SYMPTOM ================== There are 4 DCs in this domain
1. When running account lockout tool on DC02 we could not see DC01 from the tool, all other DCs in the same domain does not have this problem
2. Netlogon.log on DC02 show the following 01020 04/06 23:07:40 [SITE] DC list: Taiwan CADCTMP.domain.com 01021 04/06 23:07:40 [SITE] DC list: Canada cadc02.domain.com 01022 04/06 23:07:40 [SITE] DC list: (null) CADC01.domain.com <= Null值，取得不到 Site Information 01023 04/06 23:07:40 [CRITICAL] DC: (null) CADC01.domain.com: isn't a site returned from ISM. (ignored) 01024 04/06 23:07:40 [SITE] DC list: Canada CADC06.domain.com
3. NetDiag.log on DC02 show the following DC list for domain DomainName: CADCTMP.domain.com [DS] Site: Taiwan cadc02.domain.com [PDC emulator] [DS] Site: Canada CADC01.domain.com <= 同樣取得不到 Site Information CADC06.domain.com [DS] Site: Canada
4. On DC02, ADUC could not retrieve site information for DC01
5. Ran this command on DC02, nltest /dclist:domain.com, which lists all DCs in the domain except it failed to report DC01's Site name in the dclist results.
CAUSE ================== When a DC object deleted in adsiedit.msc the forward link on the corresponding Server object in the configuration partition has its serverReference attribute cleared. When the security principal (DC) is authoritatively restored the forward link is corrected only on the DC where the restore from backup was performed but the forward link does not replicate out because the server object in the configuration partition was not marked authoritative.
RESOLUTION ================== 1. Backup DC02 有關 System State 備份，請參考以下資訊 We can perform system state backup first before restore default security setting.
To create a system state backup with no prompts to the user and save it to volume F, type: (http://technet.microsoft.com/en-us/library/cc753201.aspx) wbadmin start systemstatebackup -backupTarget:F: -quiet To run a system state recovery of the backup from 04/30/2005 at 9:00 A.M. that is stored on the remote shared folder \\servername\share for server01, type: ( http://technet.microsoft.com/en-us/library/cc753789.aspx) wbadmin start systemstaterecovery -version:04/30/2005-09:00 -backupTarget:\\servername\share -machine:server01
2. On DC02, open adsiedit.msc a. connect to the configuration partition b. expand the following path: CN=Configuration,CN=Sites,CN=<Site_Name>,CN=Servers,CN=DC01 c. right click on "CN=DC01" and select "Properties" d. Find the "serverReference" attribute and replace the value from "<not set>" to a correct value. Ie, "CN=DC-NAME,OU=Domain Controllers,DC=domain,DC=com"
Check if the problem is solved.