域控制器之間復(fù)制故障實(shí)例分析｜錯(cuò)誤代碼1722｜ RPC服務(wù)器不可用｜

xiaozhuang 2019-02-28

展開全文

公司有2臺(tái)服務(wù)器

1. BICSVR08R2H 附加域控制器 192.168.1.16

2. DC_BIC08R2 主域控制器 192.168.1.219

這2臺(tái)域控制器在復(fù)制時(shí)出現(xiàn)了如下現(xiàn)象：

主域控制器DC_BIC08R2從附加域控制器BICSVR08R2H復(fù)制 OK

附加域控制器BICSVR08R2H從主域控制器DC_BIC08R2復(fù)制 X

如下圖所示：

為了解決這個(gè)問題對(duì)照了微軟在官網(wǎng)上給出的參考文檔、但最終貌似并

不能解決我所面臨的問題。

在此之前做了一系列的嘗試、比如(DNS檢查/重做;重啟netlogon;甚至

連附加域控器都推倒重來了如此種種)。

在幾乎陷入了絕望的時(shí)候、我決定把這件事先放到一邊，晚上好好睡一

覺?；蛟S第二天醒來頭腦清醒一下有了靈感也不一定。

第二天早晨上班時(shí)我把之前在服務(wù)器上所做的所有操作慢慢的在腦海中

回放了一遍（前一段時(shí)間勒索病毒肆掠一口氣把135 137 139 445等端口

全部封掉了）時(shí)間在這里停頓了幾秒、似乎隱隱看到了一道亮光。我記

得后來某種原因重新解封了137 139 445端口、便唯獨(dú)135沒有。

再次嘗試：

步驟1

執(zhí)行TELNET命令

telnet 192.168.1.16 135 X

telnet 192.168.1.219 135 OK

步驟2

netstat -an | more 檢查端口是否處于監(jiān)聽狀態(tài)。

步驟3

檢查 IP security policies on local computer

問題就在這兒了，這次我直接把 Deny_135_137_139_445 設(shè)為不指派（

以前只是從中刪除了 137 139 445）、然后在Active Directory 站點(diǎn)

和服務(wù) 中再次進(jìn)行測(cè)試。

如下圖所示（至此故障已解決）：

總結(jié)：

因?yàn)槭褂肐P security policies on local computer 時(shí)禁用了域控制器之間復(fù)制時(shí)所需要

用到端口從而導(dǎo)致復(fù)制時(shí)的故障。

關(guān)于135/以下來源于百度

135端口就是用于遠(yuǎn)程的打開對(duì)方的telnet服務(wù) ，用于啟動(dòng)與遠(yuǎn)程計(jì)算機(jī)的 RPC 連接，很容

易就可以就侵入電腦。大名鼎鼎的“沖擊波”就是利用135端口侵入的。 135的作用就是進(jìn)行

遠(yuǎn)程，可以在被遠(yuǎn)程的電腦中寫入惡意代碼，危險(xiǎn)極大。

135端口主要用于使用RPC（Remote Procedure Call，遠(yuǎn)程過程調(diào)用）協(xié)議并提供DCOM（分

布式組件對(duì)象模型）服務(wù)。

附上/出現(xiàn)故障時(shí)的dcdiag診斷的部份內(nèi)容

C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = dc_bic08r2

* Identified AD Forest.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC_BIC08R2

Starting test: Connectivity

......................... DC_BIC08R2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC_BIC08R2

Starting test: Advertising

......................... DC_BIC08R2 passed test Advertising

Starting test: FrsEvent

......................... DC_BIC08R2 passed test FrsEvent

Starting test: DFSREvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.

......................... DC_BIC08R2 failed test DFSREvent

Starting test: SysVolCheck

......................... DC_BIC08R2 passed test SysVolCheck

Starting test: KccEvent

A warning event occurred. EventID: 0x8000082C

Time Generated: 11/07/2017 18:15:37

Event String:

A warning event occurred. EventID: 0x80000828

Time Generated: 11/07/2017 18:18:20

Event String:

Active Directory DNS IP ,Active Directory NetBIOS

......................... DC_BIC08R2 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DC_BIC08R2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DC_BIC08R2 passed test MachineAccount

Starting test: NCSecDesc

......................... DC_BIC08R2 passed test NCSecDesc

Starting test: NetLogons

......................... DC_BIC08R2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DC_BIC08R2 passed test ObjectsReplicated

Starting test: Replications

[Replications Check,DC_BIC08R2] A recent replication attempt failed:

From BICSVR08R2HR to DC_BIC08R2

Naming Context: DC=ForestDnsZones,DC=burnet,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2017-11-07 18:17:13.

The last success occurred at 2017-11-07 17:55:58.

1 failures have occurred since the last success.

[BICSVR08R2HR] DsBindWithSpnEx() failed with error 1722,

The RPC server is unavailable..

The source remains down. Please check the machine.

[Replications Check,DC_BIC08R2] A recent replication attempt failed:

From BICSVR08R2HR to DC_BIC08R2

Naming Context: DC=DomainDnsZones,DC=burnet,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2017-11-07 18:17:56.

The last success occurred at 2017-11-07 18:05:12.

2 failures have occurred since the last success.

The source remains down. Please check the machine.

[Replications Check,DC_BIC08R2] A recent replication attempt failed:

From BICSVR08R2HR to DC_BIC08R2

Naming Context: CN=Schema,CN=Configuration,DC=burnet,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2017-11-07 18:16:10.

The last success occurred at 2017-11-07 17:55:58.

1 failures have occurred since the last success.

The source remains down. Please check the machine.

[Replications Check,DC_BIC08R2] A recent replication attempt failed:

From BICSVR08R2HR to DC_BIC08R2

Naming Context: CN=Configuration,DC=burnet,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2017-11-07 18:15:49.

The last success occurred at 2017-11-07 18:01:52.

1 failures have occurred since the last success.

The source remains down. Please check the machine.

[Replications Check,DC_BIC08R2] A recent replication attempt failed:

From BICSVR08R2HR to DC_BIC08R2

Naming Context: DC=burnet,DC=com

The replication generated an error (1722):

The RPC server is unavailable.

The failure occurred at 2017-11-07 18:24:03.

The last success occurred at 2017-11-07 18:10:31.

7 failures have occurred since the last success.

The source remains down. Please check the machine.

......................... DC_BIC08R2 failed test Replications

本站是提供個(gè)人知識(shí)管理的網(wǎng)絡(luò)存儲(chǔ)空間，所有內(nèi)容均由用戶發(fā)布，不代表本站觀點(diǎn)。請(qǐng)注意甄別內(nèi)容中的聯(lián)系方式、誘導(dǎo)購(gòu)買等信息，謹(jǐn)防詐騙。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請(qǐng)點(diǎn)擊一鍵舉報(bào)。

轉(zhuǎn)藏 分享

QQ空間 QQ好友新浪微博微信

獻(xiàn)花（0） +1

來自： xiaozhuang > 《域控技術(shù)》

舉報(bào)/認(rèn)領(lǐng)