事件 ID 2042:已經太長的時間後複寫這部電腦Event ID 2042: It has been too long since this machine replicated

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

如果尚未網域控制站複寫超過標記期間的合作夥伴使用,則可能有一或兩個網域控制站延遲物件問題。If a domain controller has not replicated with its partner for longer than a tombstone lifetime, it is possible that a lingering object problem exists on one or both domain controllers. 如何長刪除物件(稱為「標記」),判斷樹系的 Active Directory 中標記期間會保留在 Active Directory Domain Services (AD DS)。The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a "tombstone") is retained in Active Directory Domain Services (AD DS). 標記期間由的值tombstoneLifetime設定 directory 磁碟分割服務 Directory 物件的屬性。The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition. When the condition that causes Event ID 2042 to be logged occurs, inbound replication with the source partner is stopped on the destination domain controller and Event ID 2042 is logged in the Directory Service event log. The event identifies the source domain controller and the appropriate steps to take to either remove the outdated domain controller or remove lingering objects and restore replication from the source domain controller. The following is an example of the event text: 登入的名稱︰ Directory 服務來源:Microsoft-Windows-ActiveDirectory_DomainService 日期:<時間>263: 2042 年工作分類:複寫層級:錯誤關鍵字:傳統使用者:匿名的登入電腦:<網域控制站主機>描述:已經太多時間自上次與指定的來源電腦複寫這台電腦。Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: <Time> Event ID: 2042 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: <domain controller hostname> Description: It has been too long since this machine last replicated with the named source machine. 使用此來源複寫之間的時間有超過標記期間。The time between replications with this source has exceeded the tombstone lifetime. 已停止複寫與此來源。Replication has been stopped with this source. 原因繼續不允許複寫兩台電腦的刪除的物件的檢視現在可能會不同。The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. 來源電腦可能仍有已經物件複本(和回收)這台電腦上。The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. 如果它們已允許複寫,來源電腦可能會傳回已經已經物件。If they were allowed to replicate, the source machine might return objects which have already been deleted. 上次成功複寫的時間:<日期><的時間>的來源叫用 ID:<叫用 ID>來源的名稱:<GUID>._msdcs。<網域>標記期間天數:<TSL 數天>Time of last successful replication: <date> <time> Invocation ID of source: <Invocation ID> Name of source: <GUID>._msdcs.<domain> Tombstone lifetime (days): <TSL number in days> 複寫操作失敗。The replication operation has failed. 使用者動作:User Action: 判斷這兩部電腦的樹系中斷與現在已過期。Determine which of the two machines was disconnected from the forest and is now out of date. 您有三個選項:You have three options: 1. 降級或重新安裝電腦已中斷連接。Demote or reinstall the machine(s) that were disconnected. 2. 來移除一致刪除的物件然後繼續複寫使用「repadmin /removelingeringobjects」工具。Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication. 3. 繼續複寫。Resume replication. 可能導致一致刪除的物件。Inconsistent deleted objects may be introduced. 您可以使用下列機碼繼續複寫。You can continue replication by using the following registry key. 系統複寫之後,建議您移除恢復保護鍵。Once the systems replicate once, it is recommended that you remove the key to reinstate the protection. 登錄鍵:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Allow 複寫的時間和損壞合作夥伴repadmin /showrepl命令也報告錯誤 8416,以下的範例所示:Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner The repadmin /showrepl command also reports error 8416, as shown in the following example: Source: Default-First-Site-Name\DC1 ******* <number> CONSECUTIVE FAILURES since <date> <time> Last error: 8614 (0x21a6): The Active Directory Domain Services cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
原因 有幾個可能的原因登入的事件編號 2042,其中包括下列: Windows Server 2003 遇到軟體預先 Service Pack 1 (SP1) 網域控制站問題,會導致︰ 複寫失敗 曾時間超過設定的標記期間值︰ 複寫失敗 系統時間提前或回復造成刪除物件的?但並非全部?網域控制站 Cause There are a few potential causes for the logging of Event ID 2042, which include the following: Windows Server 2003 pre-Service Pack 1 (SP1) domain controllers having a software issue that causes replication failures Replication failures that have existed longer than the configured tombstone lifetime value System time advance or rollback that causes objects to be deleted on some?but not all?domain controllers
解析度 的解析度這個問題,而定的實際原因或問題的原因。修正此問題的相關,以檢查每個下列條件: 判斷是否有任何不需要在 Windows Server 2003 網域控制站最低 SP1 套用。如果您發現任何這類網域控制站,確保您在至少更新以修正此問題的相關 SP1。 判斷是否有任何已允許超過樹系標記期間︰ 複寫失敗。一般而言,標記期間的樹系是預設到 180 60 天。事件訊息指出樹系標記期間目前設定。 執行命令repadmin /showrepl來判斷是否是複製問題。如果您懷疑複寫問題時,請查看監視和疑難排解 Active Directory 複寫使用 Repadminhttp://go.microsoft.com/fwlink/?linkid=140631 (http://go.microsoft.com/fwlink/?linkid=140631) 如需有關如何修正此問題的相關資訊。 判斷是否延遲物件。您可以執行命令repadmin /removelingeringobjects在 [建議] 模式中,如下所述。 您必須先找出授權網域控制站。如果您知道特定網域控制站具有最新的變更,您可以使用該網域控制站的授權網域控制站。否則,您可能要完成多網域控制站在下列程序,直到您找出您認為具有最新的變更的網域控制站。然後,您可以使用該網域控制站為您的授權網域控制站。 中的成員資格網域系統管理員」,或相當於,才能完成此程序最小值。 Resolution The resolution of this issue depends on the actual cause or causes of the issue. To resolve this issue, check for each of the following conditions: Determine whether there are any Windows Server 2003 domain controllers that do not have at least SP1 applied. If you find any such domain controllers, ensure that you update them to at least SP1 to resolve this issue. Determine whether there are any replication failures that have been allowed to exceed the tombstone lifetime of the forest. Typically, the tombstone lifetime of the forest is 60 to 180 days by default. The event message indicates the tombstone lifetime of the forest as it is currently configured. Run the command repadmin /showrepl to determine whether a replication issue exists. If you suspect that there is a replication issue, see Monitoring and Troubleshooting Active Directory Replication Using Repadminhttp://go.microsoft.com/fwlink/?linkid=140631 (http://go.microsoft.com/fwlink/?linkid=140631) for information about how to resolve the issue. Determine whether there are lingering objects. You can do this by running the command repadmin /removelingeringobjects in advisory mode, as described in the following procedure. You must first identify an authoritative domain controller. If you know that a specific domain controller has the latest changes, you can use that domain controller as the authoritative domain controller. Otherwise, you may have to complete the following procedure on multiple domain controllers until you identify a domain controller that you believe has the latest changes. Then, you can use that domain controller as your authoritative domain controller. Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. gen_win7_review_detailincludes > 找出延遲物件 網域控制站您希望在擁有最新的變更,請打開提升權限的命令提示字元視窗。gen_win7_review_detailincludes> Identify lingering objects On a domain controller that you expect to have the latest changes, open an elevated Command Prompt window. cmd_eleincludes > 執行repadmin在建議模式中的命令。這可讓您不需要實際移除的任何項目評估延遲物件。語法命令的repadmin /removelingeringobjects <DestDCName><SourceDCGUID><LDAPPartition> /advisory_mode。在命令語法預留位置替代下列項目: DestDCName嗎?主機延遲物件清除您的目標的網域控制站的名稱。例如,如果您想要移除延遲物件 dc1 contoso.com 網域中,以取代dc1.contoso.com<DestDCName> SourceDCGUID嗎?執行命令repadmin /showrepl AuthDCname | 更多,其中AuthDCname的授權選取的網域控制站主機名稱。替代第一個DSA 物件 GUID出現的<SourceDCGUID> LDAPPartition嗎?您的目標的磁碟分割輕量型 Directory 存取磁碟分割 (LDAP) 名稱。例如,如果延遲物件網域 contoso.com 網域的磁碟分割,以取代dc = contoso 俠 = com<LDAPPartition> 下面是命令辨識延遲物件的範例:repadmin /removelingeringobjects dc1.contoso.com 4a8717eb-8e58-456c-995a-c92e4add7e8e dc = contoso 俠 = com /advisory_mode 必要時,重複步驟其他網域控制站在您判斷您認為的網域控制站具有最新的變更。為您的授權網域控制站使用該網域控制站。執行repadmin /removelingeringobjects命令/advisory_mode切換到確實移除延遲物件。重複執行命令視需要從他們的每個網域控制站移除延遲物件。cmd_eleincludes> Run the repadmin command in advisory mode. This makes it possible for you to assess the lingering objects without actually removing anything. The syntax of the command is repadmin /removelingeringobjects <DestDCName> <SourceDCGUID> <LDAPPartition> /advisory_mode. Substitute the following items for the placeholders in the command syntax: DestDCName?The host name of the domain controller that you are targeting for lingering object clean-up. For example, if you want to remove lingering objects from DC1 in the contoso.com domain, substitute dc1.contoso.com for <DestDCName>. SourceDCGUID?Run the command repadmin /showrepl AuthDCname |more, where AuthDCname is the host name of the domain controller that you selected as authoritative. Substitute the first DSA object GUID that appears for <SourceDCGUID>. LDAPPartition?The Lightweight Directory Access Partition (LDAP) name of the partition that you are targeting. For example, if the lingering objects are in the domain partition of the contoso.com domain, substitute dc=contoso,dc=com for <LDAPPartition>. The following is an example command for identifying lingering objects: repadmin /removelingeringobjects dc1.contoso.com 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=contoso,dc=com /advisory_mode If necessary, repeat the previous steps on additional domain controllers until you determine the domain controller that you believe has the latest changes. Use that domain controller as your authoritative domain controller. Run the repadmin /removelingeringobjects command without the /advisory_mode switch to actually remove lingering objects. Repeat the command as necessary to remove lingering objects from each domain controller that has them.
下列事件 ID 2042 複寫重新開機 的複寫正常狀態一個物件的變更,其屬性涵蓋網域控制站接收最新的資訊的方式。合作夥伴網域控制站發現會傳遞較舊的變更時, 視為合作夥伴變更為「時間」。合作夥伴稱為參與「時間複寫」。網域控制站通常會複寫任何合作夥伴的時間︰ 複寫參與被視為與會停止。 您移除所有延遲物件之後,您可以重新登事件編輯登錄的網域控制站在複寫。 僅限在您移除所有延遲物件後重新開機複寫。 Restart replication following Event ID 2042 The normal state of replication is one in which changes to objects and their attributes converge in a way that domain controllers receive the latest information. When a partner domain controller is discovered to be passing older changes, the changes from the partner are deemed to be "divergent." The partner is said to be engaged in "divergent replication." Domain controllers will normally stop replicating with any partner that is deemed to be engaged in divergent replication. After you remove all lingering objects, you can restart replication on the domain controller that logged the event by editing the registry. Restart replication only after you have removed all lingering objects. Registrincludes > 成員資格在網域系統管理員」,或相當於,才能完成此程序最小值。Registrincludes> Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. gen_win7_review_detailincludes > 以重新開機之後事件 ID 2042 複寫使用 Repadmin 開放提升權限的命令提示字元。gen_win7_review_detailincludes> Use Repadmin to restart replication following Event ID 2042 Open an elevated Command Prompt. cmd_eleincludes > 命令提示字元中,輸入下列命令,並按一下 ENTER: repadmin /regkey<主機>+ allowDivergent cmd_eleincludes> At the command prompt, type the following command, and then press ENTER: repadmin /regkey <hostname> +allowDivergent
參數Parameter 描述Description
/regkey/regkey 可讓 (+) 和停用 (-) 的值為嚴格複寫一致性中的項目登錄HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParametersEnables (+) and disables (-) the value for the Strict Replication Consistency registry entry in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters.
<主機><hostname> 替代單一網域控制站的名稱,或使用以套用森林中的所有網域控制站的變更。Substitute the name of a single domain controller, or use to apply the change to all domain controllers in the forest. 網域控制站的名稱,您可以使用網域名稱系統」(DNS) 名稱、網域控制站電腦物件,分辨的名稱或分辨的網域控制站伺服器物件的名稱。For the domain controller name, you can use the Domain Name System (DNS) name, the distinguished name of the domain controller computer object, or the distinguished name of the domain controller server object.
+ allowDivergent+allowDivergent 讓複寫複寫合作夥伴必須延遲物件,再次開始。Enables replication to start again with the replication partner that had lingering objects. 已經移除延遲物件所有後,才應執行這個命令。You should run this command only after all the lingering objects have been removed. 複寫正常執行一次之後,請使用-allowDivergent以避免發生時間複寫切換。After replication is running properly again, use the -allowDivergent switch to prevent divergent replication from occurring.
如果您不是使用套用到所有網域控制站的變更,請為每個您要允許時間複寫的網域控制站重複步驟 2。If you did not use to apply the change to all domain controllers, repeat step 2 for every domain controller on which you want to allow divergent replication.
若要防止過時複寫登錄防重設 您滿意時,已經移除延遲物件複寫發生成功來源網域控制站的、用來防止時間複寫。若要執行防止複寫時間,請執行命令repadmin /regkey<主機>-allowDivergent。例如,若要限制時間複寫網域控制站名 DC1 Fabrikam.com 網域中的,執行命令repadmin /regkey dc1.fabrikam.com-allowDivergent 如果您未移除所有延遲物件,嘗試複寫可能會導致複寫延遲物件。如果目的地網域控制站尚未嚴格複寫一致性,複寫來源網域控制站再試一次將會被封鎖。 Reset the registry to protect against outdated replication When you are satisfied that lingering objects have been removed and replication has occurred successfully from the source domain controller, use Repadmin to prevent divergent replication. To do prevent divergent replication, run the command repadmin /regkey <hostname> -allowDivergent. For example, to restrict divergent replication on a domain controller named DC1 in the Fabrikam.com domain, run the command repadmin /regkey dc1.fabrikam.com -allowDivergent. If you did not remove all the lingering objects, attempting replication might result in replication of a lingering object. If strict replication consistency is enabled on the destination domain controller, replication with the source domain controller will be blocked again.