但最近一直遇到複寫失敗, RPC 連線失敗的情況
試遍各種網路上找到的偏方都無效
包括:
- Event 5014 DFSR Error:1726
https://social.technet.microsoft.com/Forums/windowsserver/en-US/d27bd902-034e-4230-9516-0ede42308193
Running DCDIAG on any of our domain controllers (all are Windows Server 2008 R2) resulted in the following error:
ADD Value To: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DWORD:DisableTaskOffload=1
DWORD:EnableTCPChimney=0
DWORD:EnableTCPA=0
DWORD:EnableRSS=0 - DCDiag Error Enterprise Read-only Domain Controllers doesn't have Replicating Directory Changes access rights for the naming context
https://social.technet.microsoft.com/Forums/windowsserver/en-US/6d4fc381-cc50-4386-9038-6e51ef378131Running DCDIAG on any of our domain controllers (all are Windows Server 2008 R2) resulted in the following error:Starting test: NCSecDesc
Error OURDOMAIN\Enterprise Read-only Domain Controllers doesn't have
Replicating Directory Changes
access rights for the naming context:
DC=ourdomain,DC=comVerifying the Problem:Using Active Directory Users and Computers (ADUC) and navigating to \Users, verify the existence of a Security Group called "Enterprise Read-only Domain Controllers". In our case, that group already existed. Exit ADUC.Using ADSIEDIT, right-click on Naming Context "DC=ourdomain,DC=com", choose "Properties", click the "Security" tab and verify that "Enterprise Read-only Domain Controllers" shows in the "Group or user names" pane. In our case, that group was missing.Resolution:In ADSIEDIT, click the "Add" button, type the group name "Enterprise Read-only Domain Controllers" and click "OK". Next, highlight "Enterprise Read-only Domain Controllers" in the "Group or user names:" pane and then scroll down in the "Permissions:" pane to find "Replicating Directory Changes". Enable (check) the box in the "Allow" column to the right of "Replicating Directory Changes" and Press "OK".Exit ADSIEDIT and re-run DCDIAG. This solved the problem in our case. - 忘了出處cd %windir%\system32\wbem
mofcomp dfsrprovs.mof
net stop UALSVC
net stop iphlpsvc
net stop winmgmt
net start winmgmt
net start iphlpsvc
net start UALSVC
net stop dfsr
net start dfsr - 忘了出處Open regedit as an administrator account on the server in question.
Navigate to HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\[Choose the interface in question]
(Do this by checking the correct IP address is in the settings underthis key for the adapter you are configuring)
Once you are in the correct key for your interface, right-click and select new DWORD value (32 bit).
Call it MTU
Give this a decimal value equal to the setting you would like your MTU to be (measured in bytes). I changed mine to 1400
最後是與我用來做 Site to Site VPN 的 Draytek Vigor 3900 有關
我使用的是 IPSec with GRE 的 Load Balanced Mode
改成 Backup Mode 就好了
但這樣頻寬就沒辦法靈活運用了呀
再研究看看
沒有留言:
張貼留言