ADUC could not retrieve site information for a specific DC
SYMPTOM
==================
There are 4 DCs in this domain
1. When running account lockout tool on DC02 we could not see DC01 from the tool, all other DCs in the same domain does not have this problem
2. Netlogon.log on DC02 show the following
01020 04/06 23:07:40 [SITE] DC list: Taiwan CADCTMP.domain.com
01021 04/06 23:07:40 [SITE] DC list: Canada cadc02.domain.com
01022 04/06 23:07:40 [SITE] DC list: (null) CADC01.domain.com <= Null值,取得不到 Site Information
01023 04/06 23:07:40 [CRITICAL] DC: (null) CADC01.domain.com: isn't a site returned from ISM. (ignored)
01024 04/06 23:07:40 [SITE] DC list: Canada CADC06.domain.com
3. NetDiag.log on DC02 show the following
DC list for domain DomainName:
CADCTMP.domain.com [DS] Site: Taiwan
cadc02.domain.com [PDC emulator] [DS] Site: Canada
CADC01.domain.com <= 同樣取得不到 Site Information
CADC06.domain.com [DS] Site: Canada
4. On DC02, ADUC could not retrieve site information for DC01
5. Ran this command on DC02, nltest /dclist:domain.com, which lists all DCs in the domain except it failed to report DC01's Site name in the dclist results.
CAUSE
==================
When a DC object deleted in adsiedit.msc the forward link on the corresponding Server object in the configuration partition has its serverReference attribute cleared. When the security principal (DC) is authoritatively restored the forward link is corrected only on the DC where the restore from backup was performed but the forward link does not replicate out because the server object in the configuration partition was not marked authoritative.
RESOLUTION
==================
1. Backup DC02
有關 System State 備份,請參考以下資訊
We can perform system state backup first before restore default security setting.
To create a system state backup with no prompts to the user and save it to volume F, type: (https://technet.microsoft.com/en-us/library/cc753201.aspx)
wbadmin start systemstatebackup -backupTarget:F: -quiet To run a system state recovery of the backup from 04/30/2005 at 9:00 A.M. that is stored on the remote shared folder \servernameshare for server01, type: (
https://technet.microsoft.com/en-us/library/cc753789.aspx)
wbadmin start systemstaterecovery -version:04/30/2005-09:00 -backupTarget:\servernameshare -machine:server01
2. On DC02, open adsiedit.msc
a. connect to the configuration partition
b. expand the following path:
CN=Configuration,CN=Sites,CN=<Site_Name>,CN=Servers,CN=DC01
c. right click on "CN=DC01" and select "Properties"
d. Find the "serverReference" attribute and replace the value from "<not set>" to a correct value. Ie, "CN=DC-NAME,OU=Domain Controllers,DC=domain,DC=com"
Check if the problem is solved.