複寫錯誤 8524 DSA 操作程式無法繼續因為 DNS 搜尋Replication error 8524 The DSA operation is unable to proceed because of a DNS lookup failure

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012``

本主題解釋,包括症狀、原因,以及如何解析 Active Directory 複寫錯誤 8524 DSA 操作程式無法繼續因為 DNS 搜尋。This topic explains symptoms, causes and how to resolve Active Directory replication error 8524 The DSA operation is unable to proceed because of a DNS lookup failure.

  1. 症狀Symptoms
  2. 會導致Causes
  3. 解析度Resolutions

症狀Symptoms

  • Active Directory 複寫測試 DCDIAG 報告失敗 8524 狀態:DCDIAG reports that Active Directory Replications test has failed with status 8524:

    Testing server: <sitename><destination DC>
    Starting test: Replications
    [Replications Check,<destination DC>] A recent replication attempt failed:
    From <source DC> to <destination dc>
    Naming Context: 
    CN=<DN path for failing directory partition>,DC=Contoso,DC=Com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    
  • REPADMIN 報告的︰ 複寫失敗的狀態 8524。REPADMIN reports that a replication attempt has failed with status 8524. REPADMIN 命令的通常引用 8524 狀態包括但不是限於:REPADMIN commands that commonly cite the 8524 status include but are not limited to:

    • REPADMIN /REPLSUMREPADMIN /REPLSUM
    • REPADMIN /SHOWREPSREPADMIN /SHOWREPS
    • REPADMIN /SHOWREPLREPADMIN /SHOWREPL

      範例 8524 失敗從 REPADMIN /SHOWREPS 如下所示:Sample 8524 failures from REPADMIN /SHOWREPS is shown below:

      Default-First-Site-NameCONTOSO-DC1
      DSA Options: IS_GC 
      Site Options: (none)
      DSA object GUID: e15fc9a1-82f8-4a99-97f2-8e715f06e747
      DSA invocationID: e15fc9a1-82f8-4a99-97f2-8e715f06e747
      = INBOUND NEIGHBORS =
      DC=contoso,DC=com
      Default-First-Site-Name\CONTOSO-DC2 via RPC
      DSA object GUID: 8a7baee5-cd81-4c8c-9c0f-b10030574016
      Last attempt @ YYYY-MM-DD HH:MM:SS failed, result 8524 (0x214c):
      <codeFeaturedElement>The DSA operation is unable to proceed because of a DNS lookup failure.</codeFeaturedElement>
      1 consecutive failure(s).
      Last success @ YYYY-MM-DD HH:MM:SS. 
      <Remainder of /showrepl output truncated> 
      
  • 登入 directory 服務事件登入 NTDS KCC、NTDS 一般或 Microsoft-Windows-ActiveDirectory_DomainService 事件 8524 狀態。NTDS KCC, NTDS General or Microsoft-Windows-ActiveDirectory_DomainService events with the 8524 status are logged in the directory service event log.

    Active Directory 事件通常引用 8524 狀態,包括但不是限於:Active Directory events that commonly cite the 8524 status include but are not limited to:

    事件Event 來源Source 事件字串Event String
    20232023 Microsoft-Windows-ActiveDirectory_DomainServiceMicrosoft-Windows-ActiveDirectory_DomainService 此 directory 伺服器無法複寫變更為下列 directory 遠端伺服器下列 directory 磁碟分割。This directory server was unable to replicate changes to the following remote directory server for the following directory partition.
    16551655 NTDS 一般NTDS General Active Directory 嘗試使用下列的通用通訊,嘗試已失敗。Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
    13081308 NTDS KCCNTDS KCC 下列 directory 服務複製連續嘗試一直無法偵測知識一致性檢查程式 (KCC)。The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.
    18651865 NTDS KCCNTDS KCC 以完成跨越樹網路拓撲無法知識一致性檢查程式 (KCC)。The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. 如此一來,無法從本機網站到達下列清單的網站。As a result, the following list of sites cannot be reached from the local site.
    19251925 NTDS KCCNTDS KCC 建立下列寫入 directory 磁碟分割的連結︰ 複寫失敗。The attempt to establish a replication link for the following writable directory partition failed.
    19261926 NTDS KCCNTDS KCC 嘗試使用下列的參數,無法建立複寫唯讀 directory 磁碟分割的連結。The attempt to establish a replication link to a read-only directory partition with the following parameters failed.

  • 網域控制站登入 NTDS 複寫事件 2087 年和/或 NTDS 複寫事件 2088 年在他們 Directory 服務事件登入。Domain controllers log NTDS Replication event 2087 and/or NTDS Replication event 2088 in their Directory Service event log.

       Log Name: Directory Service
       Source: Microsoft-Windows-ActiveDirectory_DomainService
       Date: <date> <time>
       Event ID: 2087
       Task Category: DS RPC Client
       Level: Error
       Keywords: Classic
       User: ANONYMOUS LOGON
       Computer: <dc name>.<domain name>
       Description: Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
    
       Remainder of event truncated, see MSKB [824449](http://support.microsoft.com/?kbid=824449) for full text.
    
     Log Name: Directory Service
     Source: Microsoft-Windows-ActiveDirectory_DomainService
      Date: <date> <time>
     Event ID: 2088
     Task Category: DS RPC Client
     Level: Warning
     Keywords: Classic
     User: ANONYMOUS LOGON
     Computer: <dc name>.<domain name>
     Description:
     Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
    
     Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest, including logon authentication or access to network resources.
    
     You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
    
     <Remainder of event truncated, see MSKB [824449](http://support.microsoft.com/?kbid=824449) for full text.
    

會導致Causes

錯誤狀態 8524 maps 錯誤字串」無法繼續因為 DNS 搜尋 DSA 作業」。Error Status 8524 maps to error string "The DSA operation is unable to proceed because of a DNS lookup failure." -可能影響 Active Directory 上的所有 DNS 失敗包羅萬象錯誤文章 Windows Server 2003 SP1 網域控制站。- a catch-all error for all possible DNS failures affecting Active Directory on post Windows Server 2003 SP1 domain controllers.

Microsoft-Windows-ActiveDirectory_DomainService 事件 2087 年是合作夥伴事件其他如果網域控制站是無法解析遠端 DC 其會完全 Active Directory 限定 CNAME 記錄引用 8524 狀態的 Active Directory 事件 (._msdcs。) 使用 DNS。Microsoft-Windows-ActiveDirectory_DomainService event 2087 is a partner event to other Active Directory events that cite the 8524 status if an Active Directory domain controller is unable to resolve a remote DC by its fully qualified CNAME record (._msdcs.) using DNS.

成功 NetBIOS 名稱解析來源網域控制站 DNS 名稱解析失敗時,只會發生這種名稱解析回溯時,Microsoft-Windows-ActiveDirectory_DomainService 事件 2088 年是登入。Microsoft-Windows-ActiveDirectory_DomainService event 2088 is logged when a source domain controller is successfully resolved by its NetBIOS name but such name resolution fallback only occurs when DNS name resolution fails.

Active Directory 失敗的 8524 狀態和所有指出 DNS 名稱解析 Microsoft-Windows-ActiveDirectory_DomainService 事件 2088 年或 2087 年事件存在。The presence of the 8524 status and the Microsoft-Windows-ActiveDirectory_DomainService event 2088 or 2087 events all indicate that DNS name resolution is failing Active Directory.

在 [摘要] 時目的地俠是無法解析來源,其 CNAME DC 主機」A」或「AAAA」主機記錄,使用 DNS 登 8524 複寫狀態。In summary, the 8524 replication status is logged when a destination DC is unable to resolve the source DC by its CNAME and Host "A" or Host "AAAA" records using DNS. 特定的根本原因包括:Specific root causes include:

  1. 來源俠],或不存在,但其 NTDS 設定物件仍然存在目的地 Dc 複製 Active directory 中。The source DC is offline, or no longer exists but its NTDS Settings object still exist in the destination DCs copy of Active Directory.
  2. 失敗,無法登記 CNAME 或主機上的記錄一或多個 DNS 伺服器可能是因為登記嘗試的來源或來源 DNS client 設定不指向轉送個主機的 DNS 伺服器,或委派其 _msdcs。< 森林根網域區域和/或主要 DNS 尾碼網域區域。The source DC failed to register the CNAME or host records on one or more DNS Servers either because the registration attempts failed or DNS client settings on the source do not point to DNS Servers that either host, forwarded or delegate its _msdcs.<forest root domain zone and / or primary DNS suffix domain zones.
  3. DNS client 設定目標 DC 未指向主機、向前或委派包含 CNAME 或主機的來源 DC 記錄 DNS 區域的 DNS 伺服器。DNS client settings on the destination DC do not point to DNS Servers that either host, forward or delegate the DNS zones containing the CNAME or host records for the source DC.
  4. CNAME 和主機記錄登記來源俠不存在於查詢目的 DC 因為簡單複寫延遲、︰ 複寫失敗或區域傳輸失敗的 DNS 伺服器。CNAME and host records registered by the source DC do not exist on DNS servers queried by the destination DC due to simple replication latency, a replication failure or a zone transfer failure.
  5. 無效的轉送程式或委派,無法目的 DC 解析記錄 CNAME 或主機的網域控制站在森林中的其他網域中。Invalid forwarders or delegations are preventing the destination DC from resolving CNAME or Host records for DCs in other domains in the forest. 目的地 DC 來源俠或中繼 DNS 伺服器,使用 DNS 伺服器無法正常運作。DNS Servers used by destination DC, source DC or intermediate DNS Servers are not functioning properly.

解析度Resolutions

請確認 8524 是否因離線俠或過時俠中繼資料Verify whether the 8524 is caused by an offline DC or stale DC metadata

如果 8524 錯誤 / 事件是指 DC 這是目前離線,但仍然有效 DC 森林中的,進行操作。If the 8524 error / event refers to a DC that is currently offline but still a valid DC in the forest, make it operational.

如果 8524 錯誤 / 事件指的是非使用中 DC-俠安裝,在網路上已不存在,但其 NTDS 設定物件仍然存在目的地 Dc 複本 Active Directory 中-從目的地 Dc 複本 Active Directory DC 的過時中繼資料中移除。If the 8524 error / event refers to an inactive DC - a DC install that no longer exists on the network but whose NTDS Settings object still exists in the destination DCs copy of Active Directory - remove the stale metadata for that DC from the destination DCs copy of Active Directory.

Microsoft 客服支援定期尋找過時中繼資料不存在 Dc 或從具有相同名稱的電腦尚未移除 Active directory DC 的上一個促銷過時中繼資料。Microsoft CSS regularly finds stale metadata for nonexistent DCs, or stale metadata from previous promotions of a DC with the same computer name that has not been removed from Active Directory.

如果有的話,請移除過時俠中繼資料Remove stale DC metadata if present

清除 GUI 中繼資料使用 Active Directory 網站和服務 (DSSITE.MSC): 1。GUI Metadata Cleanup using Active Directory Sites and Services (DSSITE.MSC): 1. [開始] 的 Windows 2008 或 Windows Server 2008 R2 或 W2K8 R2 Active Directory 網站和服務] 嵌入式管理單元 (DSSITE.MSC)。Start the Windows 2008 or Windows Server 2008 R2 or W2K8 R2 Active Directory Sites and Services snap-in (DSSITE.MSC).

     This can also be done by starting the Active Directory Sites and Services on a Windows Vista or Windows 7 computer that has been installed as part of the Remote Server Administration Tools (RSAT) package.
  2. Focus the DSSITE.MSC snap-in on the *destination* DCs copy of Active Directory.

     After starting DSSITE.MSC, right click on the <ui>Active Directory Sites and Services <DC Name>. Select the destination DC that is logging the 8524 error / event from the list of DCs visible in the <ui>Change Domain Controller list.
  3. Delete the source DCs NTDS Settings object referenced in the 8524 errors and events. Active Directory Users and Computers (DSA.MSC) snap-in and delete either the source DCs NTDS Settings object.

     A DCs NTDS Settings object appears below the Sites, Site Name, Servers container and %server name% container and above the inbound connection object displayed in in the right-hand pane of Active Directory Sites and Services. Right click on the stale NTDS Settings object you want to remove then click <ui>Delete</ui>.

中繼資料清除您也可以執行 Windows Server 2008 或 Windows Server 2008 R2 的 Active Directory 使用者版本與電腦嵌入式管理單元如中所述全新向上伺服器中繼資料,或使用 NTDSUTIL (MSKB 中216498Metadata cleanup can also be performed from the Windows Server 2008 or Windows Server 2008 R2 version of Active Directory Users and Computers snap-in as documented in Clean Up Server Metadata, or by using NTDSUTIL (documented in MSKB 216498.

執行 DCDIAG//TEST: DNS 來源 DC + 目的地俠上的。Run DCDIAG /TEST:DNS on the source DC + destination DC.

DCDIAG//TEST: DNS 執行 7 不同的測試,以快速地檢查 DNS 網域控制站的健康狀態。DCDIAG /TEST:DNS performs 7 different tests to quickly vet the DNS health of a domain controller. 此測試不是執行 DCDIAG 執行預設的一部分。This test is NOT run as part of the default execution of DCDIAG.

  1. 登入以企業的系統管理員認證登入 8524 事件目的地網域控制站在主機。Log onto the console of the destination domain controllers logging the 8524 events with Enterprise Admin credentials.
  2. 打開系統管理員權限的 CMD 提示並執行「DCDIAG//TEST:登入 8424 狀態俠 DNS /F 及來源 DC 目的 DC 複寫從。Open an administrative privileged CMD prompt and run "DCDIAG /TEST:DNS /F on the DC logging the 8424 status AND the source DC that the destination DC is replicating from. 若要執行 DCDIAG 針對所有的網域控制站森林中,輸入「DCDIAG//TEST: DNS /V /E /F:<File name.txt>來執行特定俠類型 DCDIAG 測試:DNS「DCDIAG//TEST: DNS /V /S: /F:To run DCDIAG against all DCs in a forest, type "DCDIAG /TEST:DNS /V /E /F:<File name.txt> To run DCDIAG TEST:DNS against a specific DC type "DCDIAG /TEST:DNS /V /S: /F:<File name.txt>
  3. 找出表格結尾的 DCDIAG//TEST 摘要:DNS 輸出。Locate the summary table at the end of the DCDIAG /TEST:DNS output. 找出並協調警告或失敗條件相關網域控制站的報告。Identify and reconcile warning or failure conditions on the relevant DCs of the report.
  4. 如果 DCDIAG 無法辨識的根本原因,需要「長操作方式」步驟。If DCDIAG does not identify the root cause, take "the long way around" using the steps below.

檢查使用 PING Active Directory 名稱解析Check Active Directory Name Resolution using PING

目的地 Dc 解析來源網域控制站在 DNS 他們完整 CNAME 記錄這來自物件遠端 Dc NTDS 設定物件(家長物件連接物件可見 Active Directory 網站和服務] 嵌入式管理單元)的 GUID。Destination DCs resolve source DCs in DNS by their fully qualified CNAME records which are derived from the object GUID of the remote DCs NTDS Settings object (the parent object to connection objects visible in the Active Directory Sites and Services snap-in). 您可以測試解析來源指定網域控制站能力俠完整 CNAME 記錄使用 PING 命令。You can test a given DCs ability to resolve a source DC fully qualified CNAME record using the PING command.

  1. 來源 Dc 複本 Active Directory 中找到 objectguid 來源物件網域控制站 NTDS 設定的資訊。Locate the objectGUID of the source DCs NTDS Settings object in the source DCs copy of Active Directory.

    從 DC 8524 錯誤登入的來源的「主控台日事件、類型:From the console of the source DC logging the 8524 error / event, type:

    c:\>repadmin /showreps <fully qualified hostname of <source> DC cited in the 8524 error / event >
    

    例如,DC 中所參照 8524 錯誤日事件 contoso-DC2 contoso.com 網域型中:For example, if the DC referenced in the 8524 error/event is contoso-DC2 in the contoso.com domain type:

    c:\>repadmin /showreps contoso-dc2.contoso.com
    

    「DSA 物件 GUID」中的欄位標頭 /SHOWREPS 命令包含 objectguid 資訊來源網域控制站的NTDS 設定物件。The "DSA Object GUID" field in the header of the /SHOWREPS command contains the objectGUID of the source DCs current NTDS settings object. 使用它 NTDS 設定物件網域控制站檢視原始檔複製很慢或失敗。Use the source DCs view of its NTDS Settings Object in case replication is slow or failing. Repadmin 輸出標頭看起來像:The header of the repadmin output will look something like:

    Default-First-Site-Name\CONTOSO-DC1
    DSA Options: IS_GC 
    Site Options: (none)
    DSA object GUID: 8a7baee5-cd81-4c8c-9c0f-b10030574016
    

    以滑鼠右鍵按一下複製 GUID 並將它貼到 PING 命令步驟 d 的這份清單中。Right-click and copy the GUID and paste it into the PING command in step d of this list.

  2. 找出 objectguid 資訊來源俠中的Active Directory 網域控制站的複本。Locate the ObjectGUID of the source DC in the DCs copy of Active Directory.

    從登入 8524 錯誤俠目的地的主機日事件、類型:c:\>repadmin /showreps <fully qualified hostname of <destination> DC>>From the console of the destination DC logging the 8524 error / event, type: c:\>repadmin /showreps <fully qualified hostname of <destination> DC>>

    例如,如果登入 8524 錯誤俠 / 事件是 contoso lax-dc1 contoso.com 網域型中:c:\>repadmin /showreps contoso-dc1.contoso.comFor example, if the DC logging 8524 error / event is contoso-DC1 in the contoso.com domain type: c:\>repadmin /showreps contoso-dc1.contoso.com

    REPADMIN /SHOWREPS 輸出如下所示。REPADMIN /SHOWREPS output is shown below. 「DSA 物件 GUID] 欄位會列出每個來源俠目的 DC 輸入從複製。The "DSA Object GUID" field is listed for each source DC the destination DC inbound replicates from.

    c:\>repadmin /showreps contoso-dc1.contoso.com
    Default-First-Site-Name\CONTOSO-DC1
    DSA Options: IS_GC 
    Site Options: (none)
    DSA object GUID: e15fc9a1-82f8-4a99-97f2-8e715f06e747
    DSA invocationID: e15fc9a1-82f8-4a99-97f2-8e715f06e747 
    ==== INBOUND NEIGHBORS ======================================
    DC=contoso,DC=com
    Default-First-Site-Name\CONTOSO-DC2 via RPC
    DSA object GUID: 8a7baee5-cd81-4c8c-9c0f-b10030574016 <- Object GUID for source DC derived from
    Last attempt @ 2010-03-24 15:45:15 failed, result 8524 (0x214c): \ destination DCs copy of Active Directory
    The DSA operation is unable to proceed because of a DNS lookup failure.
    23 consecutive failure(s).
    Last success @ YYYY-MM-DD HH:MM:SS.
    
  3. 比較步驟物件 GUID 和步驟 b。Compare the object GUID from step a and step b.

    如果物件 GUID 都相同,然後來源俠和目的地俠知道來源 DC 相同實例(相同促銷)。If the object GUIDS are the same, then the source DC and destination DC know about the same instantiation (the same promotion) of the source DC. 如果有不同,請圖人員哪一種建立稍後。If they are different then figure who which one was created later. 使用較早建立的日期和 NTDS 設定物件可能過時並應該移除。The NTDS setting object with the earlier create date is likely stale and should be removed.

  4. PING 來源 DC,它有完整 CNAME。PING the source DC by its fully qualified CNAME.

    目的地俠主機,從測試的來源的完整網域控制站 CNAME 記錄 PING 的 Active Directory 名稱解析:c:\>ping <ObjectGUID from source DCs NTDS Settings object._msdcs.<DNS name for Active Directory forest root domain>From the console of the destination DC, test Active Directory's name resolution with a PING of the source DCs fully qualified CNAME record: c:\>ping <ObjectGUID from source DCs NTDS Settings object._msdcs.<DNS name for Active Directory forest root domain>

    我們 8a7baee5-cd81-4c8c-9c0f-b10030574016 objectguid 資訊的範例從 repadmin /showreps lax-dc1 以 contoso 網域中的 DC contoso.com 從輸出以上,則 PING 語法為:c:\>ping 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.comUsing our example of the 8a7baee5-cd81-4c8c-9c0f-b10030574016 objectGUID from the repadmin /showreps output above from the contoso-dc1 DC in the contoso.com domain, the PING syntax would be: c:\>ping 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.com

    如果 PING 成功,請再試一次 Active Directory 中的操作失敗。If PING works, retry the failing operation in Active Directory. 如果 PING 失敗時,請前往「解析 8524 DNS 查詢失敗」,但在每個步驟之後重試 PING 測試,直到它解析。If PING fails, proceed to the "Resolve the 8524 DNS lookup failure" but retrying the PING test after each step until it resolves.

解析 8524 DNS 查詢錯誤:「長操作方式]Resolve the 8524 DNS lookup failure: "The long way around"

如果 8524 錯誤 / 事件不造成過時俠中繼資料和 CNAME PING 測試失敗,對 DNS 健康來源 DC、目的 DC 和來源和目的地的網域控制站所使用的 DNS 伺服器。If the 8524 error / events are not caused by stale DC metadata and the CNAME PING test fails, vet the DNS health of the source DC, the destination DC and the DNS Servers used by the source and destination DCs. 在 [摘要] 確認:In summary, verify that:

  • 來源 DC 具有有效的 dns 登記 CNAME 和主機記錄。The source DC has registered the CNAME and host records with a valid DNS.
  • 目的地俠指向有效的 DNS 伺服器。The destination DC points to valid DNS Servers.
  • 來源 Dc 來進行登記感興趣的目的地網域控制站的解析。That the records of interest registered by source DCs are resolvable by destination DCs.

錯誤訊息文字 DS RPC Client 事件 2087 年中的文件使用者解析 8524 錯誤的動作。The error message text in DS RPC Client event 2087 documents a user action for resolving the 8524 error. 遵循更詳細的動作計劃。A more detailed action plan follows.

請確認來源 DC 指向有效的 DNS 伺服器Verify that the source DC points to valid DNS Servers

來源俠,確認該 DNS Client 設定點專屬來操作 DNS 伺服器,或是向前裝載委派:On the source DC, verify that DNS Client settings point exclusively to operational DNS Severs that either host, forward or delegate the:

  • _msdcs。_msdcs. (也就是所有 Dc _msdcs。contoso.com 區域中 contoso.com 樹系登記 CNAME 記錄)、區及zone (i.e. All DCs in the contoso.com forest register CNAME records in the _msdcs.contoso.com zone), AND
  • (也就是 contoso.com 網域中的電腦會在主機記錄在登記 contoso.com 區域)Active Directory domain,DNS 區域及The DNS zone for the Active Directory domain (i.e. a computer in the contoso.com domain would register host records in in contoso.com zone), AND
  • 電腦主要 DNS 尾碼網域如果不同的 Active Directory 網域名稱 (查看斷續命名空間)。The computers primary DNS suffix domain if different from the Active Directory domain name (see Disjoint Namespace).

驗證的 DNS 伺服器向前主控或委派(亦即「可以解析」)的選項包含的此類區域:-dns 開始 DNS 管理工具,並確認 DNS 伺服器的名稱解析指向來源 DC 裝載有問題的區域。Options to validate that a DNS Server hosts, forwards or delegates (i.e. "can resolve") such zones include: - Start the DNS management tool for your DNS and verify that the DNS Servers that the source DC points to for name resolution host the zones in question. -使用 NSLOOKUP,以確認所有 DNS 伺服器來源 DC 指向可以解析查詢的 DNS 有問題。- Use NSLOOKUP to verify that all of the DNS Servers that the source DC points to can resolve queries for the DNS zones in question. IPCONFIG//ALL 執行的來源 DC 主機:Run IPCONFIG /ALL on the console of the source DC:

c:\>ipconfig /all
DNS Servers . . . . . . . . . . . : 192.0.2.99 <- Primary DNS Server IP>
                                    192.0.2.101<- Secondary DNS Server IP> 
```
Run the following NSLOOKUP queries:
```
c:\>nslookup -type=soa <Source DC DNS domain name> <source DCs primary DNS Server IP >
c:\>nslookup -type=soa < Source DC DNS domain name > <source DCs secondary DNS Server IP >
c:\>nslookup -type=soa <_msdcs.<forest root DNS domain> <source DCs primary DNS Server IP >
c:\>nslookup -type=soa <_msdcs.<forest root DNS domain> <source DCs secondary DNS Server IP >
```
For example, if a DC in the CHILD.CONTOSO.COM domain of the contoso.com forest is configured with the primary and secondary DNS Server IPs "192.0.2.99" and "192.0.2.101", the NSLOOKUP syntax would be:
```
c:\>nslookup -type=soa child.contoso.com 192.0.2.99
c:\>nslookup -type=soa child.contoso.com 192.0.2.101
c:\>nslookup -type=soa _msdcs.contoso.com 192.0.2.99
c:\>nslookup -type=soa _msdcs.contoso.com 192.0.2.101
```

>[!NOTE]
> <span data-ttu-id="72621-214">如果目標的 DNS 有很好轉寄或的 _msdcs 委派,將會正確解析 SOA 查詢 _mscs。contoso.com 區域。<forest root zone>.</span><span class="sxs-lookup"><span data-stu-id="72621-214">The SOA query for the _mscs.contoso.com zone will resolve correctly if the targeted DNS has a good forwarder or delegation for the _msdcs.<forest root zone>.</span></span> <span data-ttu-id="72621-215">這項查詢將不正確解析如果 _msdcs。</span><span class="sxs-lookup"><span data-stu-id="72621-215">This query will not resolve correctly if the _msdcs.</span></span><forest root zone> <span data-ttu-id="72621-216">DNS 伺服器上查詢是非委派子網域的<forest root zone>的區域關係建立 Windows 2000 的網域。</span><span class="sxs-lookup"><span data-stu-id="72621-216">on the DNS Server being queried is a non-delegated sub-domain of <forest root zone> which is the zone relationship created by Windows 2000 domains.</span></span>

> <span data-ttu-id="72621-217">CNAME 記錄隨時都在 _msdcs 登記完畢。<forest root zone>,甚至的網域控制站非根網域中。</span><span class="sxs-lookup"><span data-stu-id="72621-217">CNAME records are always registered in the _msdcs.<forest root zone>, even for DCs in non-root domains.</span></span>

> <span data-ttu-id="72621-218">除非該 ISP 合約(付費)已經過與是目前裝載、轉寄或委派 DNS 查詢 Active Directory 樹系的設定 DC 或成員電腦的 DNS client ISP DNS 伺服器的名稱解析指向不正確。</span><span class="sxs-lookup"><span data-stu-id="72621-218">Configuring the DNS client of a DC or member computer to point to an ISP DNS Server for name resolution is invalid unless that ISP has been contracted (paid) and is currently hosting, forwarding or delegating DNS queries for your Active Directory forest.</span></span>

> <span data-ttu-id="72621-219">通常 ISP DNS 伺服器不接受 DNS 動態更新,可能必須 CNAME、主機和 SRV 記錄手動登記完畢。</span><span class="sxs-lookup"><span data-stu-id="72621-219">ISP DNS Servers typically do not accept dynamic DNS updates so CNAME, Host and SRV records may have to be manually registered.</span></span>

### <a name="verify-that-the-source-dc-has-registered-its-cname-record"></a><span data-ttu-id="72621-220">請確認來源 DC 已經登記完畢其 CNAME 記錄。</span><span class="sxs-lookup"><span data-stu-id="72621-220">Verify that the source DC has registered its CNAME record.</span></span>
<span data-ttu-id="72621-221">使用步驟 1 從「檢查 Active Directory 名稱解析使用 PING」來尋找目前的來源 DC CNAME。</span><span class="sxs-lookup"><span data-stu-id="72621-221">Use step 1 from "Check Active Directory Name Resolution using PING" to locate the current CNAME of the source DC.</span></span>

<span data-ttu-id="72621-222">執行**ipconfig /all**以判斷的 DNS 伺服器俠來源的主機上來源 DC 指向名稱解析。</span><span class="sxs-lookup"><span data-stu-id="72621-222">Run **ipconfig /all** on the console of the source DC to determine which DNS Servers the source DC points to name resolution.</span></span>

c:>ipconfig /all DNS Servers . . . . . . . . . . . : 192.0.2.99 <- Primary DNS Server IP> 192.0.2.101<- Secondary DNS Server IP>


<span data-ttu-id="72621-223">使用 NSLOOKUP 查詢來源網域控制站 CNAME 記錄(程序使用] 核取 Active Directory 名稱解析使用 PING」中找到)的目前的 DNS 伺服器。</span><span class="sxs-lookup"><span data-stu-id="72621-223">Use NSLOOKUP to query the current DNS Servers for the source DCs CNAME record (found by using the procedure in "Check Active Directory Name Resolution using PING").</span></span>

c:>nslookup -type=cname c:>nslookup -type=cname


<span data-ttu-id="72621-224">繼續其中 NTDS 設定 objectguid 資訊,以 contoso-dc2 contoso.com 網域中的是 8a7baee5-cd81-4c8c-9c0f-b10030574016 而為「192.0.2.99「為主要的 DNS 名稱解析 NSLOOKUP 語法指向範例:</span><span class="sxs-lookup"><span data-stu-id="72621-224">Continuing the example where the NTDS Settings objectGUID for contoso-dc2 in the contoso.com domain is 8a7baee5-cd81-4c8c-9c0f-b10030574016 and points to "192.0.2.99" as primary for DNS name resolution, the NSLOOKUP syntax would be:</span></span>

c:>nslookup -type=cname 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.com 192.0.2.99 c:>nslookup -type=cname 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.com 192.0.2.101


<span data-ttu-id="72621-225">如果來源 DC 不登記完畢指向的名稱解析,執行下列命令從命令提示字元俠來源的 DNS 伺服器上為 CNAME 記錄再重新 CNAME 記錄的登記:</span><span class="sxs-lookup"><span data-stu-id="72621-225">If the source DC has not registered its CNAME record on the DNS Servers it points to for name resolution, run the following command from the command prompt of the source DC then recheck the registration of the CNAME record:</span></span>

c:>net stop netlogon & net start netlogon


> [!NOTE]
> <span data-ttu-id="72621-226">CNAME 記錄隨時都在 _msdcs 登記完畢。<forest root zone>,針對非根網域中的網域控制站甚至。</span><span class="sxs-lookup"><span data-stu-id="72621-226">CNAME records are always registered in the _msdcs.<forest root zone>, even for DC in non-root domains.</span></span>

> <span data-ttu-id="72621-227">CNAME 記錄的期間,作業系統系統開機,網路登入服務開機和重複間隔執行之後登記網路登入服務。</span><span class="sxs-lookup"><span data-stu-id="72621-227">CNAME records are registered by the Net Logon service during operating system startup, Net Logon service startup and recurring intervals thereafter.</span></span>

> <span data-ttu-id="72621-228">DC 具有相同名稱的每個促銷可能會使用不同的 objectguid 資訊,因此暫存器不同 CNAME 記錄建立新的 NTDS 設定物件。</span><span class="sxs-lookup"><span data-stu-id="72621-228">Each promotion of a DC with the same name may create a new NTDS Settings object with a different objectGUID which therefore registers a different CNAME record.</span></span> <span data-ttu-id="72621-229">請確認登記 CNAME 記錄的基礎 NTDS 設定物件目的地俠 objectguid 資訊與俠來源的最後一個升級,是否已經超過一次升級來源。</span><span class="sxs-lookup"><span data-stu-id="72621-229">Verify registration of the CNAME record based the last promotion of the source DC versus the objectGUID for the NTDS Settings object on the destination DC if the source has been promoted more than once.</span></span>

> <span data-ttu-id="72621-230">在 OS 開機時間問題可能會成功動態 DNS 登記延遲。</span><span class="sxs-lookup"><span data-stu-id="72621-230">Timing issues during OS startup can delay successful Dynamic DNS registration.</span></span>

> <span data-ttu-id="72621-231">如果成功登記完畢網域控制站 CNAME 記錄,但之後會消失,請檢查[區域轉送 delete 錯誤](http://support.microsoft.com/default.aspx?scid=kb;EN-US;953317),複製 DNS 不同複寫範圍或 DNS 伺服器過於積極清除的區域。</span><span class="sxs-lookup"><span data-stu-id="72621-231">If a DCs CNAME record was successfully registered but later disappears, check for the [zone transfer delete bug](http://support.microsoft.com/default.aspx?scid=kb;EN-US;953317), duplicate DNS zones in different replication scopes or overly aggressive scavenging by the DNS Server.</span></span>

> <span data-ttu-id="72621-232">如果使用碼表進行登記 CNAME 失敗的名稱解析,檢視 NETLOGN 系統事件登入的 DNS 登記失敗事件指向來源 DC DNS 伺服器上。</span><span class="sxs-lookup"><span data-stu-id="72621-232">If the CNAME record registration is failing on the DNS servers that the source DC points to for name resolution, review NETLOGN events in the SYSTEM event log for DNS registration failures.</span></span>

### <a name="verify-that-the-source-dc-has-registered-its-host-records"></a><span data-ttu-id="72621-233">請確認來源 DC 已經登記完畢其主機記錄</span><span class="sxs-lookup"><span data-stu-id="72621-233">Verify that the source DC has registered its host records</span></span>
<span data-ttu-id="72621-234">從來源 DC 主控台中,執行**ipconfig /all**若要判斷名稱解析指向來源 DC 的 DNS 伺服器:</span><span class="sxs-lookup"><span data-stu-id="72621-234">From the console of the source DC, run **ipconfig /all** to determine which DNS Servers the source DC points to name resolution:</span></span>

c:>ipconfig /all

DNS Servers . . . . . . . . . . . : 192.0.2.99 <- Primary DNS Server IP> 192.0.2.101<- Secondary DNS Server IP>


<span data-ttu-id="72621-235">使用 NSLOOKUP 查詢主機記錄目前的 DNS 伺服器:</span><span class="sxs-lookup"><span data-stu-id="72621-235">Use NSLOOKUP to query the current DNS Servers for the host record:</span></span>

c:>nslookup -type=A+AAAA c:>nslookup -type=A+AAAA


<span data-ttu-id="72621-236">繼續範例主機 contoso-dc2 contoso.com 網域中的名稱是 8a7baee5-cd81-4c8c-9c0f-b10030574016 和指向自我 (127.0.0.1)NSLOOKUP 語法一樣的 DNS 名稱解析為主要]:</span><span class="sxs-lookup"><span data-stu-id="72621-236">Continuing the example for the hostname for contoso-dc2 in the contoso.com domain is 8a7baee5-cd81-4c8c-9c0f-b10030574016 and points to self (127.0.0.1) as primary for DNS name resolution, the NSLOOKUP syntax would be:</span></span>

c:>nslookup -type=A+AAAA contoso-dc1.contoso.com 192.0.2.99 c:>nslookup -type=A+AAAA contoso-dc1.contoso.com 192.0.2.101


<span data-ttu-id="72621-237">重複執行 NSLOOKUP 命令針對來源 Dc 次要 DNS 伺服器的 IP 位址。</span><span class="sxs-lookup"><span data-stu-id="72621-237">Repeat the NSLOOKUP command against the source DCs secondary DNS Server IP address.</span></span>

<span data-ttu-id="72621-238">如果要動態登記主機「A「記錄,輸入下列從電腦的「主控台:</span><span class="sxs-lookup"><span data-stu-id="72621-238">To dynamically register host "A" records, type the following from the console of the computer:</span></span> ```c:\>ipconfig /registerdns```

> [!NOTE]
> <span data-ttu-id="72621-239">Windows Server 2008 R2 所有的電腦透過 Windows 2000 登記 IPv4 主機「A「記錄。</span><span class="sxs-lookup"><span data-stu-id="72621-239">Windows 2000 through Windows Server 2008 R2 computers all register IPv4 host "A" records.</span></span>

> <span data-ttu-id="72621-240">Windows Server 2008 和 Windows Server 2008 R2 電腦所有登記 IPv6 主機「AAAA「記錄。</span><span class="sxs-lookup"><span data-stu-id="72621-240">Windows Server 2008 and Windows Server 2008 R2 computers all register IPv6 host "AAAA" records.</span></span>

> <span data-ttu-id="72621-241">主機」A」和「AAAA「記錄是在電腦主要 DNS 尾碼區域登記完畢。</span><span class="sxs-lookup"><span data-stu-id="72621-241">Host "A" and "AAAA" records are registered in the computers primary DNS suffix zone.</span></span>

> <span data-ttu-id="72621-242">停用附加網路纜長度不需要的網路介面卡。</span><span class="sxs-lookup"><span data-stu-id="72621-242">Disable network adapters that do not have network cables attached.</span></span>

> <span data-ttu-id="72621-243">停用主機網路介面卡未無障礙網域控制站的使用碼表進行登記與成員網路上的電腦。</span><span class="sxs-lookup"><span data-stu-id="72621-243">Disable host record registration on network adapters that are not accessible DCs and member computers on the network.</span></span>

> <span data-ttu-id="72621-244">不支援停用 IPv6 通訊協定清除網路,在 [控制台] 中的 [IPv6 核取方塊。</span><span class="sxs-lookup"><span data-stu-id="72621-244">It is not supported to disable the IPv6 protocol by clearing the IPv6 checkbox in Networks in Control Panel.</span></span>

### <a name="verify-that-the-destination-dc-points-to-valid-dns-servers"></a><span data-ttu-id="72621-245">請確認目標 DC 指向有效的 DNS 伺服器</span><span class="sxs-lookup"><span data-stu-id="72621-245">Verify that the destination DC points to valid DNS Servers</span></span>

<span data-ttu-id="72621-246">目的地俠,請確認該 DNS Client 設定點*專屬*來操作 DNS 伺服器,或是向前裝載委派:</span><span class="sxs-lookup"><span data-stu-id="72621-246">On the destination DC, verify that DNS Client settings point *exclusively* to operational DNS Severs that either host, forward or delegate the:</span></span>

- <span data-ttu-id="72621-247">_msdcs。</span><span class="sxs-lookup"><span data-stu-id="72621-247">_msdcs.</span></span><forest root domain> <span data-ttu-id="72621-248">(也就是所有 Dc _msdcs。contoso.com 區域中 contoso.com 樹系登記 CNAME 記錄)、區及</span><span class="sxs-lookup"><span data-stu-id="72621-248">zone (i.e. All DCs in the contoso.com forest register CNAME records in the _msdcs.contoso.com zone), AND</span></span>
- <span data-ttu-id="72621-249">(也就是 contoso.com 網域中的電腦會在主機記錄在登記 contoso.com 區域)Active Directory domain,DNS 區域及</span><span class="sxs-lookup"><span data-stu-id="72621-249">The DNS zone for the Active Directory domain (i.e. a computer in the contoso.com domain would register host records in in contoso.com zone), AND</span></span>
- <span data-ttu-id="72621-250">電腦主要 DNS 尾碼網域如果不同的 Active Directory 網域名稱 (查看[斷續命名空間](http://technet.microsoft.com/library/cc731125.aspx)</span><span class="sxs-lookup"><span data-stu-id="72621-250">The computers primary DNS suffix domain if different from the Active Directory domain name (see [Disjoint Namespace](http://technet.microsoft.com/library/cc731125.aspx)</span></span>

<span data-ttu-id="72621-251">驗證的 DNS 伺服器向前主控或委派(亦即「可以解析」)的選項包含的此類區域:</span><span class="sxs-lookup"><span data-stu-id="72621-251">Options to validate that a DNS Server hosts, forwards or delegates (i.e. "can resolve") such zones include:</span></span>

- <span data-ttu-id="72621-252">適用於您的 DNS 開始 DNS 管理工具,並確認 DNS 伺服器的名稱解析指向來源 DC 裝載有問題的區域。</span><span class="sxs-lookup"><span data-stu-id="72621-252">Start the DNS management tool for your DNS and verify that the DNS Servers that the source DC points to for name resolution host the zones in question.</span></span>
- <span data-ttu-id="72621-253">使用 NSLOOKUP,確認所有 DNS 伺服器來源 DC 指向可以解析查詢的 DNS 有問題。</span><span class="sxs-lookup"><span data-stu-id="72621-253">Use NSLOOKUP to verify that all of the DNS Servers that the source DC points to can resolve queries for the DNS zones in question.</span></span>
   <span data-ttu-id="72621-254">IPCONFIG//ALL 執行的來源 DC 主機:</span><span class="sxs-lookup"><span data-stu-id="72621-254">Run IPCONFIG /ALL on the console of the source DC:</span></span>

c:>ipconfig /all

DNS Servers . . . . . . . . . . . : 192.0.2.99 <- Primary DNS Server IP> 192.0.2.101<- Secondary DNS Server IP>


<span data-ttu-id="72621-255">執行下列 NSLOOKUP 查詢:</span><span class="sxs-lookup"><span data-stu-id="72621-255">Run the following NSLOOKUP queries:</span></span>

c:>nslookup -type=soa c:>nslookup -type=soa < Source DC DNS domain name > c:>nslookup -type=soa <_msdcs. c:>nslookup -type=soa <_msdcs.


<span data-ttu-id="72621-256">例如,如果 DC contoso.com 樹系 CHILD.CONTOSO.COM 網域中的主要和次要 DNS 伺服器 IPs」192.0.2.99」和「192.0.2.101」設定,NSLOOKUP 語法為:</span><span class="sxs-lookup"><span data-stu-id="72621-256">For example, if a DC in the CHILD.CONTOSO.COM domain of the contoso.com forest is configured with the primary and secondary DNS Server IPs "192.0.2.99" and "192.0.2.101", the NSLOOKUP syntax would be:</span></span>

c:>nslookup -type=soa child.contoso.com 192.0.2.99 c:>nslookup -type=soa child.contoso.com 192.0.2.101 c:>nslookup -type=soa _msdcs.contoso.com 192.0.2.99 c:>nslookup -type=soa _msdcs.contoso.com 192.0.2.101


> [!NOTE]
> <span data-ttu-id="72621-257">如果目標的 DNS 有很好轉寄或委派或 _msdcs,將會正確解析 SOA 查詢 _mscs。contoso.com 區域。<forest root zone>.</span><span class="sxs-lookup"><span data-stu-id="72621-257">The SOA query for the _mscs.contoso.com zone will resolve correctly if the targeted DNS has a good forwarder or delegation or for the _msdcs.<forest root zone>.</span></span> <span data-ttu-id="72621-258">這項查詢將不正確解析如果 _msdcs。</span><span class="sxs-lookup"><span data-stu-id="72621-258">This query will not resolve correctly if the _msdcs.</span></span><forest root zone> <span data-ttu-id="72621-259">DNS 伺服器上查詢是非委派子網域的<forest root zone>的區域關係建立 Windows 2000 的網域。</span><span class="sxs-lookup"><span data-stu-id="72621-259">on the DNS Server being queried is a non-delegated sub-domain of <forest root zone> which is the zone relationship created by Windows 2000 domains.</span></span>

> <span data-ttu-id="72621-260">CNAME 記錄隨時都在 _msdcs 登記完畢。<forest root zone>,甚至的網域控制站非根網域中。</span><span class="sxs-lookup"><span data-stu-id="72621-260">CNAME records are always registered in the _msdcs.<forest root zone>, even for DCs in non-root domains.</span></span>

> <span data-ttu-id="72621-261">除非該 ISP 合約(付費)已經過與是目前裝載、轉寄或委派 DNS 查詢 Active Directory 樹系的設定 DC 或成員電腦的 DNS client ISP DNS 伺服器的名稱解析指向不正確。</span><span class="sxs-lookup"><span data-stu-id="72621-261">Configuring the DNS client of a DC or member computer to point to an ISP DNS Server for name resolution is invalid unless that ISP has been contracted (paid) and is currently hosting, forwarding or delegating DNS queries for your Active Directory forest.</span></span>

> <span data-ttu-id="72621-262">通常 ISP DNS 伺服器不接受 DNS 動態更新,可能必須 CNAME、主機和 SRV 記錄手動登記完畢。</span><span class="sxs-lookup"><span data-stu-id="72621-262">ISP DNS Servers typically do not accept dynamic DNS updates so CNAME, Host and SRV records may have to be manually registered.</span></span>

> <span data-ttu-id="72621-263">Windows 電腦上的 DNS 解析程式是設計的「自黏「有關使用 DNS 伺服器的回應性查詢,無論是否這類 DNS 伺服器主機,向前或委派所需的區域。</span><span class="sxs-lookup"><span data-stu-id="72621-263">The DNS resolver on the Windows computers is by-design "sticky" about using DNS servers that are responsive to queries, regardless of whether such DNS Servers host, forward or delegate the required zones.</span></span> <span data-ttu-id="72621-264">簡化,DNS 解析程式會不容錯和查詢其他 DNS 伺服器,只要作用中的 DNS 伺服器回應,即使 DNS 伺服器的回應指出正在查詢或甚至主機一份適用於該筆區域記錄未裝載。</span><span class="sxs-lookup"><span data-stu-id="72621-264">Restated, the DNS resolver will not fail over and query another DNS server as long as the active DNS server is responsive, even if the response from the DNS Server indicates that it does not host the record being queried or even host a copy of the zone for that record.</span></span>

> <span data-ttu-id="72621-265">除非該 ISP 已合約(付費)向前主機或委派 DNS 查詢 Active Directory 樹系的設定 DC 或成員電腦的 DNS client ISP DNS 伺服器的名稱解析指向不正確。</span><span class="sxs-lookup"><span data-stu-id="72621-265">Configuring the DNS client of a DC or member computer to point to an ISP DNS Server for name resolution is invalid unless that ISP has been contracted (paid) to host, forward or delegate DNS queries for your Active Directory forest.</span></span>

### <a name="verify-that-the-dns-server-used-by-the-destination-dc-can-resolve-the-source-dcs-cname-and-host-records"></a><span data-ttu-id="72621-266">確認可以解析網域控制站 CNAME 和主機記錄目標 DC 使用 DNS 伺服器</span><span class="sxs-lookup"><span data-stu-id="72621-266">Verify that the DNS Server used by the destination DC can resolve the source DCs CNAME and HOST records</span></span>
<span data-ttu-id="72621-267">從的目標 DC 主控台中,執行「ipconfig /all」來判斷的 DNS 伺服器的目標 DC 指向名稱解析為:</span><span class="sxs-lookup"><span data-stu-id="72621-267">From the console of the destination DC, run "ipconfig /all" to determine which DNS Servers that destination DC points to for name resolution:</span></span>

c:>ipconfig /all

DNS Servers . . . . . . . . . . . : 192.0.2.102 <- Primary DNS Server IP> 192.0.2.103<- Secondary DNS Server IP>


<span data-ttu-id="72621-268">從俠目的地的「主控台中,使用查詢 DNS 伺服器上來源的目的地 DC 網域控制站 cname 和主機記錄設定 NSLOOKUP:</span><span class="sxs-lookup"><span data-stu-id="72621-268">From the console of the destination DC, use NSLOOKUP to query the DNS Servers configured on the destination DC for the source DCs cname and host records:</span></span>

c:>nslookup -type=cname c:>nslookup -type=cname c:>nslookup -type=host c:>nslookup -type=host


<span data-ttu-id="72621-269">繼續位置 contoso-dc2 contoso.com 網域中的樹系 Contoso.com 根網域中的 GUID 8a7baee5-cd81-4c8c-9c0f-b10030574016 指向 DNS 伺服器] 192.0.2.102」和「192.0.2.103」的範例,則 NSLOOKUP 語法為:</span><span class="sxs-lookup"><span data-stu-id="72621-269">Continuing the example where contoso-dc2 in the contoso.com domain with GUID 8a7baee5-cd81-4c8c-9c0f-b10030574016 in the Contoso.com forest root domain points to DNS Servers "192.0.2.102" and "192.0.2.103", the NSLOOKUP syntax would be:</span></span>

c:>nslookup -type=cname 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.com 192.0.2.102 c:>nslookup -type=cname 8a7baee5-cd81-4c8c-9c0f-b10030574016._msdcs.contoso.com 192.0.2.103 c:>nslookup -type=A+AAAA contoso-dc1.contoso.com 192.0.2.102 c:>nslookup -type=A+AAAA contoso-dc1.contoso.com 192.0.2.102


### <a name="review-the-relationship-between-the-dns-servers-used-by-the-source-and-destination-dcs"></a><span data-ttu-id="72621-270">檢視原始檔和目的地資訊網域控制站所使用的 DNS 伺服器之間的關係</span><span class="sxs-lookup"><span data-stu-id="72621-270">Review the relationship between the DNS Servers used by the source and destination DCs</span></span>
<span data-ttu-id="72621-271">如果來源和目的地主機所使用的 DNS 伺服器 _msdcs AD 整合複本。</span><span class="sxs-lookup"><span data-stu-id="72621-271">If the DNS Servers used by the source and destination host AD-integrated copies of the _msdcs.</span></span><forest root> <span data-ttu-id="72621-272">以及<primary DNS suffix>區域,檢查是否有:</span><span class="sxs-lookup"><span data-stu-id="72621-272">and <primary DNS suffix> zones, check for:</span></span>

- <span data-ttu-id="72621-273">位置記錄已經登記完畢 DNS 之間位置查詢記錄時 DNS 複寫延遲。</span><span class="sxs-lookup"><span data-stu-id="72621-273">Replication latency between the DNS where the record was registered and the DNS where the record is being queried.</span></span>
- <span data-ttu-id="72621-274">查詢 DNS 係記錄 DNS 之間︰ 複寫失敗。</span><span class="sxs-lookup"><span data-stu-id="72621-274">A replication failure between the DNS where the record is registered and the DNS being queried.</span></span> 
- <span data-ttu-id="72621-275">裝載感興趣的領域記錄 DNS 區域所在在不同的複寫範圍,因此不同內容,或為 CNF / 上一或多個 Dc 衝突受損</span><span class="sxs-lookup"><span data-stu-id="72621-275">The DNS zone hosting the record of interest resides in different replication scopes and therefore different contents, or is CNF / conflict-mangled on one or more DCs</span></span>

<span data-ttu-id="72621-276">如果來源使用 DNS 區域目的地俠會儲存在 [主要和次要 DNS 區域的複本,檢查:</span><span class="sxs-lookup"><span data-stu-id="72621-276">If the DNS zones used by the source and destination DC are stored in primary and secondary copies of DNS zones, check for:</span></span>
- <span data-ttu-id="72621-277">主控主要份區域 dns 不是支援「允許區域傳輸」的核取方塊</span><span class="sxs-lookup"><span data-stu-id="72621-277">The "allow zone transfers" checkbox is not enabled on the DNS that hosts the primary copy of the zone</span></span>
- <span data-ttu-id="72621-278">」只下列伺服器」功能的是核取方塊,但在次要 DNS 的 IP 位址未新增到允許清單上主要 DNS</span><span class="sxs-lookup"><span data-stu-id="72621-278">The "Only the following servers" checkbox is enabled but the IP address of the secondary DNS has not been added to the allow list on the primary DNS</span></span> 
- <span data-ttu-id="72621-279">在 Windows Server 2008 DNS 裝載區域第二份 DNS 區域是因為 MSKB 空白[953317](http://support.microsoft.com/default.aspx?scid=kb;EN-US;953317)。</span><span class="sxs-lookup"><span data-stu-id="72621-279">The DNS zone on the Windows Server 2008 DNS hosting the secondary copy of the zone is empty due to MSKB [953317](http://support.microsoft.com/default.aspx?scid=kb;EN-US;953317).</span></span>

<span data-ttu-id="72621-280">如果您使用的 DNS 伺服器來源和目的地俠有父/子女的關係,檢查是否有:</span><span class="sxs-lookup"><span data-stu-id="72621-280">If the DNS servers used by the source and destination DC have parent / child relationships, check for:</span></span>
- <span data-ttu-id="72621-281">擁有委派給附屬區域父系區域 dns 無效委派</span><span class="sxs-lookup"><span data-stu-id="72621-281">Invalid delegations on the DNS that owns the parent zone that is delegating to the subordinate zone</span></span>
- <span data-ttu-id="72621-282">無效的轉寄嘗試解析更好的 DNS 區域的 DNS 伺服器上的 IP 位址 (範例:在嘗試解析位於根網域中的 DNS 伺服器 conto.com 區域中的主機記錄 child.contoso.com DC)。</span><span class="sxs-lookup"><span data-stu-id="72621-282">Invalid forwarder IP addresses on the DNS server trying to resolve the superior DNS zone (example: a DC in child.contoso.com trying to resolve host records in conto.com zone residing on DNS Servers in the root domain).</span></span>