新開機The promotion/demotion was canceled by the user, machine must be rebooted to clean up 檢查登和延伸的錯誤Examine the extended error and logs
5858 在 RODC 升級期間必須指定網站的名稱A site name must be specified during RODC promotion 您必須 RODC 指定網站,將不會自動偵測 RWDC 類似You must specify a site for an RODC, it will not automatically detect one like an RWDC
5959 降級,在這個網域控制站為其區域的其中一個的最後一個 DNS 伺服器During demote, this domain controller is the last DNS server for one of its zones 指定這是網域中的最後一個 DNS 伺服器,或使用-ignorelastdnsserverfordomainSpecify that this is the Last DNS Server in the Domain or use -ignorelastdnsserverfordomain
6060 執行 Windows Server 2008,或較新的網域控制站必須以升級 RODC 網域中出現A domain controller running Windows Server 2008 or later must be present in the domain in order to promote RODC 促銷至少一個 Windows Server 2008 或更新版本模型寫入網域控制站Promote at least one Windows Server 2008 or later model writable domain controller
6161 您無法使用 DNS 現有不裝載 DNS 網域中安裝 Active Directory Domain ServicesYou cannot install Active Directory Domain Services with DNS in an existing domain that does not already host DNS 不可能會收到這個錯誤訊息Not possible to get this error
6262 回應檔案不會有 [DCInstall] 區段Answer file does not have a [DCInstall] section 僅限看過的帶領//unattend,這會取代。Only seen with dcpromo /unattend, which is deprecated. 查看較舊的文件。See older documentation.
6363 樹系正常運作的電量低於 windows server 2003Forest functional level is below windows server 2003 森林功能提高到至少 Windows Server 2003 原生。Raise the forest functional level to at least Windows Server 2003 Native. Windows 2000 及 Windows nt4.0 已不再支援的作業系統Windows 2000 and Windows NT 4.0 are no longer supported operating systems
6464 促銷元件二進位偵測失敗無法Promo failed because component binary detection failed 安裝 AD DS 角色Install the AD DS role
6565 促銷元件二進位安裝失敗無法Promo failed because component binary installation failed 安裝 AD DS 角色Install the AD DS role
6666 促銷作業系統偵測失敗無法Promo failed because operating system detection failed 檢查延伸的錯誤和登;伺服器傳回的作業系統版本失敗。Examine the extended error and logs; the server is failing to return its operating system version. 電腦將需要重新安裝,因為它的整體健康是高度可疑有可能It is likely that the computer will need to be re-installed, as its overall health is highly suspect
6868 複製合作夥伴不正確Replication partner is invalid 使用 repadmin.exe 或取得-ADReplication\ *** Windows PowerShell 來驗證合作夥伴網域控制站健康Use repadmin.exe or the **Get-ADReplication\* Windows PowerShell to validate partner domain controller health
6969 需要連接埠已經在使用透過其他應用程式Required Port is already in use by some other application 使用netstat.exe-anob尋找 [處理程序,不正確已指派給保留 AD DS 連接埠Use netstat.exe -anob to locate processes that are incorrectly assigned to reserved AD DS ports
7070 森林根網域控制站必須 GCThe forest root domain controller must be a GC 僅限看過的帶領//unattend,這會取代。Only seen with dcpromo /unattend, which is deprecated. 查看較舊的文件See older documentation
7171 已安裝的 DNS 伺服器DNS server is already installed 未安裝 DNS 指定 (-installDNS) 如果已安裝的 DNS 服務Do not specify to install DNS (-installDNS) if the DNS service is already installed
7272 電腦正在執行非系統管理員模式遠端桌面服務Computer is running Remote Desktop Services in non-admin mode 您無法將這個網域控制站,升級為它也是設定為兩個以上系統管理員使用者 RDS 伺服器。You cannot promote this domain controller, as it is also a RDS server configured for more than two admin users. 不要的移除 RDS 之前是使用的應用程式或使用者,請移除仔細庫存其使用方式-會導致發生停電Do not remove RDS before you carefully inventory its usage - if it is being used by applications or end-users, removal will cause an outage
7373 無效的功能指定的樹系的層級。The specified forest functional level is invalid. 指定有效的樹系功能層級Specify a valid forest functional level
7474 無效的指定的網域功能層級。The specified domain functional level is invalid. 指定有效的網域功能層級Specify a valid domain functional level
7575 無法判斷複寫預設密碼的原則。Unable to determine the default password replication policy. 驗證 RODC 密碼複寫原則存在,以及可以存取Validate that the RODC password replication policy exists and is accessible
7676 指定複製/非複寫安全性群組不正確Specified replicated/non-replicated security groups are invalid 驗證您輸入正確的網域和使用者帳號中指定複寫密碼原則時Validate that you have typed in valid domain and user accounts when specifying a password replication policy
7777 無效的指定引數The specified argument is invalid 檢查登和延伸的錯誤Examine the extended error and logs
7878 若要檢查 Active Directory 樹系失敗Failed to examine Active Directory Forest 檢查登和延伸的錯誤Examine the extended error and logs
7979 無法升級 RODC,因為 rodcprep 尚未執行RODC cannot be promoted because rodcprep has not been performed 使用 Windows Server 2012 準備樹系或使用adprep.exe /rodcprepUse Windows Server 2012 to prepare the forest or use adprep.exe /rodcprep
8080 準備網域尚未執行Domainprep has not been performed 使用 Windows Server 2012 準備網域,或使用adprep.exe /domainprepUse Windows Server 2012 to prepare the domain or use adprep.exe /domainprep
8181 Forestprep 尚未執行Forestprep has not been performed 使用 Windows Server 2012 準備樹系或使用adprep.exe /forestprepUse Windows Server 2012 to prepare the forest or use adprep.exe /forestprep
8282 森林架構不相符Forest schema mismatch 使用 Windows Server 2012 準備樹系或使用adprep.exe /forestprepUse Windows Server 2012 to prepare the forest or use adprep.exe /forestprep
8383 不支援的 SKUUnsupported SKU 不可能會收到這個錯誤訊息Not likely to get this error
8484 無法偵測到的網域控制站 accountUnable to detect a domain controller account 驗證現有的網域控制站具有正確的使用者 account 控制屬性設定。Validate that existing domain controllers have correct user account control attribute set.
8585 無法選取網域控制站 account 第 2 階段Unable to select a domain controller account for stage 2 如果指定」使用現有 Account」,但找到可能不帳號,或是錯誤 account 查詢時傳回。Returned if you specify "Use Existing Account" but either no account found or there is an error during account lookup. 請確定您所提供的正確 RODC 暫存 accountEnsure you provided the correct RODC staged account
8686 需要執行「步驟 2 升級Need to run stage 2 promotion 如果您宣傳的其他網域控制站但現有 account 存在,「允許重新安裝「並未指定傳回Returned if you promote an additional domain controller but an existing account exists and "Allow Reinstall" was not specified
8787 衝突類型的網域控制站 account 存在A domain controller account of conflicting type exists 升級之後,如果不是嘗試附加至位置的網域控制站之前將電腦重新命名。Rename the computer before promoting, if not trying to attach to an unoccupied domain controller. 您必須將它附加到位置的網域控制站 account 使用-useexistingaccount,並正確唯讀或寫入引數,根據 account 類型You must attach to the unoccupied domain controller account using -useexistingaccount and the correct read-only or writable argument, depending on account type
8888 指定的伺服器管理員不正確The specified server admin is not valid 指定 RODC 管理委派無效負責。You specified an invalid account for RODC admin delegation. 請確認指定 account 是正確的使用者或群組Verify that the account specified is a valid user or group
8989 指定網域 RID 的主機已離線。RID master for the specified domain is offline. 使用netdom.exe 查詢 fsmo來偵測 RID 主機。Use netdom.exe query fsmo to detect the RID master. 將它 online 並讓它更容易存取升級您的網域控制站Bring it online and make it accessible to the domain controller you are promoting
9090 網域命名主機是離線。Domain naming master is offline. 使用netdom.exe 查詢 fsmo來偵測網域命名主機。Use netdom.exe query fsmo to detect the domain naming master. 將它 online 並讓它更容易存取升級您的網域控制站Bring it online and make it accessible to the domain controller you are promoting
9191 無法偵測程序是否 wow64Failed to detect if the process is wow64 收到這個錯誤可能無法再,作業系統為 64 位元Not possible to get this error anymore, the operating system is 64-bit
9292 不支援 Wow64 處理程序Wow64 process is not supported 收到這個錯誤可能無法再,作業系統為 64 位元Not possible to get this error anymore, the operating system is 64-bit
9393 適用於非讓降級不執行網域控制站服務Domain controller service is not running for non-forceful demotion [開始] 的 AD DS 服務Start the AD DS service
9494 本機系統管理員密碼不符合需求:空白,或者不需要Local admin password does not meet requirement: either blank or not required 提供非空白的密碼,並確認密碼本機原則需要密碼Provide a non-blank password and ensure that the local password policy requires a password
9595 無法降級最後一個 Windows Server 2008 或較新的網域控制站所在動態 Rodc 網域中Cannot demote last Windows Server 2008 or later domain controller in the domain where live RODCs exist 您可以在所有 Windows Server 2008 或更新版本寫入網域控制站都降級之前,您必須先都降級所有 RodcYou must first demote all RODCs before you can demote all Windows Server 2008 or later writable domain controllers
9696 無法解除安裝 DS 二進位檔Unable to uninstall DS binaries 僅限看過的帶領//unattend,這會取代。Only seen with dcpromo /unattend, which is deprecated. 查看較舊的文件See older documentation
9797 森林功能層級版本高於子女網域作業系統Forest functional level version higher than that of the child domain operating system 提供子女網域功能相同或更高的樹系功能層級Provide a child domain functional the same or higher than the forest functional level
9898 正在進行元件二進位安裝/解除安裝。Component binary install/uninstall is in progress. 僅限看過的帶領//unattend,這會取代。Only seen with dcpromo /unattend, which is deprecated. 查看較舊的文件See older documentation
9999 森林功能層級是太低(錯誤是 Windows Server 2012 只)Forest functional level is too low (error is Windows Server 2012 only) 森林功能提高到至少 Windows Server 2003 原生。Raise the forest functional level to at least Windows Server 2003 native. Windows 2000 及 Windows nt4.0 已不再支援的作業系統Windows 2000 and Windows NT 4.0 are no longer supported operating systems
100100 網域功能層級是太低(錯誤是 Windows Server 2012 只)Domain functional level is too low (error is Windows Server 2012 only) 至少提高網域功能等級以 Windows Server 2003 原生。Raise the domain functional level to at least Windows Server 2003 native. Windows 2000 及 Windows nt4.0 已不再支援的作業系統Windows 2000 and Windows NT 4.0 are no longer supported operating systems

已知日可能的問題與支援案例Known/Likely Issues and Support Scenarios

以下是在 Windows Server 2012 開發程序期間常見的問題。The following are common issues seen during the Windows Server 2012 development process. 這些問題」的設計」,並具有有效的因應措施或更適合技巧,以避免使用它們首先。All of these issues are "by design" and have either a valid workaround or more appropriate technique to avoid them in the first place. 有許多這些問題的是 Windows Server 2008 R2 和較舊的作業系統,在相同,但重新寫入部署 AD DS 的帶來增強的敏感度問題。Many of these behaviors are identical in Windows Server 2008 R2 and older operating systems, but the rewrite of AD DS deployment brings heightened sensitivity to issues.

問題Issue 降級網域控制站離開 DNS 執行的不區域Demoting a domain controller leaves DNS running with no zones
症狀Symptoms 伺服器仍然 DNS 要求回應,但不區域資訊Server still responds to DNS requests but has no zone information
解析度和筆記Resolution and Notes 移除時 AD DS 角色,也會移除 DNS 伺服器角色或 DNS 伺服器服務設定已停用。When removing the AD DS role, also remove the DNS Server role or set the DNS Server service to disabled. 請記得 DNS client 指向比本身另一部伺服器。Remember to point the DNS client to another server than itself. 如果您使用 Windows PowerShell 之後您降級伺服器, 執行:If using Windows PowerShell, run the following after you demote the server:

程式碼-解除安裝 windowsfeature dnsCode - uninstall-windowsfeature dns


程式碼-設定服務 dns 中停用Code - set-service dns -starttype disabled
停止服務 dnsstop-service dns
問題Issue Windows Server 2012 升級現有的單一標籤網域到不會設定 updatetopleveldomain = 1 或 allowsinglelabeldnsdomain = 1 台Promoting a Windows Server 2012 into an existing single-label domain does not configure updatetopleveldomain=1 or allowsinglelabeldnsdomain=1
症狀Symptoms 不會發生 DNS 動態記錄登記DNS dynamic record registration does not occur
解析度和筆記Resolution and Notes 設定使用群組原則 Netlogon 和 DNS 這些值。Set these values using the Netlogon and DNS group policies. Microsoft 開始封鎖單一標籤網域建立 Windows Server 2008;若要變更為 [已核准 DNS 網域結構,您可以使用 ADMT 或網域重新命名工具。Microsoft began blocking single-label domain creation in Windows Server 2008; you can use ADMT or the Domain Rename Tool to change to an approved DNS domain structure.
問題Issue 如果有預先建立、位置 RODC 帳號,便會失敗網域中的最後一個網域控制站降級Demotion of last domain controller in a domain fails if there are pre-created, unoccupied RODC accounts
症狀Symptoms 降級失敗,並訊息:Demotion fails with message:


Active Directory Domain Services 找不到另一個 Active Directory 網域控制站傳輸 directory 磁碟分割 DATA-CN 剩餘資料 = 區結構描述 DATA-CN = 設定,俠 = corp,俠 = contoso 俠 = com。Active Directory Domain Services could not find another Active Directory Domain Controller to transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=corp,DC=contoso,DC=com.

「指定的網域名稱的格式不正確的「。"The format of the specified domain name is invalid."
解析度和筆記Resolution and Notes 移除任何剩餘預先之前降級網域中建立 RODC 帳號使用Dsa.mscNtdsutil.exe 中繼資料清理]Remove any remaining pre-created RODC accounts before demoting a domain, using Dsa.msc or Ntdsutil.exe metadata cleanup.
問題Issue 自動樹系和網域準備不會執行 GPPREPAutomated forest and domain preparation does not run GPPREP
症狀Symptoms 適用於群組原則,結果設定的原則 (RSOP) 計劃模式跨網域計劃功能需要現有 GP 系統更新的檔案和 Active Directory 權限。Cross-domain planning functionality for Group Policy, Resultant Set of Policy (RSOP) Planning Mode, requires updated file system and Active Directory permissions for existing GP. Gpprep,而您無法使用 RSOP 規劃跨網域。Without Gpprep, you cannot use RSOP Planning across domains.
解析度和筆記Resolution and Notes 執行adprep.exe /gpprep以手動方式的所有先前已未準備適用於 Windows Server 2003、Windows Server 2008 或 Windows Server 2008 R2 的網域。Run adprep.exe /gpprep manually for all domains that were not previously prepared for Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. 系統管理員歷史加入網域的每個升級不應該執行 GPPrep 一次。Administrators should run GPPrep only once in the history of a domain, not with every upgrade. 因為您已經設定自訂的適當權限,如果它會導致所有 SYSVOL 內容重新複寫所有網域控制站它不是執行來自動 adprep。It is not run by automatic adprep because if you have already set adequate custom permissions, it would cause all SYSVOL contents to re-replicate on all domain controllers.
問題Issue 從媒體安裝驗證時指向底色失敗Install from media fails to verify when pointing to a UNC path
症狀Symptoms 傳回錯誤:Error returned:

程式碼-無法驗證媒體路徑。Code - Could not validate media path. 例外呼叫」GetDatabaseInfo」與「2「引數。Exception calling "GetDatabaseInfo" with "2" arguments. 無效的資料夾。The folder is not valid.
解析度和筆記Resolution and Notes 您必須儲存在本機磁碟機,不遠端底色 IFM 檔案。You must store IFM files on a local disk, not a remote UNC path. 此刻意封鎖會防止部分伺服器促銷因為網路中斷。This intentional block prevents partial server promotion due to a network interruption.
問題Issue 顯示期間網域控制站提升兩次 DNS 委派警告DNS delegation warning shown twice during domain controller promotion
症狀Symptoms 退貨警告兩次當升級使用 ADDSDeployment Windows PowerShell:Warning returned twice when promoting using ADDSDeployment Windows PowerShell:

程式碼 –「無法建立委派此 DNS 伺服器,因為授權家長區域找不到或無法執行 Windows DNS 伺服器。Code - "A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. 如果您使用現有的基礎結構 DNS 整合,您應該父區確保可靠的名稱解析從網域以外的來手動建立委派給此 DNS 伺服器。If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. 否則,不不需要任何動作。」Otherwise, no action is required."
解析度和筆記Resolution and Notes 略過。Ignore. ADDSDeployment Windows PowerShell 顯示的第一次在必要的檢查,然後再試一次時設定的網域控制站的警告。ADDSDeployment Windows PowerShell shows the warning first during prerequisite checking, then again during configuration of the domain controller. 如果您不想要設定 DNS 委派,使用引數:If you do not wish to configure DNS delegation, use argument:

程式碼--creatednsdelegation: $falseCode - -creatednsdelegation:$false

執行隱藏此訊息以跳過的必要條件檢查Do not skip the prerequisite checks in order to suppress this message
問題Issue 在設定期間指定 UPN 或非網域認證傳回誤導錯誤Specifying UPN or non-domain credentials during configuration returns misleading errors
症狀Symptoms 伺服器管理員會傳回錯誤:Server Manager returns error:

程式碼-例外呼叫」DNSOption」與「6「引數Code - Exception calling "DNSOption" with "6" Arguments

ADDSDeployment Windows PowerShell 傳回錯誤:ADDSDeployment Windows PowerShell returns error:

失敗碼-驗證使用者權限。Code - Verification of user permissions failed. 您必須提供此帳號所屬的網域名稱。You must supply the name of the domain to which this user account belongs.
解析度和筆記Resolution and Notes 請確定您提供有效的網域認證的形式網域使用者Ensure you are providing valid domain credentials in the form of domain\user.
問題Issue 移除使用 Dism.exe 對-DomainController 角色會導致無法開機伺服器Removing the DirectoryServices-DomainController role using Dism.exe leads to unbootable server
症狀Symptoms 如果使用 Dism.exe 適當降級網域控制站之前,請先移除 AD DS 角色,不再伺服器通常會開機,並顯示錯誤:If using Dism.exe to remove the AD DS role before demoting a domain controller gracefully, the server no longer boots normally and shows error:

程式碼-狀態:0x000000000Code - Status: 0x000000000
資訊:已發生意外的錯誤。Info: An unexpected error has occurred.
解析度和筆記Resolution and Notes 開機 Directory 服務修復模式使用shift 鍵 + F8Boot into Directory Services Repair Mode using Shift+F8. 新增 AD DS 角色,以及強制降級網域控制站。Add the AD DS role back, and then forcibly demote the domain controller. 或者,從備份還原系統狀態。Alternatively, restore the System State from backup. 請勿使用 Dism.exe AD DS 角色移除。公用程式,並不知道的網域控制站。Do not use Dism.exe for AD DS role removal; the utility has no knowledge of domain controllers.
問題Issue 當 forestmode 設 Win2012 安裝新的樹系失敗Installing a new forest fails when setting forestmode to Win2012
症狀Symptoms 促銷使用 ADDSDeployment Windows PowerShell 傳回錯誤:Promotion using ADDSDeployment Windows PowerShell returns error:

程式碼-Test.VerifyDcPromoCore.DCPromo.General.74Code - Test.VerifyDcPromoCore.DCPromo.General.74

必要條件網域控制站促銷驗證失敗。Verification of prerequisites for Domain Controller promotion failed. 無效的指定的網域功能層級The specified domain functional level is invalid
解析度和筆記Resolution and Notes 未指定 Win2012 而不需要的樹系功能模式指定 Win2012 網域功能模式。Do not specify a forest functional mode of Win2012 without also specifying a domain functional mode of Win2012. 以下是可將不會出現錯誤範例:Here is an example that will work without errors:

程式碼--forestmode Win2012-domainmode Win2012]Code - -forestmode Win2012 -domainmode Win2012]
問題Issue 按一下 [驗證中安裝媒體選取項目] 區域中的顯示以不執行任何動作Clicking Verify in the Install from Media selection area appears to do nothing
症狀Symptoms 當您指定的路徑 IFM 資料夾時,按一下確認按鈕永遠不會傳回訊息,或是執行任何動作。When you specify a path to an IFM folder, clicking the Verify button never returns a message or appears to do anything.
解析度和筆記Resolution and Notes 確認按鈕只會傳回錯誤如果有問題。The Verify button only returns errors if there are issues. 否則,它讓下一步按鈕,可選取,如果您有提供 IFM 路徑。Otherwise, it makes the Next button selectable if you have provided an IFM path. 您必須按確認如果您有選取 IFM 繼續。You must click Verify to proceed if you have selected IFM.
問題Issue 降級使用伺服器管理員中不提供意見反應,直到完成。Demoting with Server Manager does not provide feedback until completed.
症狀Symptoms 當使用移除 AD DS 角色與降級網域控制站伺服器管理員,就會提供降級完成,或是失敗之前不持續提供意見。When using Server Manager to remove the AD DS role and demote a domain controller, there is no ongoing feedback given until the demotion completes or fails.
解析度和筆記Resolution and Notes 這是一項限制伺服器管理員。This is a limitation of Server Manager. 意見反應,請使用 ADDSDeployment Windows PowerShell cmdlet:For feedback, use ADDSDeployment Windows PowerShell cmdlet:

程式碼-Uninstall-addsdomaincontrollerCode - Uninstall-addsdomaincontroller
問題Issue 從驗證媒體安裝不會偵測提供寫入網域控制站,或相反該 RODC 媒體。Install from Media Verify does not detect that RODC media provided for writable domain controller, or vice versa.
症狀Symptoms [驗證] 按鈕重點新網域控制站使用 IFM 並提供 IFM 不正確的媒體-例如寫入網域控制站的 RODC 媒體或 RODC RWDC 媒體-不會傳回錯誤。When promoting a new domain controller using IFM and providing incorrect media to IFM - such as RODC media for a writable domain controller, or RWDC media for an RODC - the Verify button does not return an error. 之後,錯誤而失敗促銷:Later, promotion fails with error:

程式碼-為網域控制站設定此電腦嘗試時發生錯誤。Code - An error occurred while trying to configure this machine as a domain controller.
Install-From-Media 升級 Read-Only 俠不得因為不能指定的來源資料庫。The Install-From-Media promotion of a Read-Only DC cannot start because the specified source database is not allowed. 只從其他 Rodc 資料庫可用於 RODC IFM 升級。Only databases from other RODCs can be used for IFM promotion of a RODC.
解析度和筆記Resolution and Notes 請確認只會驗證 IFM 的整體完整性。Verify only validates the overall integrity of IFM. 不提供伺服器錯誤 IFM 類型。Do not provide the wrong IFM type to a server. 再試一次使用正確的媒體升級之前,請重新伺服器。Restart the server before you attempt promotion again with the correct media.
問題Issue 升級 RODC 預先建立的電腦將會失敗Promoting an RODC into a pre-created computer account fails
症狀Symptoms 使用 ADDSDeployment Windows PowerShell 來提升電腦分段的 account 新 RODC 時, 收到錯誤訊息:When using ADDSDeployment Windows PowerShell to promote a new RODC with a staged computer account, receive error:

程式碼-無法解析使用名參數指定參數設定。Code - Parameter set cannot be resolved using the specified named parameters.
InvalidArgument: ParameterBindingExceptionInvalidArgument: ParameterBindingException
+ FullyQualifiedErrorId: AmbiguousParameterSet Microsoft.DirectoryServices.Deployment.PowerShell.Commands.Install+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.Install
解析度和筆記Resolution and Notes 不提供已經預先建立 RODC 帳號已經定義的參數。Do not provide parameters already defined already on a pre-created RODC account. 這些功能包括:These include:

程式碼--readonlyreplicaCode - -readonlyreplica
問題Issue 取消選取日選取 [自動重新開機每個項目的伺服器必要「無法執行任何動作Deselecting/selecting "Restart each destination server automatically if required" does nothing
症狀Symptoms 如果選取(或選取 [不)伺服器管理員選擇必要時自動重新開機每個項目的伺服器whendemoting 透過角色移除網域控制站,伺服器一律重新開機,無論的選擇。If selecting (or not selecting) the Server Manager option Restart each destination server automatically if required whendemoting a domain controller through role removal, the server always restarts, regardless of choice.
解析度和筆記Resolution and Notes 這是刻意。This is intentional. 降級程序重新開機伺服器這個設定。The demotion process restarts the server regardless of this setting.
問題Issue Dcpromo.log 顯示 [[錯誤] 的安全性設定伺服器檔案無法使用 2」Dcpromo.log shows "[error] setting security on server files failed with 2"
症狀Symptoms 網域控制站降級完成不問題,但檢查帶領登入顯示錯誤:Demotion of a domain controller completes without issues, but examination of the dcpromo log shows error:

2 失敗碼-[錯誤] 設定伺服器的檔案安全性Code - [error] setting security on server files failed with 2
解析度和筆記Resolution and Notes 略過、錯誤,預期和色彩。Ignore, error is expected and cosmetic.
問題Issue 必要條件 adprep 核取失敗,錯誤「無法執行換貨架構衝突檢查]Prerequisite adprep check fails with error "Unable to perform Exchange schema conflict check"
症狀Symptoms 當您嘗試升級到現有的 Windows Server 2003、Windows Server 2008 或 Windows Server 2008 R2 的樹系的 Windows Server 2012 網域控制站時, 錯誤而失敗必要條件檢查:When attempting to promote a Windows Server 2012 domain controller into an existing Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 forest, prerequisite check fails with error:

失敗碼-的必要條件 AD 準備的確認。Code - Verification of prerequisites for AD prep failed. 無法 Exchange 架構衝突檢查執行為網域 (例外:不適 RPC 伺服器)Unable to perform Exchange schema conflict check for domain (Exception: the RPC server is unavailable)

Adprep.log 顯示錯誤:The adprep.log shows error:

程式碼-Adprep 無法擷取的資料,從伺服器Code - Adprep could not retrieve data from the server

透過 Windows 管理檢測 (WMI)。through Windows Management Instrumentation (WMI).
解析度和筆記Resolution and Notes 新的網域控制站無法存取 WMI 透過向現有的網域控制站 DCOM 日 RPC 通訊協定。The new domain controller cannot access WMI through DCOM/RPC protocols against the existing domain controllers. 若要到目前為止,已經有三個原因:To date, there have been three causes for this:

現有的網域控制站-防火牆規則封鎖存取- A firewall rule blocks access to the existing domain controllers

從「登入即服務」不見-網路服務 account (SeServiceLogonRight) 現有的網域控制站的權限- The NETWORK SERVICE account is missing from the "Logon as a service" (SeServiceLogonRight) privilege on the existing domain controllers

-NTLM 上已停用網域控制站、使用中所述的安全性原則簡介限制 NTLM 驗證- NTLM is disabled on domain controllers, using security policies described in Introducing the Restriction of NTLM Authentication
問題Issue 建立新 AD DS 樹系一律會顯示警告 DNSCreating a new AD DS forest always shows DNS warning
症狀Symptoms 在建立新的 AD DS 森林和建立的 DNS 區域新的網域控制站本身,您隨時收到警告訊息:When creating a new AD DS forest and creating the DNS zone on the new domain controller for itself, you always receive warning message:

程式碼-錯誤偵測 DNS 設定。Code - An error was detected in the DNS configuration.
這台電腦所使用的 DNS 伺服器的無回應中逾時長的時間間隔。None of the DNS servers used by this computer responded within the timeout interval.
(錯誤碼 0x000005B4」ERROR_TIMEOUT」)(error code 0x000005B4 "ERROR_TIMEOUT")
解析度和筆記Resolution and Notes 略過。Ignore. 以方便您想要指向現有的 DNS 伺服器及區域,為刻意根網域中的新的樹系的第一個網域控制站在這個警告。This warning is intentional on the first domain controller in the root domain of a new forest, in case you intended to point to an existing DNS server and zone.
問題Issue Windows PowerShell-引數傳回正確 DNS 伺服器的資訊Windows PowerShell -whatif argument returns incorrect DNS server information
症狀Symptoms 如果您使用-時設定的網域控制站隱含或明確引數-installdns: $true,導致輸出所示:If you use the -whatif argument when configuring a domain controller with implicit or explicit -installdns:$true, the resulting output shows:

程式碼-」DNS 伺服器:否]Code - "DNS Server: No"
解析度和筆記Resolution and Notes 略過。Ignore. DNS 已安裝的並設定正確。DNS is installed and configured correctly.
問題Issue 升級後,登入失敗,並「儲存空間不足是可用於處理此命令」After promotion, logon fails with " Not enough storage is available to process this command"
症狀Symptoms 新的網域控制站升級,然後先登出,嘗試互動方式登入之後,您收到錯誤訊息:After you promote a new domain controller and then log off and attempt to log on interactively, you receive error:

程式碼的儲存空間不足是可用於處理此命令Code - Not enough storage is available to process this command
解析度和筆記Resolution and Notes 不網域控制站需要重新開機之後,因為發生錯誤升級,或是指定 ADDSDeployment Windows PowerShell 引數-norebootoncompletionThe domain controller was not rebooted after promotion, either due to an error or because you specified the ADDSDeployment Windows PowerShell argument -norebootoncompletion. 重新開機網域控制站。Restart the domain controller.
問題Issue [下一步] 按鈕並不適用於網域控制站選項] 頁面The Next button is not available on the Domain Controller Options page
症狀Symptoms 即使您已經設定密碼,下一步按鈕網域控制站選項頁面在伺服器管理員中不提供。Even though you have set a password, the Next button on the Domain Controller Options page in Server Manager is not available. 中列出的任何網站網站名稱功能表。There is no site listed in the Site name menu.
解析度和筆記Resolution and Notes 您有多個 AD DS 網站和至少一個遺失子網路。此未來網域控制站屬於個子之一。You have multiple AD DS sites and at least one is missing subnets; this future domain controller belongs to one of those subnets. 您必須手動選取子網路,從下拉式功能表名稱網站。You must manually select the subnet from the Site name dropdown menu. 您也應該檢視使用 DSSITE.MSC] 或 [使用下列 Windows PowerShell 命令尋找所有網站遺失子網路:You should also review all AD sites using DSSITE.MSC or use the following Windows PowerShell command to find all sites missing subnets:

程式碼-取得-adreplicationsite-篩選 *-屬性子網路和 #124;where-object {!$.subnets-eq」\ *"} 和 #124;格式化表格名稱Code - get-adreplicationsite -filter * -property subnets | where-object {!$.subnets -eq "*"} | format-table name
問題Issue 訊息」的服務不會開始」的升級或降級失敗Promotion or demotion fails with message "the service cannot be started"
症狀Symptoms 如果您嘗試升級、降級,或複製網域控制站您收到錯誤訊息:If you attempt promotion, demotion, or cloning of a domain controller you receive error:

-的程式碼服務無法開始,因為它是停用或它就不讓的裝置相關的「(0x80070422)Code - The service cannot be started, either because it is disabled or it has no enabled devices associated with it" (0x80070422)

這個錯誤可能是互動,事件,或寫入 dcpromoui.log 或 dcpromo.log 等登入The error may be interactive, an event, or written to a log like dcpromoui.log or dcpromo.log
解析度和筆記Resolution and Notes 停用 DS 角色伺服器服務 (DsRoleSvc)。The DS Role Server service (DsRoleSvc) is disabled. 根據預設,這項服務 AD DS 角色安裝期間安裝並手動開始輸入設定。By default, this service is installed during AD DS role installation and set to a Manual start type. 不要停用此服務。Do not disable this service. 將其設定為 [手動,並允許開始和停止它視 DS 角色作業。Set it back to Manual and allow the DS role operations to start and stop it on demand. 此行為是設計。This behavior is by design.
問題Issue 伺服器管理員仍會警告您需要提升俠Server Manager still warns that you need to promote DC
症狀Symptoms 如果您使用取代的 dcpromo.exe//unattend 網域控制站升級或就地現有 Windows Server 2008 R2 網域控制站升級到 Windows Server 2012,伺服器管理員仍會顯示部署後組態工作這個網域控制站伺服器升級If you promote a domain controller using the deprecated dcpromo.exe /unattend or upgrade an existing Windows Server 2008 R2 domain controller in place to Windows Server 2012, Server Manager still shows the post-deployment configuration task Promote this server to a domain controller.
解析度和筆記Resolution and Notes 按一下部署後警告連結,並訊息會消失的好。Click the post-deployment warning link and the message will disappear for good. 此行為是外觀與預期。This behavior is cosmetic and expected.
問題Issue 伺服器管理員部署指令碼遺失角色安裝Server Manager deployment script missing role installation
症狀Symptoms 如果您使用伺服器管理員網域控制站升級,並儲存部署 Windows PowerShell 指令碼,它不包含的角色安裝 cmdlet 和引數 (windowsfeature 安裝-ad 網域服務-includemanagementtools 的名稱)。If you promote a domain controller using Server Manager and save the Windows PowerShell deployment script, it does not include the role installation cmdlet and arguments (install-windowsfeature -name ad-domain-services -includemanagementtools). 的角色,而不設定 DC。Without the role, the DC cannot be configured.
解析度和筆記Resolution and Notes 手動將該 cmdlet 和引數任何指令碼。Manually add that cmdlet and arguments to any scripts. 此行為和所設計。This behavior is expected and by design.
問題Issue 伺服器管理員部署指令碼無法命名 PS1Server Manager deployment script is not named PS1
症狀Symptoms 如果您使用伺服器管理員網域控制站升級,並儲存部署 Windows PowerShell 指令碼,隨機暫時名稱,而不是 PS1 檔案命名檔案。If you promote a domain controller using Server Manager and save the Windows PowerShell deployment script, the file is named with a random temporary name and not as a PS1 file.
解析度和筆記Resolution and Notes 手動重新命名檔案。Manually rename the file. 此行為和所設計。This behavior is expected and by design.
問題Issue 帶領//unattend 可支援功能層級Dcpromo /unattend allows unsupported functional levels
症狀Symptoms 如果您升級網域控制站帶領//unattend 使用下列回應檔案範例:If you promote a domain controller using dcpromo /unattend with the following sample answer file:

程式碼-Code -

NewDomain = 森林NewDomain=Forest

ReplicaOrNewDomain = 網域ReplicaOrNewDomain=Domain

NewDomainDNSName = corp.contoso.comNewDomainDNSName=corp.contoso.com

SafeModeAdminPassword =Safepassword@6SafeModeAdminPassword=Safepassword@6

DomainNetbiosName = corpDomainNetbiosName=corp

DNSOnNetwork = [是]DNSOnNetwork=Yes

AutoConfigDNS = [是]AutoConfigDNS=Yes

RebootOnSuccess = NoAndNoPromptEitherRebootOnSuccess=NoAndNoPromptEither

RebootOnCompletion = 否]RebootOnCompletion=No

DomainLevel = 0DomainLevel=0

ForestLevel = 0ForestLevel=0

促銷失敗,錯誤下列 dcpromoui.log:Promotion fails with the following errors in the dcpromoui.log:

程式碼-出現 EA4.5B8 0089 13:31:50.783 Enter CArgumentsSpec::ValidateArgument DomainLevelCode - dcpromoui EA4.5B8 0089 13:31:50.783 Enter CArgumentsSpec::ValidateArgument DomainLevel

出現 EA4.5B8 008A 13:31:50.783 DomainLevel 的值為 0dcpromoui EA4.5B8 008A 13:31:50.783 Value for DomainLevel is 0

出現 EA4.5B8 008B 13:31:50.783 結束程式碼是 77dcpromoui EA4.5B8 008B 13:31:50.783 Exit code is 77

出現 EA4.5B8 008 C 13:31:50.783 指定引數不正確。dcpromoui EA4.5B8 008C 13:31:50.783 The specified argument is invalid.

出現 EA4.5B8 008 D 13:31:50.783 關閉登入dcpromoui EA4.5B8 008D 13:31:50.783 closing log

出現 EA4.5B8 0032 13:31:50.830 結束程式碼是 77dcpromoui EA4.5B8 0032 13:31:50.830 Exit code is 77

層級 0 是 Windows 2000,不支援 Windows Server 2012 中。Level 0 is Windows 2000, which is not supported in Windows Server 2012.
解析度和筆記Resolution and Notes 不要使用已取代的帶領//unattend 並了解,它可以讓您設定不正確的更新失敗。Do not use the deprecated dcpromo /unattend and understand that it allows you to specify invalid settings that later fail. 此行為和所設計。This behavior is expected and by design.
問題Issue 建立 NTDS 設定物件,以「無回應」的升級永遠不會完成Promotion "hangs" at creating NTDS settings object, never completes
症狀Symptoms 如果您將升級俠或 RODC 複本,在升級到達」NTDS 建立設定物件」和一律不會繼續或完成。If you promote a replica DC or RODC, the promotion reaches "creating NTDS settings object" and never proceeds or completes. 登停止也更新。The logs stop updating as well.
解析度和筆記Resolution and Notes 這是已知的問題,造成提供的認證建本機系統管理員符合入管理員密碼。This is a known issue caused by providing credentials of the built-in local Administrator account with a matching password to the built-in domain Administrator account. 這造成失敗下並不是錯誤,而不斷等待(半進度)核心設定引擎。This causes a failure down in the core setup engine that does not error, but instead waits indefinitely (quasi-loop). 這會如預期般-雖然非預期的行為。This is expected - albeit undesirable - behavior.

若要修正伺服器:To fix the server:

1.重新開機。1. Reboot it.

1.在 [廣告、delete 伺服器的成員電腦 account(不還會俠 account)1. In AD, delete that server's member computer account (it will not yet be a DC account)

1.在該 server 強制 disjoin 它的網域1. On that server, forcibly disjoin it from the domain

1.在 [伺服器,請移除 AD DS 角色。1. On that server, remove the AD DS role.

1.重新開機1. Reboot

1.重新加入 AD DS 角色與 reattempt 升級,確保您總是提供domain\admin格式化俠促銷並不只是建本機系統管理員 account 認證1. Re-add the AD DS role and reattempt promotion, ensuring that you always provide the domain\admin formatted credentials to DC promotion and not just the built-in local administrator account