263 1925 年:嘗試建立︰ 複寫失敗連結,因為連接的問題Event ID 1925: Attempt to establish a replication link failed due to connectivity problem

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

事件 ID 1925 中的描述文字報告,建立下列寫入 directory 磁碟分割的連結︰ 複寫失敗,並描述文字提供分辨的目的地嘗試來源複寫 directory 磁碟分割的名稱。The description text in event ID 1925 reports that the attempt to establish a replication link for the following writable directory partition failed, and the description text provides the distinguished name of the directory partition that the destination is attempting to replicate from the source. 錯誤碼的事件會提供問題的原因詳細特定資訊。The error code in the event gives more specific information about the cause of the problem. 事件文字的範例如下:The following is an example of the event text: Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 3/12/2008 8:14:13 AM Event ID: 1925 Task Category: Knowledge Consistency Checker Level: Warning Keywords: Classic User: ANONYMOUS LOGON Computer: DC3.contoso.com Description: The attempt to establish a replication link for the following writable directory partition failed. Directory 磁碟分割:DATA-CN = DC 的設定,= contoso 俠 = com 來源網域控制站:DATA-CN = NTDS 設定 DATA-CN = DC1,DATA-CN = DATA-CN 的伺服器,= 預設--網站-名字 DATA-CN = DATA-CN 的網站,= DC 的設定,= contoso 俠 = com 來源網域控制站位址:f8786828-ecf5-4b7d-ad12-8ab60178f7cd._msdcs.contoso.com 間傳輸(如果有的話):DATA-CN = IP DATA-CN = 間網站傳輸、DATA-CN = DATA-CN 的網站,= DC 的設定,= contoso 俠 = 的 com 複製來源網域控制站修正這個問題之前將無法使用此網域控制站。Directory partition: CN=Configuration,DC=contoso,DC=com Source domain controller: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com Source domain controller address: f8786828-ecf5-4b7d-ad12-8ab60178f7cd._msdcs.contoso.com Intersite transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=contoso,DC=com This domain controller will be unable to replicate with the source domain controller until this problem is corrected. 使用使用者動作驗證如果來源網域控制站存取或網路連接。User Action Verify if the source domain controller is accessible or network connectivity is available. 其他資料錯誤值:1908 年找不到此網域網域控制站。Additional Data Error value: 1908 Could not find the domain controller for this domain.
診斷 時 263 1925 年包含錯誤 1908,「找不到的網域控制站這個網域中,「複寫 Active Directory 失敗根據網域控制站報告錯誤和稱為事件中文字的來源網域控制站連接的問題。 Diagnosis When Event ID 1925 contains error 1908, "Could not find the domain controller for this domain," Active Directory replication has failed as a result of a connectivity problem between the domain controller that reported the error and the source domain controller that is named in the event text.
解析度 使用下列測試解開此問題: WAN 驗證連接 判斷封包大小上限,並視需要變更該。 Resolution Use the following tests to solve this problem: Verify WAN connectivity Determine the maximum packet size, and change it if necessary.
請確認連接 WAN 驗證尤其來分隔它們寬區域 (wan) 連結或防火牆有網路網域控制站之間不基本連接的問題。測試這類問題的相關資訊,會看到文章 310099 (http://go.microsoft.com/fwlink/?LinkId=69995http://go.microsoft.com/fwlink/?LinkId=69995) 和文件 159211 (http://go.microsoft.com/fwlink/?LinkId=69996http://go.microsoft.com/fwlink/?LinkId=69996) 的 Microsoft 知識庫)。 Verify WAN connectivity Verify that there are no basic connectivity problems with the underlying network between the domain controllers, especially if they are separated by a wide area network (WAN) link or firewalls. For information about testing this type of problem, see article 310099 (http://go.microsoft.com/fwlink/?LinkId=69995http://go.microsoft.com/fwlink/?LinkId=69995) and article 159211 (http://go.microsoft.com/fwlink/?LinkId=69996http://go.microsoft.com/fwlink/?LinkId=69996) in the Microsoft Knowledge Base).
判斷最大封包 來預設值,Windows 2000、Windows XP、Windows Server 2003、Windows Server 2003 R2、Windows Vista、Kerberos 驗證通訊協定和nextref_longhorincludes > 會使用的資料可以配合封包小於 2000 位元組使用者資料流通訊協定 (UDP)。 Determine maximum packet size By default, the Kerberos authentication protocol in Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, and nextref_longhorincludes> uses the User Datagram Protocol (UDP) when the data can be fit into packets of less than 2,000 bytes. 大於此值的任何資料使用 TCP 執行封包。Any data larger than this value uses TCP to carry the packets. 裝置,例如網路上的防火牆所通常中斷是多個 1500 封包。Packets of more than 1,500 bytes are often dropped by a device, such as a firewall on the network. 若要避免這個問題,您可以判斷您的網路可容納的封包的大小。然後,您可以編輯登錄,以便使用 UDP 位元組人數設定,您會收到,以負責標頭大小較 8 位元組的最小值。 您可以使用ping命令來測試封包網路可容納的大小。 中的成員資格使用者網域,或相當於,和登入本機權限的網域控制站的才能完成此程序最小值。 To avoid this problem, you can determine the size of packet that your network can accommodate. Then, you can edit the registry so that the maximum number of bytes for using UDP is set to the lowest value that you receive, less 8 bytes to account for header size. You can use the ping command to test the size of packets that the network can accommodate. Membership in Domain Users, or equivalent, and the Log on locally right on the domain controller are the minimum required to complete this procedure. review_detailincludes > 來判斷常見的最低封包大小 的目的網域控制站 ping 來源網域控制站的 IP 位址。在命令提示字元中,輸入下列命令,並按一下 ENTER: ping <IP_address> f l 1472 來源網域控制站的使用中的命令步驟 1 ping 目的地網域控制站的 IP 位址。 如果ping命令完成兩個方向、是否需要任何其他修改。 如果ping您使用的數字任一方向,較低單純地命令失敗-l參數,直到您找到之間來源和目的地的運作方式網域控制站的最低常見封包大小。 Dcdiag.exe 提供執行這項測試下列方法: dcdiag//test: CheckSecurityError /s:<SourceDomainControllerName> 您可以編輯登錄封包的最大大小為由 PING 方法,減號 8 位元組標頭大小的值。或者,您可以編輯登錄讓永遠超過位元組使用 UDP 的上限,且 Kerberos 因此隨時使用 TCP。 您可以修改登錄變更預設值的 2000 位元組MaxPacketSizeHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters。若要變更此登錄設定使用下列程序。 建議您不要不直接編輯登錄除非另有其他的替代方案。變更登錄無法驗證再套用,如此一來,不正確的值可以儲存或 windows 作業系統。這可能導致處於無法復原錯誤,系統中。可能的話,請使用群組原則」或其他 Windows 工具,例如 Microsoft Management Console (MMC),以完成任務,而非編輯登錄直接。如果您必須編輯登錄,小心謹慎。 需求 認證:成員資格網域系統管理員,或相當於,才能完成此程序最小值。 工具:Regedit.exe 變更封包大小上限 按一下[開始],按一下 [執行,輸入regedit,,然後按一下 [確定 瀏覽到HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters 編輯?或者,如果它並不在詳細資料窗格中,建立?項目MaxPacketSize,如下所示: 編輯如果有的話詳細資料窗格中的項目: 以滑鼠右鍵按一下MaxPacketSize,按一下 [修改,,然後在數值資料方塊中,輸入1強制 Kerberos 使用 TCP,或輸入降低適當最大值您所建立的值。 如果並不在詳細資料窗格中建立的項目: 以滑鼠右鍵按一下參數,按一下 [的新 DWORD 值。,輸入名稱MaxPacketSize,並移至步驟 3a 編輯項目。 按一下 [ [確定] 您必須重新開機網域控制站,變更才會生效。 review_detailincludes> To determine the lowest common packet size From the destination domain controller, ping the source domain controller by its IP address. At a command prompt, type the following command, and then press ENTER: ping <IP_address> -f -l 1472 From the source domain controller, use the command in step 1 to ping the destination domain controller by its IP address. If the ping command completes in both directions, no additional modification is required. If the ping command fails in either direction, monotonically lower the number that you use in the -l parameter until you find the lowest common packet size that works between the source and destination domain controllers. Dcdiag.exe provides the following method to perform this test: dcdiag /test:CheckSecurityError /s:<SourceDomainControllerName> You can edit the registry to set the maximum size of packets to the value that you determined by the PING method, minus 8 bytes to account for header size. As an alternative, you can edit the registry so that the maximum number of bytes for using UDP is always exceeded and therefore Kerberos always uses TCP. You can change the default value of 2,000 bytes by modifying the registry entry MaxPacketSize in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters. Use the following procedure to change this registry setting. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution. Requirements Credentials: Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Tool: Regedit.exe To change the maximum packet size Click Start, click Run, type regedit, and then click OK. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters. Edit?or, if it does not exist in the details pane, create?the entry MaxPacketSize as follows: To edit the entry if it exists in the details pane: Right-click MaxPacketSize, click Modify, and then, in the Value data box, type 1 to force Kerberos to use TCP, or type the value that you established to lower the value to the appropriate maximum size. To create the entry if it does not exist in the details pane: Right-click Parameters, click New DWORD Value, type the name MaxPacketSize, and then go to step 3a to edit the entry. Click OK. You must restart the domain controller for this change to take effect.
監視和疑難排解 Active Directory 複寫使用 Repadminhttp://go.microsoft.com/fwlink/?LinkId=122830http://go.microsoft.com/fwlink/?LinkId=122830Monitoring and Troubleshooting Active Directory Replication Using Repadminhttp://go.microsoft.com/fwlink/?LinkId=122830http://go.microsoft.com/fwlink/?LinkId=122830