iT邦幫忙

1

DC從Server 2003 升級至2008 R2 除錯

  • 分享至 

  • xImage

大家好:
我參照了Ray大給的指示步驟
http://ithelp.ithome.com.tw/question/10062683

  1. 先安裝 Server 2003 光碟內的 Support Tool
  2. 在 2003 上面執行 dcdiag /a 檢查是否有任何錯誤警示?
  3. 若有錯誤的話, 必先排除, 重複以上步驟 2. 直到沒有錯誤為止
  4. 在 2003 上面執行 repadmin /showrepl 檢查是否有任何錯誤警示?
  5. 若有錯誤的話, 必先排除, 重複以上步驟 4. 直到沒有錯誤為止
  6. 將 2008 R2 光碟放入 2003 DC 伺服器內
  7. 執行 R2 光碟上的 adprep /forestprep (若是 2003 32-bits, 請改用 adprep32)
  8. 靜置 24hr 等待複寫完畢; 或用 repadmin 確認每一台 DC 都複寫完畢
  9. 執行 R2 光碟上的 adprep /domainprep /gpprep
  10. 靜置 24hr 等待複寫完畢; 或用 repadmin 確認每一台 DC 都複寫完畢
  11. 在新的主機上, 安裝全新的 2008 R2, 並加入現有網域成為 DC
  12. 靜置 24hr 等待複寫完畢; 或用 repadmin 確認每一台 DC 都複寫完畢
  13. 執行 2008 R2 上面的 dcdiag /a 確認沒有任何錯誤警示
  14. 將 2003 DC 上面的 FSMO 及 GC 都移轉到 2008 R2 DC
  15. 靜置 24hr 等待複寫完畢; 或用 repadmin 確認每一台 DC 都複寫完畢
  16. 執行 2008 R2 上面的 dcdiag /a 確認沒有任何錯誤警示
  17. 將所有的 2003 DC 都執行 dcpromo 降級
  18. 靜置 24hr 等待複寫完畢; 或用 repadmin 確認每一台 DC 都複寫完畢
  19. 執行 2008 R2 上面的 dcdiag /a 確認沒有任何錯誤警示
  20. 將 Forest Functional Level 提升至 2008 等級
  21. 將 Domain Functional Level 提升至 2008 等級
  22. 執行 2008 R2 上面的 dcdiag /a 確認沒有任何錯誤警示

在執行到第9步驟時,發生以下錯誤訊息

不知是哪裡出錯,還請有經驗前輩指點迷津^^
感謝囉^^

圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

7
Ray
iT邦大神 1 級 ‧ 2011-08-26 23:15:29
最佳解答

這很少見....請將上面錯誤後面所述的 ADPrep.log 內容拿出來看看....

看更多先前的回應...收起先前的回應...

ADPrep.log裡面的內容,就如圖片文字紅框處所敘.....
所以我才上來發問的.............

Ray iT邦大神 1 級 ‧ 2011-08-28 01:22:27 檢舉

這通常是某個軟體咬住某個檔案, 造成 adprep 無法寫入. 如果您的 DC 上面有跑任何其他非原本 Server 2003 內建的任何軟體的話, 請先將他停用或關閉, 如果是服務的話也請先停止, 若有任何防毒軟體也要先停掉....

Ray iT邦大神 1 級 ‧ 2011-08-28 01:29:24 檢舉

另請再確認一下, 步驟 2.的部分有沒有任何錯誤?(若有多台 DC 的話, 每一台都要檢查) 因為如果 Infrastructure Master Role 有問題的話, 也有可能會這樣. 請用 netdom qeury fsmo 查一下目前的 infrastructure Master 是哪一台?

五大角色都在此台主機,且公司內部只有此一台DC(之前舊的DC因硬體損壞下線,那時執行dcdiag時有至論壇上發言,http://ithelp.ithome.com.tw/question/10072182,但已排除錯誤狀況,),因此執行步驟二時,是確認執行無誤才開始跑其他流程

我把防毒軟體停用,Acronis的服務也停用
但還是未有所獲
我試著節錄ADPrep.log裡面的內容
LDAP API ldap_search_s() finished, return code is 0x20
[2011/08/26:20:28:22.466]
Adprep verified the state of operation cn=a3dac986-80e7-4e59-a059-54cb1ab43cb9,cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.
[2011/08/26:20:28:22.716]
Adprep was unable to complete because the call back function failed.

[Status/Consequence]

Error message: (null)

[User Action]

Check the log file ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20110826202818 directory for more information.
[2011/08/26:20:28:22.716]
Adprep was unable to update domain information.

[Status/Consequence]

Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20110826202818 directory for more information.

Ray iT邦大神 1 級 ‧ 2011-08-30 12:11:52 檢舉

virgil0711提到:
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.

跟先前猜想的差不多, 是 Infrastructure Master Role 出問題....可否提供更多在 [2011/08/26:20:28:22.466] 時間點之前的 Log 內容? 上面只看到一個 LDAP API ldap_search_s() finished, return code is 0x20, 前面還有沒有?

Ray iT邦大神 1 級 ‧ 2011-08-30 12:18:14 檢舉

請試著將 domain administrator 帳號加入 Schema Admins 群組中看看有沒有效?

Ray iT邦大神 1 級 ‧ 2011-08-30 12:20:55 檢舉

喔對了, 也請確認一下, 您的 administrator 同時也存在 Enterprise Admins 群組內....

Ray大:
我跑去查看權限,發現domain administrator本來就有如您所說的群組權限說

Ray iT邦大神 1 級 ‧ 2011-08-31 16:19:59 檢舉

virgil0711提到:
LDAP API ldap_search_s() finished, return code is 0x20

那就請列出上面這段文字之前大約 100 行的 Log 內容...

[2011/08/26:20:28:21.920]
LDAP API ldap_search_s() finished, return code is 0x0
[2011/08/26:20:28:21.920]
Adprep was about to call the following LDAP API. ldap_modify_s(). The entry to modify is

CN=AdminSDHolder,CN=System,DC=abc,DC=com.
[2011/08/26:20:28:21.951]
LDAP API ldap_modify_ext_s() finished, return code is 0x0
[2011/08/26:20:28:21.951]
Adprep successfully modified the security descriptor on object

CN=AdminSDHolder,CN=System,DC=abc,DC=com.[Status/Consequence]Adprep merged the existing security

descriptor with the new access control entry (ACE).
[2011/08/26:20:28:21.951]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is cn=c88227bc-fcca-

4b58-8d8a-cd3d64528a02,cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:21.966]
LDAP API ldap_add_s() finished, return code is 0x0

[2011/08/26:20:28:21.404]
Adprep successfully modified the security descriptor on object DC=abc,DC=com.[Status/Consequence]

Adprep merged the existing security descriptor with the new access control entry (ACE).
[2011/08/26:20:28:21.404]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is cn=4aaabc3a-c416-

4b9c-a6bb-4b453ab1c1f0,cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:21.451]
LDAP API ldap_add_s() finished, return code is 0x0
[2011/08/26:20:28:21.451]
Adprep successfully created the Active Directory Domain Services object cn=4aaabc3a-c416-4b9c-a6bb-

4b453ab1c1f0,cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:21.451]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search

is cn=9738c400-7795-4d6e-b19d-c16cd6486166,cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:

更早的[2011/08/26:20:28:19.029]
Adprep created the log file ADPrep.log under C:\WINDOWS\debug\adprep\logs\20110826202818 directory.
[2011/08/26:20:28:19.654]
Adprep copied file F:\support\adprep\schema.ini from installation point to local machine under

directory C:\WINDOWS.
[2011/08/26:20:28:19.654]
Adprep copied file F:\support\adprep\schupgrade.cat from installation point to local machine under

directory C:\WINDOWS\system32.
[2011/08/26:20:28:19.670]
Adprep copied file F:\support\adprep\PAS.ldf from installation point to local machine under directory

C:\WINDOWS\system32.
[2011/08/26:20:28:19.670]
Adprep successfully made the LDAP connection to the local Active Directory Domain Controller SERVER.
[2011/08/26:20:28:19.670]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search

is (null).
[2011/08/26:20:28:19.670]
LDAP API ldap_search_s() finished, return code is 0x0

[2011/08/26:20:28:19.670]
Adprep successfully retrieved information from the local Active Directory Domain Services.
[2011/08/26:20:28:19.670]
Adprep successfully initialized global variables.[Status/Consequence]Adprep is continuing.
[2011/08/26:20:28:19.685]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is

cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:19.685]
LDAP API ldap_add_s() finished, return code is 0x44
[2011/08/26:20:28:19.685]
Adprep attempted to create the Active Directory Domain Services object

cn=DomainUpdates,cn=System,DC=abc,DC=com.[Status/Consequence]The object exists so Adprep did not

attempt to rerun this operation but is continuing.
[2011/08/26:20:28:19.685]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is

cn=Operations,cn=DomainUpdates,cn=System,DC=abc,DC=com.
[2011/08/26:20:28:19.701]
LDAP API ldap_add_s() finished, return code is 0x44

我要發表回答

立即登入回答