问题描述:华为fa版本为6.5.1,在windows2016安装了两台AD域虚拟机,两台虚拟机都会经常蓝屏,导致云桌面登录不了。重装了一台备域虚拟机,还是会蓝屏,怀疑是系统镜像问题,重新下载2016系统镜像,轮流替换两台AD域虚拟机,后面就不会蓝屏了。
解决思路:先替换备域虚拟机,再把备域升级为主域,在新搭建一台备域。
解决步骤:
文中用到的脚本附件如下
1、在“FusionCompute”系统,关闭故障的备AD/DNS/DHCP服务器。
2、以“Administrator”帐号登录主AD/DNS/DHCP服务器。
3、把以下内容写到记事本,记事本文件重命名为“Delegation.bat”,拷贝到主AD域虚拟机,双击“Delegation.bat”。
@echo off
(echo [Unicode]
echo Unicode=yes
echo [Version]
echo signature="$CHICAGO$"
echo Revision=1
echo [Privilege Rights]
echo SeEnableDelegationPrivilege = Administrators)>>sec.inf
secedit /configure /db sec.sdb /cfg sec.inf /log sec.log /quiet
echo OK
4、重启主AD/DNS/DHCP服务器。
5、重启AD/DNS/DHCP服务器后,等待约10分钟后在主AD/DNS/DHCP上ping完整域名,如果可以ping通,表示域服务已正常启动,才可进行下一步操作。
6、在主用AD服务器上删除已故障的备AD服务器的数据。
请在https://docs.microsoft.com/zh-cn/中搜索“清理AD DS元数据”,参考找到的清理AD服务器元数据的内容,清除已故障的备AD服务器的数据
7、在主用AD服务器上,选择“Windows管理工具 > Active Directory 用户与计算机”。
8、查看“域名 > Domain Controller”下是否存在故障备AD/DNS/DHCP服务器的记录,如果有,就手动删除
9、新建一台2016虚拟机,ip设置成原来备域的ip,安装AD、DNS等功能,做些基础配置,参照部署备用AD和DNS服务器的安装和配置,变为备域。
10、备域替换完成,接下来替换主域控
11、在“FusionCompute”系统,关闭故障的主AD/DNS/DHCP服务器。
12、以“Administrator”帐号登录备AD/DNS/DHCP服务器。
13、运行deleteDC.vbs,删除已故障的主AD/DNS/DHCP服务器的数据,
输入主域控的名称,点击确定
14、在备用AD服务器上,单击,选择“Windows管理工具 > Active Directory 用户与计算机”,查看“域名 > Domain Controller”下是否存在故障AD/DNS/DHCP服务器的记录。
15、如果打开【Active Directory用户和计算机】报错(AD域服务提示找不到命名信息,因为指定的域不存在,或无法联系…)
解决方法:
打开注册表路径:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
修改该路径下的【SysvolReady】项的数据为【1】
打开服务,重新启动【Netlogon】服务
再重新打开【Active Directory用户和计算机】就正常了。
16、如果存在,请右键单击故障AD/DNS/DHCP服务器的名称,选择“删除”。
17、在本地新建记事本文件,并将记事本文件重命名为“seizeFSMO.bat”,拷贝以下内容到记事本。
ntdsutil roles connection “connect to server localhost” q “Seize naming master” “seize rid master” “seize pdc” “seize infrastructure master” “Seize schema master” q q
18、拷贝“seizeFSMO.bat”到备AD/DNS/DHCP服务器上,双击运行
19、在命令提示符窗口中,输入netdom query fsmo,可以看到运行之前是在01上,运行完后,五大角色转移到02上了。五大角色成功转移了,才能进行下一步。
20、双击运行“Delegation.bat”,运行完,重启虚拟机
21、重启后,等待约10分钟后在主AD/DNS/DHCP上ping完整域名,如果可以ping通,表示域服务已正常启动,才可进行下一步操作。此时备域控升级成为了主域控。
22、新建一台2016虚拟机,ip设置成原来主域的ip,安装AD、DNS等功能,做些基础配置,参照部署备用AD和DNS服务器的安装和配置,变为备域。
23、主域、备域轮流关机,测试正不正常。
deleteDC.vbs内容如下:
REM ==========================================================
REM GUI Metadata Cleanup Utility
REM Written By Clay Perrine
REM Version 2.5
REM ==========================================================
REM This tool is furnished "AS IS". NO warranty is expressed or Implied.
on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename
rem =======This gets the name of the computer that the script is run on ======
Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
rem === Get the default naming context of the domain====
set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
rem === Get the list of domain controllers====
Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
outval = outval & vbtab & objContainer.Name & VBCRLF
Next
outval = Replace(outval, "CN=", "")
rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.===
oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)
if comparename = computerName then
msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
"You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
wscript.quit
End If
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
Err.Clear
ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
set myObj=GetObject(ckdcPath)
If err.number <>0 Then
errval= 1
End If
Next
If errval = 1 then
msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
wscript.quit
End If
abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
wscript.quit
end if
oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sSitelist)
For Each objContainer in objConfiguration
Err.Clear
sitePath = "LDAP://" & oDCSelect & ",CN=Servers," & objContainer.Name & ",CN=Sites,CN=Configuration," & _
objRoot.Get("defaultNamingContext")
set myObj=GetObject(sitePath)
If err.number = 0 Then
siteval = sitePath
End If
Next
sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sFRSSysvolList)
For Each objContainer in objConfiguration
Err.Clear
SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
objRoot.Get("defaultNamingContext")
set myObj=GetObject(SYSVOLPath)
If err.number = 0 Then
SYSVOLval = SYSVOLPath
End If
Next
SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set SiteConfiguration = GetObject(VarSitelist)
For Each SiteContainer in SiteConfiguration
Sitevar = SiteContainer.Name
VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set DCConfiguration = GetObject(VarPath)
For Each DomContainer in DCConfiguration
DCVar = DomContainer.Name
strFromServer = ""
NTDSPATH = DCVar & ",CN=Servers," & SiteVar & "," & SiteList
GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
Set objCheck = GetObject(NTDSPATH)
For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
ldapntdspath = "LDAP://" & NTDSPATH
Err.Clear
set exists=GetObject(ldapntdspath)
If err.number = 0 Then
Set oGuidGet = GetObject(GuidPath)
For Each objContainer in oGuidGet
oGuid = objContainer.Name
oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH
Set objSitelink = GetObject(oGuidPath)
objSiteLink.GetInfo
strFromServer = objSiteLink.Get("fromServer")
ispresent = Instr(1,strFromServer,oDCSelect,1)
if ispresent <> 0 then
Set objReplLinkVal = GetObject(oGuidPath)
objReplLinkVal.DeleteObject(0)
end if
next
sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
if sitedelval = ntdspath then
Set objguidpath = GetObject(guidpath)
objguidpath.DeleteObject(0)
Set objntdspath = GetObject(ldapntdspath)
objntdspath.DeleteObject(0)
end if
End If
next
next
next
Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo
Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0)
Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0)
Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox msgval,,"Notice."
wscript.quit
seizeFSMO.bat内容如下:
ntdsutil roles connection "connect to server localhost" q "Seize naming master" "seize rid master" "seize pdc" "seize infrastructure master" "Seize schema master" q q