У меня 2 сайта:
192.168.10.0/24 - основной site, вот где находится DC.
192.168.20.0/24 - удаленный сайт, подключенный через сайт-сайт VPN.
На основном сайте все работает нормально, GPO обновляются для участников.
На удаленном сайте я могу войти в систему с пользователем домена, я могу проверить связь с сервером DC через IP-адрес и имя хоста, я могу получить доступ к DC через% logonserver% и могу открыть папки SYSVOL и NETLOGON.
Проблема в том, что я не могу обновить GPO. Если я попытаюсь запустить gpupdate / force, я получу следующее:
Updating policy...
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Запустив GPRESULT / H GPReport.html, я получаю следующее:
INFO: The user "DOMAIN\user" does not have RSoP data.
В средстве просмотра событий у меня есть коды ошибок 7017 и 7320.
GpLogView возвращает это:
GPLogView.exe -a 965ecff1-4502-4f7a-9d82-1c0fb1d92734
Processing events...
2020-04-28 12:27:10.440 4005 Starting manual processing of policy for user DOMAIN\user.
Activity id: {965ecff1-4502-4f7a-9d82-1c0fb1d92734}
2020-04-28 12:27:10.443 5340 The Group Policy processing mode is Background.
2020-04-28 12:27:10.444 5320 Attempting to retrieve the account information.
2020-04-28 12:27:10.444 4017 Making system call to get account information.
2020-04-28 12:27:11.070 7017 The system call to get account information completed.
The call failed after 641 milliseconds.
2020-04-28 12:27:11.070 5320 Retrying to retrieve account information.
2020-04-28 12:27:11.570 4017 Making system call to get account information.
2020-04-28 12:27:12.210 7017 The system call to get account information completed.
The call failed after 625 milliseconds.
2020-04-28 12:27:12.210 5320 Retrying to retrieve account information.
2020-04-28 12:27:12.711 4017 Making system call to get account information.
2020-04-28 12:27:13.420 7017 The system call to get account information completed.
The call failed after 704 milliseconds.
2020-04-28 12:27:13.420 5320 Retrying to retrieve account information.
2020-04-28 12:27:13.921 4017 Making system call to get account information.
2020-04-28 12:27:14.468 7017 The system call to get account information completed.
The call failed after 546 milliseconds.
2020-04-28 12:27:14.468 7320 Error: Retrieved account information. Error code 0x80090322.
2020-04-28 12:27:14.470 1053 The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
2020-04-28 12:27:14.473 8005 Completed manual processing of policy for user DOMAIN\user in 4 seconds.
Processed 17 records.
Насколько я понимаю, все необходимые порты открыты.
Какие-нибудь советы о том, что мне делать дальше?