複製錯誤 8456 或 8457 來源 |目前目的伺服器拒絕複寫要求Replication error 8456 or 8457 The source | destination server is currently rejecting replication requests

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題解釋包括症狀、原因,以及如何解析 Active Directory 複寫錯誤 8456︰ 複寫要求或 Active Directory 複寫錯誤 8457 目前拒絕來源伺服器:目的伺服器目前拒絕複寫要求。症狀造成解析度This topic explains the symptoms, causes, and how to resolve Active Directory replication error 8456: the source server is currently rejecting replication requests or Active Directory replication error 8457: the destination server is currently rejecting replication requests. Symptoms Causes Resolutions
症狀 帶領促銷新的網域控制站在現有的樹系失敗的錯誤「來源伺服器目前拒絕複寫要求」。 對話方塊的標題文字: Active Directory 安裝精靈 對話的訊息文字: 操作失敗:Active Directory 無法將剩餘 directory 磁碟分割中的資料傳輸<路徑磁碟分割 DN>網域控制站<目標 DC>。「來源伺服器目前拒絕複寫要求」。 DCDIAG 報告錯誤「來源伺服器目前拒絕複寫要求」或「目的伺服器目前拒絕複寫要求」。 Testing server: Default-First-Site-Name<DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition> The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server options Testing server: Default-First-Site-Name&lt;DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition> The replication generated an error (8457): The destination server is currently rejecting replication requests. The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server options REPADMIN 表示該傳入的和傳出 Active Directory︰ 複寫失敗的錯誤「來源 |目的地伺服器目前拒絕複寫。」 DC=Contoso,DC=COM <site name>&lt;dc name> via RPC DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8457 (0x2109): The destination server is currently rejecting replication requests. DC=Contoso,DC=COM <site name>&lt;dc name> via RPC DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8456 (0x2108): The source server is currently rejecting replication requests. 十六進位和小數點相當於的「目前拒絕複寫」錯誤,可能會顯示 REPADMIN 的命令。 事件來源和指出 USN 回復發生的事件 Id 包括但不是限於動作: Symptoms The DCPROMO promotion of a new domain controller in an existing forest fails with the error "The source server is currently rejecting replication requests." Dialog title text: Active Directory Installation Wizard Dialog message text: The operation failed because: Active Directory could not transfer the remaining data in directory partition <directory partition DN path> to domain controller <destination DC>. "The source server is currently rejecting replication requests." DCDIAG reports the error "The source server is currently rejecting replication requests" or "The destination server is currently rejecting replication requests." Testing server: Default-First-Site-Name<DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition> The replication generated an error (8456): The source server is currently rejecting replication requests. The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server options Testing server: Default-First-Site-Name&lt;DC NAME> Starting test: Replications * Replications Check [Replications Check,<DC NAME>] A recent replication attempt failed: From IADOMINO to <DC NAME> Naming Context: DC=<DN path of partition> The replication generated an error (8457): The destination server is currently rejecting replication requests. The failure occurred at <Date> <Time>. The last success occurred at <Date> <time>. 957 failures have occurred since the last success. Replication has been explicitly disabled through the server options REPADMIN indicates that incoming and outgoing Active Directory replication may be failing with the error "The source | destination server is currently rejecting replication." DC=Contoso,DC=COM <site name>&lt;dc name> via RPC DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8457 (0x2109): The destination server is currently rejecting replication requests. DC=Contoso,DC=COM <site name>&lt;dc name> via RPC DC object GUID: <objectguid of source DCs NTDS settings object> Last attempt @ <date> <time> failed, result 8456 (0x2108): The source server is currently rejecting replication requests. REPADMIN commands may display both the hexadecimal and the decimal equivalent for the "currently rejecting replication" error. Event sources and event IDs that indicate that a USN rollback has occurred include but are not limited to the following:
事件Event 來源Source 事件字串Event String
13081308 NTDS KCCNTDS KCC 後續複製下列網域控制站的嘗試一直無法偵測知識一致性檢查程式 (KCC)。The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
19251925 NTDS KCCNTDS KCC 建立下列寫入 directory 磁碟分割的連結︰ 複寫失敗。The attempt to establish a replication link for the following writable directory partition failed.
19261926 NTDS KCCNTDS KCC 嘗試使用下列的參數,無法建立複寫唯讀 directory 磁碟分割的連結。The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
15861586 NTDS 複寫NTDS Replication Windows nt4.0 或先前複寫檢查點 pdc 模擬器未成功。 完整的同步處理的安全性 manager(坡)資料庫,以執行 Windows nt4.0 網域控制站及之前您可能 PDC 模擬器主角轉移到本機網域控制站之前的下一步成功檢查點。 檢查點程序將會試一次在四小時的時間。 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might occur if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours.
20232023 NTDS 複寫NTDS Replication 本機網域控制站無法變更複寫下列遠端網域控制站下列 directory 磁碟分割。The local domain controller was unable to replicate changes to the following remote domain controller for the following directory partition.
20952095 Microsoft-Windows-ActiveDirectory_DomainServicesMicrosoft-Windows-ActiveDirectory_DomainServices 複寫 Active Directory Domain Services 要求,期間本機網域控制站 DC 辨識遠端 DC,已收到複寫資料本機俠使用已通知 USN 追蹤數字。During an Active Directory Domain Services replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC by using already acknowledged USN tracking numbers.
21032103 Microsoft-Windows-ActiveDirectory_DomainServicesMicrosoft-Windows-ActiveDirectory_DomainServices Active Directory Domain Services 資料庫還原使用尚未支援的還原程序。 時,仍然無法登入使用者將無法使用 active Directory Domain Services。因此,已暫停的網路登入服務。 The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused.
位置 embedded 的狀態代碼下列 8456 和 8457 地圖:Where embedded status codes 8456 and 8457 map to the following:
小數點錯誤Decimal error 十六進位錯誤Hexadecimal error 錯誤字串Error string
84568456 21082108 來源伺服器目前拒絕複寫The source server is currently rejecting replication
84578457 21092109 目前目的伺服器拒絕複寫。The destination server is currently rejecting replication.
NTDS 一般事件 2013 年能登入 Directory 服務事件登入。這表示支援的復原或還原的 Active Directory 資料庫因為發生 USN 復原。 事件類型:錯誤 事件來源:NTDS 一般 分類事件:服務控制 263: 2103 年 日期:<日期> 時間:<時間> 使用者:<使用者名稱> 電腦:<電腦名稱> 描述:Active Directory 資料庫已使用尚未支援的還原程序還原。Active Directory 無法登入的使用者時仍然無法使用。如此一來,已暫停的網路登入服務。使用者動作,請洽詢先前事件登的詳細資訊。如需詳細資訊,請瀏覽的協助和支援中心http://support.microsoft.comhttp://support.microsoft.com NTDS 一般事件 1393 年能登入 Directory 服務事件登入。這表示實體或 virtual 磁碟機裝載 Active Directory 資料庫或登入檔缺少可用磁碟空間不足: 事件類型:錯誤 事件來源:NTDS 一般 分類事件:服務控制 263: 1393 年 日期:<日期> 時間:<時間> 使用者:<使用者名稱> 電腦:<電腦名稱> 描述:失敗,錯誤 112 嘗試更新 Directory 服務資料庫。因為 Windows 會無法登入的使用者,仍然無法使用時,會在暫停 NetLogon 服務。請確定可用磁碟空間不足 directory 資料庫並登入檔案所在的磁碟機。 NTDS General Event 2013 may be logged in the Directory Services event log. This indicates that a USN rollback occurred because of an unsupported rollback or restore of the Active Directory Database. Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 2103 Date: <date> Time: <time> User: <user name> Computer: <computer name> Description: The Active Directory database has been restored by using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, visit the Help and Support Center at http://support.microsoft.comhttp://support.microsoft.com. NTDS General Event 1393 may be logged in the Directory Services event log. This indicates that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space: Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 1393 Date: <date> Time: <time> User: <user name> Computer: <computer name> Description: Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. Make sure that sufficient free disk space is available on the drives where the directory database and log files reside.
傳入或傳出複寫已自動停用作業系統因為多根本原因。 ,停用輸入或輸出複寫三個活動包括: A USN 復原發生 (NTDS 一般事件 2103)。 硬碟已滿 (NTDS 一般事件 1393)。 損壞 UTD 向量存在於 (事件 2881)。 ,作業系統會自動將四個設定的變更時,其中一個三個條件,就會發生。四個設定的變更如下: 傳入的 Active Directory 複寫已停用。 傳出 Active Directory 複寫已停用。 中登錄「無法寫入 DSA」設定零值。 NETLOGON 服務狀態從 [執行] 變更為「已暫停」。 這個錯誤的基準的根本原因是討論 USN 復原MSKB 875495 如何偵測並從 Windows Server 2003、Windows Server 2008 和 Windows Server 2008 R2 USN 復原復原http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495 請不要假設零的任何值「無法寫入 DSA」或的來源或目的地伺服器」目前拒絕複寫要求」期間帶領 Active Directory 複寫肯定表示發生 USN 回復,和這類網域控制站隱含推動降級或推動 repromoted 有。降級可能是正確的選擇。不過,它可能會過錯誤會造成磁碟空間不足時。 Causes Incoming or outgoing replication was automatically disabled by the operating system because of multiple root causes. Three events that disable inbound or outbound replication include: A USN rollback occurred (NTDS General Event 2103). The hard disk is full (NTDS General Event 1393). A corrupt UTD vector is present (Event 2881). The operating system automatically makes four configuration changes when one of three conditions occurs. The four configuration changes are as follows: Incoming Active Directory replication is disabled. Outgoing Active Directory replication is disabled. "DSA not writable" is set to a nonzero value in the registry. The NETLOGON service status is changed from "running" to "paused." The dominant root cause for this error condition is a USN rollback discussed in MSKB 875495 How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495. Do not assume that any nonzero value for "DSA not writable" or that a source or destination server "is currently rejecting replication requests" during DCPROMO or Active Directory Replication definitively means that a USN rollback has occurred and that such domain controllers implicitly have to be force-demoted or force-repromoted. Demotion may be the correct option. However, it may be excessive when the error is caused by insufficient free disk space.
解析度 值檢查」DSA 無法寫入。」 的每個網域控制站的登入 8456 或 8457 錯誤,判斷是否的三個觸發事件其中一個自動停用傳入或傳出 Active Directory 複寫,適用於「DSA 無法寫入」從本機登錄朗讀值。 自動停用︰ 複寫時,作業系統寫入其中一個值四個「無法寫入 DSA」: Resolutions Check the value for "DSA not writable." For each domain controller that is logging the 8456 or 8457 error, determine whether one of the three triggering events automatically disabled incoming or outgoing Active Directory Replication by reading the value for "DSA not writable" from the local registry. When replication is automatically disabled, the operating system writes one of four possible values to "DSA not writable":
路徑Path HKLMSystemCurrentControlSetServicesNTDSHKLMSystemCurrentControlSetServicesNTDS
設定Setting 無法寫入 DSADSA not writable
輸入Type 呼叫(完成)(Reg_dword)
Values #定義 DSA_WRITABLE_GEN 1 #定義 DSA_WRITABLE_NO_SPACE 2 #定義 DSA_WRITABLE_USNROLLBCK 4 #定義 DSA_WRITABLE_CORRUPT_UTDV 8 #define DSA_WRITABLE_GEN 1 #define DSA_WRITABLE_NO_SPACE 2 #define DSA_WRITABLE_USNROLLBCK 4 #define DSA_WRITABLE_CORRUPT_UTDV 8
樹系版本不相容的作業系統 (例如網域控制站升級到 Windows Server 2003 森林功能層級或類似的樹系 Windows 2000) 時才可以撰寫 1 的值。 表示裝載的 Active Directory 資料庫或登入檔案缺少不足可用磁碟空間實體或 virtual 磁碟機的值為 2。 4 表示發生因為 Active Directory 資料庫已經正確復原時間 USN 復原值。已知會造成 USN 回復作業如下: 開機從先前的網域控制站一樣快照 HYPER-V 或 VMWARE 主機上儲存的角色電腦。 中包含一個以上的網域控制站的樹系正確實體到 virtual (P2V) 轉換績效。 使用例如魔鬼映像處理你還原俠角色電腦。 回復到的磁碟分割裝載 active directory 資料庫的時間,使用進階的磁碟子系統。 8 表示 up-要-dateness 向量,在本機的網域控制站已損壞。 技術,「無法寫入 DSA」可能包含多個值。10 登錄值指出磁碟空間不足,例如損壞的 UTD。通常是一個值寫入」DSA 無法寫入。」 少見支援專業人員和系統管理員多複寫隔離傳出複寫,讓傳入複寫,藉由變更為 [自動,停用從 NETLOGON 服務開機值,進而停用,並開始 NETLOGON 服務。因此,完整隔離設定可能無法在位置時,它會檢查。 核取隔離事件 Directory 服務事件登入。 假設不具有覆蓋 Directory 服務事件登入,您可能會發現其中一個或多個相關登入 Directory 服務事件登入的網域控制站的登入 8456 或 8457 錯誤事件。 A value of 1 can be written only when the forest version is incompatible with the operating system (for example, a Windows 2000 domain controller is promoted into a forest at Windows Server 2003 forest functional level, or similar). A value of 2 means that the physical or virtual drive that is hosting the Active Directory database or log files lacks sufficient free disk space. A value of 4 means that a USN rollback occurred because the Active Directory database was incorrectly rolled back in time. Operations that are known to cause a USN rollback include the following: The booting from previously saved virtual machine snapshots of domain controller role computers on Hyper-V or VMWARE hosts. Incorrect physical-to-virtual (P2V) conversions in forests that contain more than one domain controller. Restoring DC role computers by using imaging products such as Ghost. Rolling the contents of a partition that is hosting the active directory database back in time by using an advanced disk subsystem. A value of 8 indicates that the up-to-dateness-vector is corrupted on the local DC. Technically, "DSA not writable" could consist of multiple values. For example, a registry value of 10 would indicate insufficient disk space and a corrupted UTD. Typically, a single value is written to "DSA not writable." It is common for support professionals and administrators to partly disable the replication quarantine by enabling outgoing replication, by enabling incoming replication, by changing the startup value for the NETLOGON service from disabled to automatic, and by starting the NETLOGON service. Therefore, the full quarantine configuration may not be in place when it is examined. Check the Directory Service event log for quarantine events. Assuming the Directory Service event log has not wrapped, you may find one or more related events logged in the Directory Service event log of a domain controller that is logging the 8456 or 8457 error.
一般 2103 NTDSNTDS General 2103 Active Directory 資料庫還原使用尚未支援的還原程序。The Active Directory database was restored by using an unsupported restoration procedure. Active Directory 無法登入的使用者時仍然無法使用。Active Directory will be unable to log on users while this condition persists. 因此,已暫停的網路登入服務。Therefore, the Net Logon service has paused. 使用者動作:看到前的事件登如需詳細資訊。User Action: See previous event logs for more information.
NTDS 一般事件 1393NTDS General Event 1393 有位於磁碟空間不足。There is insufficient space on the disk.
事件 2881Event 2881 不適用Not applicable
執行根據「無法寫入 DSA」的值或登入系統事件復原: 如果「無法寫入 DSA」等於 4 或 NTDS 一般事件 2103 年已登入,請執行 USN 復原修復的步驟。如需詳細資訊,請查看 Microsoft 知識庫文件875495http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495 如果「無法寫入 DSA」等於 2 或 NTDS 一般事件 1393 年已登入,請檢查不足裝載 Active Directory 資料庫及登入檔實體和 virtual 磁碟分割上的可用磁碟空間。釋出空間的要求。 如果「無法寫入 DSA」等於 8,降級並之前其不良值複寫森林中的其他網域控制站再重新升級的網域控制站。 Perform the recovery based on the value of "DSA not writable" or on events that are logged on the system: If "DSA not writable" equals 4 or if NTDS General Event 2103 is logged, perform the recovery steps for a USN Rollback. For more information, see Microsoft Knowledge Base article 875495http://support.microsoft.com/default.aspx?scid=kb;EN-US;875495. If "DSA not writable" equals 2 or if NTDS General event 1393 is logged, check for sufficient free disk space on the physical and virtual partitions that are hosting the Active Directory database and log files. Free up space as required. If "DSA not writable" equals 8, demote and then re-promote the domain controller before it can replicate its bad value to other domain controllers in the forest.
疑難排解 Active Directory 操作失敗 8456 或 8457 時發生錯誤:「來源 |目前拒絕目的伺服器複寫要求」 http://support.microsoft.com/kb/2023007 Troubleshooting Active Directory operations that fail with error 8456 or 8457: "The source | destination server is currently rejecting replication requests" http://support.microsoft.com/kb/2023007