Active Directory 複寫問題進行疑難排解Troubleshooting Active Directory Replication Problems

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Active Directory 複寫問題可以有數個不同的來源。Active Directory replication problems can have several different sources. 例如,網域名稱系統」(DNS) 的問題、網路問題或安全性問題所有造成 Active Directory︰ 複寫失敗。For example, Domain Name System (DNS) problems, networking issues, or security problems can all cause Active Directory replication to fail.

本主題中的其餘部分解釋工具和方法一般修正 Active Directory 複寫錯誤。The rest of this topic explains tools and a general methodology to fix Active Directory replication errors. 實際實驗室示範如何疑難排解複寫 Active Directory 的問題,請查看TechNet Virtual Lab: Active Directory 複寫錯誤疑難排解For a hands-on lab that demonstrates how to troubleshoot Active Directory replication problems, see TechNet Virtual Lab: Troubleshooting Active Directory Replication Errors

下列主題實體鍵盤保護蓋包括症狀、原因,以及如何解析特定複寫錯誤:The following subtopics cover symptoms, causes, and how to resolve specific replication errors:

修正複寫延遲物件問題 (事件 Id 1388,1988,2042 年)Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)

修正複寫安全性問題Fixing Replication Security Problems

修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年)Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)

修正複寫連接問題 (263 1925 年)Fixing Replication Connectivity Problems (Event ID 1925)

修正複寫拓撲問題 (263 1311 年)Fixing Replication Topology Problems (Event ID 1311)

確認支援 Directory 複寫 DNS 功能Verify DNS Functionality to Support Directory Replication

複製錯誤 8614 Active Directory 無法複寫洽詢,因為自上次複寫伺服器的時間有超過標記期間Replication error 8614 The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime

複寫錯誤 8524 DSA 操作程式無法繼續因為 DNS 搜尋Replication error 8524 The DSA operation is unable to proceed because of a DNS lookup failure

複製錯誤 8456 或 8457 來源 |目前目的伺服器拒絕複寫要求Replication error 8456 or 8457 The source | destination server is currently rejecting replication requests

複寫錯誤 8453 複寫被存取Replication error 8453 Replication access was denied

複製錯誤 8452 命名操作正被移除或不會從指定的伺服器複寫Replication error 8452 The naming context is in the process of being removed or is not replicated from the specified server

複製錯誤 5 存取Replication error 5 Access is denied

複製錯誤-2146893022 目標主體名稱不正確Replication error -2146893022 The target principal name is incorrect

複製錯誤 1753 年有的端點對應程式提供更多端點Replication error 1753 There are no more endpoints available from the endpoint mapper

不是可用複寫錯誤 1722 RPC 伺服器Replication error 1722 The RPC server is unavailable

複製錯誤 1396 年登入失敗目標帳號不正確Replication error 1396 Logon Failure The target account name is incorrect

複寫錯誤 1256 年遠端系統不是可用Replication error 1256 The remote system is not available

複寫時發生錯誤 1127 年存取硬碟磁碟操作失敗重試更後Replication error 1127 While accessing the hard disk, a disk operation failed even after retries

複製錯誤 8451 複寫操作發生資料庫錯誤Replication error 8451 The replication operation encountered a database error

已給予複寫屬性時發生錯誤 8606 不足,無法建立物件Replication error 8606 Insufficient attributes were given to create an object

程式設計和疑難排解複寫 Active Directory 資源Introduction and resources for troubleshooting Active Directory replication

輸入或輸出︰ 複寫失敗造成 Active Directory 物件代表複寫拓撲、複寫排程、網域控制站、使用者、電腦、密碼、安全性群組、群組成員資格和為網域控制站之間一致的群組原則。Inbound or outbound replication failure causes Active Directory objects that represent the replication topology, replication schedule, domain controllers, users, computers, passwords, security groups, group memberships, and Group Policy to be inconsistent between domain controllers. Directory 不一致,︰ 複寫失敗造成操作失敗或不一致的結果,根據網域控制站的連絡作業,可以使應用程式的群組原則及存取控制權限。Directory inconsistency and replication failure cause either operational failures or inconsistent results, depending on the domain controller that is contacted for the operation, and can prevent the application of Group Policy and access control permissions. Active Directory Domain Services (AD DS) 網路連接、名稱解析、驗證和授權、directory 資料庫、複寫拓撲,以及定複寫引擎。Active Directory Domain Services (AD DS) depends on network connectivity, name resolution, authentication and authorization, the directory database, the replication topology, and the replication engine. 當不顯而易見複寫問題的根本原因時,判斷的原因很多可能的原因之間需要一抵銷的可能原因。When the root cause of a replication problem is not immediately obvious, determining the cause among the many possible causes requires systematic elimination of probable causes.

UI 架構監視複寫及診斷錯誤協助工具,請查看Active Directory 複寫狀態工具For a UI-based tool to help monitor replication and diagnose errors, see Active Directory Replication Status Tool. 另外還有手動實驗室來示範如何使用 Active Directory 複寫狀態及其他工具,來疑難排解錯誤。There is also a hands-on lab that demonstrates how to use Active Directory Replication Status and other tools to troubleshoot errors.

適用於完整的文件,告訴您如何使用疑難排解 Active Directory Repadmin 工具複寫可;查看監視和疑難排解 Active Directory 複寫使用 RepadminFor a comprehensive document that describes how you can use the Repadmin tool to troubleshoot Active Directory replication is available; see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

複寫 Active Directory 的運作方式的相關資訊,會看到以下技術參考:For information about how Active Directory replication works, see the following technical references:

事件和工具方案建議Event and tool solution recommendations

最好的紅色(錯誤)和黃色(警告)事件 Directory 服務事件登入建議造成︰ 複寫失敗來源或目的網域控制站的特定限制。Ideally, the red (Error) and yellow (Warning) events in the Directory Service event log suggest the specific constraint that is causing replication failure on the source or destination domain controller. 如果事件訊息建議方案的步驟,請嘗試的步驟操作事件中所述。If the event message suggests steps for a solution, try the steps that are described in the event. Repadmin 工具及其他診斷工具也會提供資訊,可協助您解析︰ 複寫失敗。The Repadmin tool and other diagnostic tools also provide information that can help you resolve replication failures.

適用於使用 Repadmin 複寫問題進行疑難排解的詳細資訊,請查看監視和疑難排解 Active Directory 複寫使用 RepadminFor detailed information about using Repadmin for troubleshooting replication problems, see Monitoring and Troubleshooting Active Directory Replication Using Repadmin.

查看刻意受到干擾或硬體故障 rulingRuling out intentional disruptions or hardware failures

有時會發生因為刻意受到干擾複寫錯誤。Sometimes replication errors occur because of intentional disruptions. 例如,當您執行疑難排解複寫 Active Directory 的問題,排除刻意中斷及硬體故障或升級第一次。For example, when you troubleshoot Active Directory replication problems, rule out intentional disconnections and hardware failures or upgrades first.

刻意中斷Intentional disconnections

如果複寫錯誤報告網域控制站已嘗試複製的網域控制站在臨時的網站已建置,且目前離線最終 production 網站(遠端網站,例如分公司)中的 deployment 使用者熱切地等待,您可以負責那些複寫錯誤。If replication errors are reported by a domain controller that is attempting replication with a domain controller that has been built in a staging site and is currently offline awaiting its deployment in the final production site (a remote site, such as a branch office), you can account for those replication errors. 若要避免分隔網域控制站從複寫拓撲長的時間,使得連續錯誤之前的網域控制站已重新連接,請考慮將新增這類電腦最初成員伺服器為使用安裝媒體 (IFM) 方法從安裝 Active Directory Domain Services (AD DS)。To avoid separating a domain controller from the replication topology for extended periods, which causes continuous errors until the domain controller is reconnected, consider adding such computers initially as member servers and using the install from media (IFM) method to install Active Directory Domain Services (AD DS). 您可以使用 Ntdsutil 命令列工具來建立安裝媒體,您可以在抽取式媒體(CD、DVD 或其他媒體)和目的地網站出貨。You can use the Ntdsutil command-line tool to create installation media that you can store on removable media (CD, DVD, or other media) and ship to the destination site. 然後,您可以使用安裝媒體的網站,而不使用複寫網域控制站安裝 AD DS。Then, you can use the installation media to install AD DS on the domain controllers at the site, without the use of replication.

硬體故障或升級Hardware failures or upgrades

如果複寫問題發生硬體故障(例如,失敗主機板、子系統磁碟或磁碟機),以便硬體問題可以被解析通知伺服器擁有者。If replication problems occur as a result of hardware failure (for example, failure of a motherboard, disk subsystem, or hard drive), notify the server owner so that the hardware problem can be resolved.

定期硬體升級也會造成網域控制站都退出服務。Periodic hardware upgrades can also cause domain controllers to be out of service. 確定您伺服器擁有者有很好事先通訊這類問題的系統。Ensure that your server owners have a good system of communicating such outages in advance.

防火牆設定Firewall configuration

根據預設,Active Directory 複寫遠端程序呼叫 (Rpc) 動態發生透過 RPC Endpoint 對應 (RPCSS) 135 連接埠使用連接埠。By default, Active Directory replication remote procedure calls (RPCs) occur dynamically over an available port through the RPC Endpoint Mapper (RPCSS) on port 135. 確定 Windows 防火牆使用進階安全性和其他防火牆複寫允許設定正確。Make sure that Windows Firewall with Advanced Security and other firewalls are configured properly to allow for replication. 用於指定連接埠複寫 Active Directory 及連接埠設定的相關資訊,請查看文章 224196 Microsoft 知識庫在For information about specifying the port for Active Directory replication and port settings, see article 224196 in the Microsoft Knowledge Base.

有關使用複寫 Active Directory 連接埠,請查看Active Directory 複寫工具和設定For information about the ports that Active Directory replication uses, see Active Directory Replication Tools and Settings.

用於管理複寫 Active Directory 防火牆透過相關資訊,請查看防火牆的 Active Directory 複寫For information about managing Active Directory replication over firewalls, see Active Directory Replication over Firewalls.

回應執行 Windows 2000 Server 過時伺服器的商品Responding to failure of an outdated server running Windows 2000 Server

如果超過天數標記期間失敗網域控制站執行 Windows 2000 Server、方案都相同:If a domain controller running Windows 2000 Server has failed for longer than the number of days in the tombstone lifetime, the solution is always the same:

  1. 將伺服器的企業網路移到私人網路。Move the server from the corporate network to a private network.
  2. 指定 Active Directory 中移除或重新安裝作業系統。Either forcefully remove Active Directory or reinstall the operating system.
  3. Active directory 移除伺服器中繼資料不會恢復伺服器物件。Remove the server metadata from Active Directory so that the server object cannot be revived.

若要清除伺服器中繼資料在大部分的 Windows 作業系統,您可以使用指令碼。You can use a script to clean up server metadata on most Windows operating systems. 有關使用此指令碼,請查看移除 Active Directory 網域控制站中繼資料For information about using this script, see Remove Active Directory Domain Controller Metadata.

根據預設,NTDS 設定物件刪除會自動一段 14 天恢復。By default, NTDS Settings objects that are deleted are revived automatically for a period of 14 days. 因此,如果您不會移除伺服器中繼資料(使用 Ntdsutil 或指令碼執行的清除中繼資料所述),在 directory,這將會提示發生嘗試複寫恢復伺服器中繼資料。Therefore, if you do not remove server metadata (use Ntdsutil or the script mentioned previously to perform metadata cleanup), the server metadata is reinstated in the directory, which prompts replication attempts to occur. 在這種情形下,將會持續登錯誤無法複寫遺失網域控制站的結果。In this case, errors will be logged persistently as a result of the inability to replicate with the missing domain controller.

根本原因Root causes

如果您要排除刻意中斷、硬體故障,並過期的 Windows 2000 網域控制站,複寫問題的其餘部分幾乎都已根本原因下列其中一項:If you rule out intentional disconnections, hardware failures, and outdated Windows 2000 domain controllers, the remainder of replication problems almost always have one of the following root causes:

  • 網路連接:網路連接可能無法使用或網路設定的設定不正確。Network connectivity: The network connection might be unavailable, or network settings are not configured properly.
  • 名稱解析:DNS 錯誤設定的常見︰ 複寫失敗的原因。Name resolution: DNS misconfigurations are a common cause of replication failures.
  • 驗證和授權:驗證和授權問題會導致「拒絕存取「錯誤,當連接到其複寫合作夥伴嘗試網域控制站。Authentication and authorization: Authentication and authorization problems cause "Access denied" errors when a domain controller tries to connect to its replication partner.
  • Directory 資料庫(儲存):directory 資料庫可能無法處理交易快速地與複寫逾時。Directory database (store): The directory database might not be able to process transactions fast enough to keep up with replication time-outs.
  • 複寫引擎︰ 複寫佇列間複寫排程太簡短時,可能會太大處理中所需的輸出複寫排程的時間。Replication engine: If intersite replication schedules are too short, replication queues might be too large to process in the time that is required by the outbound replication schedule. 在本案例中的一些變更複寫可以停滯的 indefinitelypotentially,超過標記期間長度。In this case, replication of some changes can be stalled indefinitelypotentially, long enough to exceed the tombstone lifetime.
  • 複製拓撲:網域控制站 AD DS 地圖 (WAN) 的寬形真正的區域網路或連接私人網路 virtual (VPN),必須有間的連結。Replication topology: Domain controllers must have intersite links in AD DS that map to real wide area network (WAN) or virtual private network (VPN) connections. 如果您的複寫拓撲 AD DS,您的網路的實際網站拓撲不支援中建立物件,需要設定錯誤的拓撲︰ 複寫失敗。If you create objects in AD DS for the replication topology that are not supported by the actual site topology of your network, replication that requires the misconfigured topology fails.

一般修正問題的方法General approach to fixing problems

使用下列以修正問題複寫一般的方法:Use the following general approach to fixing replication problems:

  1. 監視複寫健康每日,或使用 Repadmin.exe 每天取得複寫狀態。Monitor replication health daily, or use Repadmin.exe to retrieve replication status daily.
  2. 嘗試解析及時任何回報的失敗事件郵件本文中所述方式。Attempt to resolve any reported failure in a timely manner by using the methods that are described in event messages and this guide. 軟體可能會造成問題,如果解除安裝的軟體,才能繼續其他方案。If software might be causing the problem, uninstall the software before you continue with other solutions.
  3. 如果任何已知方法無法解析造成︰ 複寫失敗的問題,請移除伺服器 AD DS,然後再重新安裝 AD DS。If the problem that is causing replication to fail cannot be resolved by any known methods, remove AD DS from the server and then reinstall AD DS. 如需有關重新安裝 AD DS,請查看解除委任網域控制站For more information about reinstalling AD DS, see Decommissioning a Domain Controller.
  4. 如果無法正常移除 AD DS 伺服器連接到網路時,,使用下列方法修正問題的相關:If AD DS cannot be removed normally while the server is connected to the network, use one of the following methods to resolve the problem:
- <span data-ttu-id="d2146-191">強制 AD DS 移除清除伺服器中繼資料中 Directory 服務還原模式 (DSRM),然後再重新安裝 AD DS。</span><span class="sxs-lookup"><span data-stu-id="d2146-191">Force AD DS removal in Directory Services Restore Mode (DSRM), clean up server metadata, and then reinstall AD DS.</span></span>
- <span data-ttu-id="d2146-192">重新安裝作業系統,並重新建立網域控制站。</span><span class="sxs-lookup"><span data-stu-id="d2146-192">Reinstall the operating system, and rebuild the domain controller.</span></span>

如需有關強迫移除 AD DS,請查看強迫移除網域控制站的For more information about forcing removal of AD DS, see Forcing the Removal of a Domain Controller.

使用 Repadmin 擷取複寫狀態Using Repadmin to retrieve replication status

複製狀態是重要的方式為您評估 directory 服務的狀態。Replication status is an important way for you to evaluate the status of the directory service. 如果複寫無誤運作,您知道 online 網域控制站。If replication is working without errors, you know the domain controllers that are online. 您也可以知道使用下列系統與服務:You also know that the following systems and services are working:

  • DNS 基礎結構DNS infrastructure
  • Kerberos 驗證通訊協定Kerberos authentication protocol
  • Windows 時間服務 (W32time)Windows Time service (W32time)
  • 遠端程序呼叫 (RPC)Remote procedure call (RPC)
  • 網路連接Network connectivity

使用 Repadmin 監視複寫狀態每日執行評估複寫狀態的所有網域控制站在您的樹系的命令。Use Repadmin to monitor replication status daily by running a command that assesses the replication status of all the domain controllers in your forest. 此程序產生.csv 檔案,您可以在 Excel 及篩選︰ 複寫失敗開放。The procedure generates a .csv file that you can open in Microsoft Excel and filter for replication failures.

您可以使用下列程序取得複寫森林中的所有網域控制站的狀態。You can use the following procedure to retrieve the replication status of all domain controllers in the forest.

需求Requirements

資格在企業系統管理員,或相當於,才能完成此程序最小值。Membership in Enterprise Admins, or equivalent, is the minimum required to complete this procedure.

工具:Tools:

  • Repadmin.exeRepadmin.exe
  • Excel (Microsoft Office)Excel (Microsoft Office)

若要產生 repadmin /showrepl 網域控制站試算表To generate a repadmin /showrepl spreadsheet for domain controllers

  1. 打開以系統管理員身分命令提示字元︰ 在 [開始] 功能表、命令提示字元中,以滑鼠右鍵按一下,然後按一下以系統管理員身分執行。Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. 如果使用者 Account 控制項對話方塊,提供的認證企業系統管理員,如有需要,,然後按一下 [繼續]。If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.
  2. 在命令提示字元中,輸入下列命令,,然後按 ENTER 鍵:At the command prompt, type the following command, and then press ENTER:repadmin /showrepl * /csv &gt;showrepl.csv
  3. 打開 Excel。Open Excel.
  4. 按一下 [Office] 按鈕,按一下 [開放,showrepl.csv,瀏覽,然後按一下開放。Click the Office button, click Open, navigate to showrepl.csv, and then click Open.
  5. 隱藏或 delete 欄以及傳輸類型的欄中,如下:Hide or delete column A as well as the Transport Type column, as follows:
  6. 選取您想要隱藏或 delete 欄。Select a column that you want to hide or delete.
- <span data-ttu-id="d2146-219">若要隱藏欄欄中,按一下滑鼠右鍵,然後按一下 [隱藏。</span><span class="sxs-lookup"><span data-stu-id="d2146-219">To hide the column, right-click the column, and then click Hide.</span></span>
- <span data-ttu-id="d2146-220">若要 delete 欄、選取的欄中,按一下滑鼠右鍵,然後按一下 Delete。</span><span class="sxs-lookup"><span data-stu-id="d2146-220">To delete the column, right-click the selected column, and then click Delete.</span></span>
  1. 選取 [在標題行下方的列 1。Select row 1 beneath the column heading row. 在 [檢視] 索引標籤,凍結窗格中,按一下 [,然後按一下凍結頂端列。On the View tab, click Freeze Panes, and then click Freeze Top Row.
  2. 選取整個試算表。Select the entire spreadsheet. 在 [資料] 索引標籤中,按一下篩選。On the Data tab, click Filter.
  3. 在成功上次的欄中,按一下向下箭號,再遞增排序。In the Last Success Time column, click the down arrow, and then click Sort Ascending.
  4. 在來源俠欄中,按一下向下箭號篩選,指向 [文字篩選器],然後按一下自訂篩選。In the Source DC column, click the filter down arrow, point to Text Filters, and then click Custom Filter.
  5. 自訂篩選對話方塊中下,按一下 [未包含顯示列。In the Custom AutoFilter dialog box, under Show rows where, click does not contain. 旁邊的文字方塊中輸入del檢視中排除的結果刪除網域控制站。In the adjacent text box, type del to eliminate from view the results for deleted domain controllers.
  6. 重複執行「步驟 11 失敗上次的欄中,但使用值不相同,然後輸入 0。Repeat step 11 for the Last Failure Time column, but use the value does not equal, and then type the value 0.
  7. 解析︰ 複寫失敗。Resolve replication failures.

森林中每個網域控制站試算表會顯示原始檔複寫合作夥伴,時間複寫上次發生,與每個命名操作(directory 磁碟分割)最後一個︰ 複寫失敗的時間。For every domain controller in the forest, the spreadsheet shows the source replication partner, the time that replication last occurred, and the time that the last replication failure occurred for each naming context (directory partition). 使用篩選在 Excel 中,您可以檢視複寫健康僅網域控制站的網域控制站僅或網域控制站的最低或大部分最新狀態,無法,您可以看到成功複寫複寫合作夥伴。By using Autofilter in Excel, you can view the replication health for working domain controllers only, failing domain controllers only, or domain controllers that are the least or most current, and you can see the replication partners that are replicating successfully.

複寫問題,以及解析度Replication problems and resolutions

事件訊息,並在各種不同的應用程式或服務會嘗試操作時發生錯誤訊息複寫問題報告。Replication problems are reported in event messages and in various error messages that occur when an application or service attempts an operation. 最好監視您的應用程式或擷取複寫狀態時,會收集這些訊息。Ideally, these messages are collected by your monitoring application or when you retrieve replication status.

登入 Directory 服務事件登入事件訊息中都會大部分複寫的問題。Most replication problems are identified in the event messages that are logged in the Directory Service event log. 複寫問題也可能會辨識錯誤訊息的輸出中的repadmin /showrepl命令。Replication problems might also be identified in the form of error messages in the output of the repadmin /showrepl command.

Repadmin /showrepl 錯誤訊息,指出複寫問題repadmin /showrepl error messages that indicate replication problems

找出複寫 Active Directory 的問題,請使用repadmin /showrepl一節中所述命令。To identify Active Directory replication problems, use the repadmin /showrepl command, as described in the previous section. 下表顯示錯誤訊息,此命令產生,以及的錯誤和提供方案錯誤的主題的連結的根本原因。The following table shows error messages that this command generates, along with the root causes of the errors and links to topics that provide solutions for the errors.

Repadmin 錯誤Repadmin error 根本原因Root Cause 方案Solution
這一個複寫之後的時間伺服器超過標記期間。The time since last replication with this server has exceeded the tombstone lifetime. 網域控制站長滿足保存到標記,已複寫,而且回收 AD DS 從指定的來源網域控制站輸入︰ 複寫失敗。A domain controller has failed inbound replication with the named source domain controller long enough for a deletion to have been tombstoned, replicated, and garbage-collected from AD DS. 事件 ID 2042:已經太長的時間後複寫這部電腦Event ID 2042: It has been too long since this machine replicated
不輸入的鄰居。No inbound neighbors. 如果不出現「輸入鄰居」由 repadmin 輸出一節中的任何項目 /showrepl,網域控制站找不到建立與另一部網域控制站複製連結。If no items appear in the "Inbound Neighbors" section of the output that is generated by repadmin /showrepl, the domain controller was not able to establish replication links with another domain controller. 修正複寫連接問題 (263 1925 年)Fixing Replication Connectivity Problems (Event ID 1925)
存取。Access is denied. 有兩個的網域控制站之間複寫連結,但無法正確執行複寫,根據驗證失敗。A replication link exists between two domain controllers, but replication cannot be performed properly as a result of an authentication failure. 修正複寫安全性問題Fixing Replication Security Problems
上一次嘗試 < 日期-時間 > 在無法使用」目標帳號不正確。」Last attempt at <date - time> failed with the "Target account name is incorrect." 這個問題可以相關連接、DNS 或驗證的問題。This problem can be related to connectivity, DNS, or authentication issues. 如果這是 DNS 錯誤,本機網域控制站無法解析全球唯一 (GUID)-根據其複寫合作夥伴的 DNS 名稱。If this is a DNS error, the local domain controller could not resolve the globally unique identifier (GUID)-based DNS name of its replication partner. 修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年) 修正複寫安全性問題修正複寫連接問題 (263 1925 年)Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088) Fixing Replication Security Problems Fixing Replication Connectivity Problems (Event ID 1925)
LDAP 錯誤 49。LDAP Error 49. 網域控制站電腦 account 可能不會同步的金鑰 Distribution 中心 (KDC)。The domain controller computer account might not be synchronized with the Key Distribution Center (KDC). 修正複寫安全性問題Fixing Replication Security Problems
無法開放 LDAP 連接到本機主機Cannot open LDAP connection to local host 系統管理工具可以連絡 AD DS。The administration tool could not contact AD DS. 修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年)Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
Active Directory 複寫優先處理了。Active Directory replication has been preempted. 較高優先順序複寫要求,例如的要求,以手動方式與 repadmin /sync 命令產生中斷輸入複寫的進度。The progress of inbound replication was interrupted by a higher-priority replication request, such as a request that was generated manually with the repadmin /sync command. 等待複寫才能完成。Wait for replication to complete. 此資訊訊息指出正常運作。This informational message indicates normal operation.
張貼複寫、等待。Replication posted, waiting. 網域控制站張貼複寫要求和正在等待解答。The domain controller posted a replication request and is waiting for an answer. 複寫正在進行此來源。Replication is in progress from this source. 等待複寫才能完成。Wait for replication to complete. 此資訊訊息指出正常運作。This informational message indicates normal operation.

下表列出一般事件可能會使用 Active Directory 複寫,以及根造成問題的問題提供方案的主題的連結的問題。The following table lists common events that might indicate problems with Active Directory replication, along with root causes of the problems and links to topics that provide solutions for the problems.

事件 ID 和來源Event ID and source 根本原因Root cause 方案Solution
1311 NTDS KCC1311 NTDS KCC 複寫設定資訊,以 AD DS 無法正確反映實體網路的拓撲。The replication configuration information in AD DS does not accurately reflect the physical topology of the network. 修正複寫拓撲問題 (263 1311 年)Fixing Replication Topology Problems (Event ID 1311)
1388 NTDS 複寫1388 NTDS Replication 嚴格複寫一致性不會生效,以及已複寫網域控制站的延遲物件。Strict replication consistency is not in effect, and a lingering object has been replicated to the domain controller. 修正複寫延遲物件問題 (事件 Id 1388,1988,2042 年)Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
1925 NTDS KCC1925 NTDS KCC 建立寫入 directory 磁碟分割的連結︰ 複寫失敗。The attempt to establish a replication link for a writable directory partition failed. 事件這可以讓不同的原因,根據錯誤。This event can have different causes, depending on the error. 修正複寫連接的問題 (263 1925 年) 修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年)Fixing Replication Connectivity Problems (Event ID 1925) Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
1988 NTDS 複寫1988 NTDS Replication 本機網域控制站已嘗試複製物件來源網域控制站未顯示在本機網域控制站,因為它可能已刪除和已經回收。The local domain controller has attempted to replicate an object from a source domain controller that is not present on the local domain controller because it may have been deleted and already garbage-collected. 辨識情形之前複寫不會繼續使用此合作夥伴此 directory 磁碟分割。Replication will not proceed for this directory partition with this partner until the situation is resolved. 修正複寫延遲物件問題 (事件 Id 1388,1988,2042 年)Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
2042 NTDS 複寫2042 NTDS Replication 複寫尚未標記期間,發生此合作夥伴使用,複寫無法繼續。Replication has not occurred with this partner for a tombstone lifetime, and replication cannot proceed. 修正複寫延遲物件問題 (事件 Id 1388,1988,2042 年)Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
2087 NTDS 複寫2087 NTDS Replication AD DS 無法解析主機的 DNS 名稱來源網域控制站的 IP 位址和︰ 複寫失敗。AD DS could not resolve the DNS host name of the source domain controller to an IP address, and replication failed. 修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年)Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
2088 NTDS 複寫2088 NTDS Replication AD DS 無法解析 IP 位址,但複寫成功來源網域控制站的 DNS 名稱主機。AD DS could not resolve the DNS host name of the source domain controller to an IP address, but replication succeeded. 修正複寫 DNS 查詢問題 (事件 Id 1925,2087,2088 年)Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
5805 網路登入5805 Net Logon 電腦 account 無法驗證,這通常是因為數個相同的電腦名稱實例或不複寫每個網域控制站的電腦名稱。A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name or the computer name not replicating to every domain controller. 修正複寫安全性問題Fixing Replication Security Problems

有關更多複寫概念,請查看Active Directory 複寫技術For more information about replication concepts, see Active Directory Replication Technologies.