通信人家园

标题: APG强制同步流程文档 [查看完整版帖子] [打印本页]

时间: 2015-6-3 09:36

作者: yueyuping100 标题: APG强制同步流程文档

Please Make Sure both Node time is correct.

net time \\192.168.169.1 && net time \\192.168.169.2
"c:\program files\ap\apos\clone\"repadmin /showtime
w32tm /tz

@@put netdom.exe to apg both node c:\winnt\system32\

!On Both node, Force replication:

!AP Commands:
"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1A /A
"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1B /A

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
!1. Get hostname, Domain Name and naming context.
dsquery computer

!2.Verify Node A replication options.
"c:\program files\ap\apos\clone\"repadmin /options JIBSC54AP1A

!3. Verify Node B replication options.
"c:\program files\ap\apos\clone\"repadmin /options JIBSC54AP1B

!4. On Node A, Change registry setting to Allow Replication with Divergent and Corrupt Partner.
reg add \\192.168.169.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Allow Replication With Divergent and Corrupt Partner" /t REG_DWORD /d 1 /f
reg add \\192.168.169.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Strict Replication Consistency" /t REG_DWORD /d 0 /f

reg query \\192.168.169.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

!5. On Node B, Change registry setting to Allow Replication with Divergent and Corrupt Partner.
reg add \\192.168.169.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Allow Replication With Divergent and Corrupt Partner" /t REG_DWORD /d 1 /f
reg add \\192.168.169.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Strict Replication Consistency" /t REG_DWORD /d 0 /f

reg query \\192.168.169.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

!6. On Both nodes, Force replication:

"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1A /A
"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1B /A

!7. Verify the replication status:
"c:\program files\ap\apos\clone\"repadmin /showrepl JIBSC54AP1A
"c:\program files\ap\apos\clone\"repadmin /showrepl JIBSC54AP1B
"c:\program files\ap\apos\clone\"repadmin /replsummary

!If the Replication is successful, then go to step 20.
!Otherwise continue.

!8. On Node A, Stop Kerberos Key distribution center service and set it to manual.

fchstate -m kdc
fchstate -q kdc
net stop "Kerberos Key Distribution Center"

!9. On Node A, Reset Node B?s machine account password
set | findstr /i domain
netdom resetpwd /S:JIBSC54AP1B /UD:JIBSC54AP1D\Administrator /pd:YThlr2admIN

!(Where: <Password> is the Administrator password)

!10. On Node A, Reboot the node and reconnect to Node A.

@@prcboot

!11. On Node A, Restart Kerberos Key distribution Center service and set it to Automatic
! (Note: The KDC might hang when starting for the first time or you may get an error "The
!service did not respond in a timely manner" or "The Kerberos Key Distribution Center
!service could not be started.". Ignore this, Wait for 2-3 minutes and restart the service.)

fchstate -a kdc
fchstate -q kdc
net start "Kerberos Key Distribution Center"

!12. On Node B, Stop Kerberos Key distribution center service and set it to manual.

fchstate -m kdc
fchstate -q kdc
net stop "Kerberos Key Distribution Center"

!13. On Node B, Reset Node A?s machine account password:

netdom resetpwd /S:JIBSC54AP1A /UD:JIBSC54AP1D\administrator /pd:YThlr2admIN

!14. On Node B, Reboot the node and reconnect to Node B.

@@prcboot

!15. On Node B, Restart Kerberos Key distribution center service and set it to Automatic
!(Note: The KDC might hang when starting for the first time or you may get an error "The
!service did not respond in a timely manner" or "The Kerberos Key !Distribution Center
!service could not be started.". Ignore this, Wait for 2-3 minutes and restart the service.)

fchstate -a kdc
fchstate -q kdc
net start "Kerberos Key Distribution Center"

!16.  On Node B, Reset the secure Channel by using command:

netdom reset JIBSC54AP1B /Domain:JIBSC54AP1D /Server:JIBSC54AP1A


!17. Verify that the Secure channel is working on both nodes:

netdom /verify JIBSC54AP1B /Domain:JIBSC54AP1D

!18. On Both node, Force replication:

"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1A /A
"c:\program files\ap\apos\clone\"repadmin /syncall JIBSC54AP1B /A

!19. Verify the replication status:

"c:\program files\ap\apos\clone\"repadmin /showrepl JIBSC54AP1A
"c:\program files\ap\apos\clone\"repadmin /showrepl JIBSC54AP1B
"c:\program files\ap\apos\clone\"repadmin /replsummary

!20. It has been seen that in some cases the fault will re-occurs in a few
!minutes if setupservices is not performed.
!Execute the setupservices on both nodes, no reboot is needed.

setupservices

!21. On node B, restore configuration.

reg delete \\192.168.169.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Allow Replication With Divergent and Corrupt Partner" /f
reg add \\192.168.169.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Strict Replication Consistency" /t REG_DWORD /d 1 /f

!22. On node A, restore configuration

reg delete \\192.168.169.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Allow Replication With Divergent and Corrupt Partner" /f
reg add \\192.168.169.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "Strict Replication Consistency" /t REG_DWORD /d 1 /f

!23. Verify that USNs are OK, All times should be close (see Time in example)

dsquery computer
"c:\program files\ap\apos\clone\"repadmin /showutdvec JIBSC54AP1A DC=JIBSC54AP1D,DC=int
"c:\program files\ap\apos\clone\"repadmin /showutdvec JIBSC54AP1B DC=JIBSC54AP1D,DC=int

24. Perform new backups on both nodes.

通信人家园 (https://www.txrjy.com/)