域组策略不通过站点间VPN更新。
域组策略不通过站点间VPN更新。
提问于 2020-04-28 10:38:31
我有两个网站:
192.168.10.0/24 -主要地点,这是DC的所在地。
192.168.20.0/24 -远程站点,通过站点到站点VPN连接。
在主网站上一切都很好,GPO正在更新给成员。
在远程站点上,我可以与域用户登录,我可以通过IP地址和主机名来平DC服务器,我可以通过%logonserver%访问DC,我可以打开SYSVOL和NETLOGON文件夹。
问题是我不能更新GPO。如果我尝试运行gpupdate /force,我会得到以下内容:
Updating policy...
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.运行GPRESULT /H GPReport.html我得到以下信息:
INFO: The user "DOMAIN\user" does not have RSoP data.在事件查看器中,我有错误代码7017和7320。
GpLogView返回以下内容:
GPLogView.exe -a 965ecff1-4502-4f7a-9d82-1c0fb1d92734
Processing events...
2020-04-28 12:27:10.440 4005 Starting manual processing of policy for user DOMAIN\user.
Activity id: {965ecff1-4502-4f7a-9d82-1c0fb1d92734}
2020-04-28 12:27:10.443 5340 The Group Policy processing mode is Background.
2020-04-28 12:27:10.444 5320 Attempting to retrieve the account information.
2020-04-28 12:27:10.444 4017 Making system call to get account information.
2020-04-28 12:27:11.070 7017 The system call to get account information completed.
The call failed after 641 milliseconds.
2020-04-28 12:27:11.070 5320 Retrying to retrieve account information.
2020-04-28 12:27:11.570 4017 Making system call to get account information.
2020-04-28 12:27:12.210 7017 The system call to get account information completed.
The call failed after 625 milliseconds.
2020-04-28 12:27:12.210 5320 Retrying to retrieve account information.
2020-04-28 12:27:12.711 4017 Making system call to get account information.
2020-04-28 12:27:13.420 7017 The system call to get account information completed.
The call failed after 704 milliseconds.
2020-04-28 12:27:13.420 5320 Retrying to retrieve account information.
2020-04-28 12:27:13.921 4017 Making system call to get account information.
2020-04-28 12:27:14.468 7017 The system call to get account information completed.
The call failed after 546 milliseconds.
2020-04-28 12:27:14.468 7320 Error: Retrieved account information. Error code 0x80090322.
2020-04-28 12:27:14.470 1053 The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
2020-04-28 12:27:14.473 8005 Completed manual processing of policy for user DOMAIN\user in 4 seconds.
Processed 17 records.据我所见,所有所需的端口都是开放的。
关于下一步我应该排除什么问题,有什么建议吗?
回答 1
Server Fault用户
发布于 2021-03-17 22:08:55
我们得到了一个类似的错误The processing of Group Policy failed. Windows could not resolve the computer name.,对我们来说,问题是时钟是不同步的。而且它们不会与AD同步,因为它们不同步(安全问题?)。不管怎么说,那是只鸡和鸡蛋。
我强迫时钟同步:
w32tm /config /manualpeerlist:"time.google.com" /syncfromflags:manual /reliable:yes /updategpupdate跑得很成功。这可能对你有帮助。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1014573
复制相关文章
相似问题
腾讯云开发者
