有的時候您會遇到 NTBackup 無法備份 DC 的 System State 或是你在系統日誌裡發現:

Event Type:          Error
Event Source:      NTBackup
Event Category:  None
Event ID:               8012
Description:
The 'Active Directory' returned '發生讀取驗證錯誤。
' from a call to 'BackupRead()' additional data '-'

Event Type:          Error
Event Source:      ESENT
Event Category:  Logging/Recovery
Event ID:               474
Description:
lsass (504) The database page read from the file "C:\WINDOWS\NTDS\ntds.dit" at offset 77594624 (0x0000000004a00000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 3561104104 (0xd44222e8) and the actual checksum was 3920450040 (0xe9ad51f8).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

針對此問題請您檢查資料庫檔案的一致性。
請您重開機按 F8 並進入 Directory Service Restore Mode 安全模式
1. Enter "Directory Service Restore Mode"
2. Open "cmd" prompt
3. Run "ntdsutil" and enter
4. Run "files" and enter
5. Run "info" and enter
6. Open regedit
    - Go to HKLM\System\CurrentControlSet\Services\ntds\paramaters
    - Make sure the path info matches:

7. Make sure System and Administrators have full control of the "\%windir%\ntds" folder

如果上述資料確認無誤，請繼續執行以下步驟:
1. Open "cmd" prompt
2. Run "ntdsutil" and enter
3. Run "files"
4. Run "integrity"
5. Run "recover"
6. Run "q"
7. Run "sem d a"
8. Run "go fix"

如果 "go fix" 指令執行時遇到錯誤，代表資料庫有問題，請執行:
9. Run "esentutl /p C:\winnt\ntds\ntds.dit /!10240 /8 /v /x /o" (this attempts to repair the database)

如果 "esentutl" 指令依然修復不了資料庫，建議您將 DC 降級，重新升級該 DC。

Issue:
======
Remote Assistance does not allow control - Imaged machines only

Not able to remote control a remote assistance session.

PROBLEM:
=======
You were unable to “Take Control” of a Remote Assistance machine, after establishing a connection to the Windows XP SP2 machine. This issue only occurs on Windows XP machines that were part of your standard image.

RESOLUTION:
===========
We finally discovered that there were missing registry keys on the Novice machine, thus preventing us from Taking Control of the machine.

The following steps corrected this issue:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\RDP_KBD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\RDP_MOU

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\RDPDR

To fix this, follow these steps:

1. Export the above keys from a working machine

2. On the failing machine, make sure you have permissions to write to the above keys

3. Import these keys to the failing machine

4. Reboot

Symptoms

From cluster setup log(ClCfgSrv.log)

2008-10-14 16:11:38.873 [ERR ] S01: 正在檢查所有節點都可以存取仲裁資源... (hr=0x800713de, {EBC8AEFF-10C3-4D5B-AC17-FC0F4C3871B7}, {B8C4066E-0246-4358-9DE5-25603EDD0CA0}, 0, 3, 3), (null)

2008-10-14 16:11:38.952 [ERR ] S01: (null) (hr=0x800713de, {FDC75680-7DBB-42CA-8003-E4CDB01FF062}, {EBC8AEFF-10C3-4D5B-AC17-FC0F4C3871B7}, 0, 8, 8), (null)

From UI

Solution︰

Use Advanced (minimum) configuration to pass the verification

Cluster setup may not work when you add nodes

<http://support.microsoft.com/kb/331801/en-us>

執行Regedit

在HKEY_LOCAL_MACHINE/System/CurrentControlSet/

新增機碼StorageDevicePolicies

新增Data Type:DWORD, Value Name:WriteProtect, Value為1

請您用 ADSIEdit.msc 檢視 CN=Domain System Volume (SYSVOL share) 下面的複寫 Member 物件是否不見了。如果物件遺失，就會導致 DC 無法進行 FRS 抄寫。請您跟著以下步驟操作，手動把 FRS Member 物件建置回來。

參考 KB 文件: Recovering missing FRS objects and FRS attributes in Active Directory http://support.microsoft.com/kb/312862/en-us

Recovering deleted FRS member objects (此段文章擷取於部份 KB 312862 內容)
===============================================
In the following procedure, you are using ADSIedit to re-create a deleted member object for the domain controller \\DC1 in the SYSVOL replica set of the A.COM domain where \\DC1 is the name of the domain controller and A.COM is the domain name.

Note ADSIedit is the preferred tool for creating missing objects and attributes because it has a drop-down list of attributes and objects that you can use to help avoid syntax errors.

To recover a deleted FRS member object:
1. Start ADSIedit. Connect to the domain partition on a domain controller that is a member of the domain that is hosting the missing FRS member object.
2. Review the required attributes and the optional attributes for a healthy member object in the same replica set.

For a SYSVOL replica set in the A.COM domain, the DN path is:
DN Path                                                                                  ObjectClass
DC=A,DC=COM                                                                     Root Domain NC
 CN=SYSTEM,                                                                          Container
   CN=File Replication Service                                            nTFRSSettings
      CN=Domain System Volume (SYSVOL share)        nTFRSReplicaSet
Note LDP is the preferred tool in this step because you can look at all of the attributes in a single screen. ADSIedit works better for small attribute sets.

3. In ADSIedit, in the console tree, right-click the name of the FRS replica set to which you want to add the missing member, \\DC1, click New, and then click Object:
(CN=Domain System Volume (SYSVOL share),CN=File Replication Service...) 

4. In the Create Object Wizard, click nTFRSMember, and then click Next.

5. Type the host name of the computer (DC1 in this example) in the Value box, and then click Next.

6. Click More Attributes, and then click BOTH in the Select which properties to view list.

7. Under Edit Attribute, configure the following attributes. Click SET after each entry:
‧ Frs-Computer-Reference:
    ‧ Expected Value: DN path of computer account in domain NC
    ‧ Example: CN=DC1,OU=Domain Controllers,DC=a,DC=com

‧ InstanceType:
    ‧ Expected Value: 4 for SYSVOL, 2 for DFS replica sets
    ‧ Example: 4

‧ Server-Reference:
    ‧ Expected Value: DN path of NTDS Settings object from Configuration partition
    ‧ Example: CN=NTDS Settings,CN=DC1,CN=Servers,CN=USA-CORP,CN=Sites,CN=Configuration,DC=a,DC=com

8. Update the FrsMemberReference attribute on the NtFrsSubscriber object:
a.  In ADSIedit, in the console tree, navigate to the NtFrsSubscriber object for same replica set that you used in step 2:
     CN=NTFRS Subscriptions,CN=ARRENC1,OU=Domain Controllers,DC=a,DC=com 
b.  Right-click NtFrsSubscriber, and then click Properties. You can view the properties in the detail pane:
     CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions 
c.  On the Attributes tab, set Select which properties to view to OPTIONAL.

9. Under Edit Attribute, configure the following attributes. Click SET after each entry:
‧ FrsMemberReference:
    ‧ Expected Value: The DN path of the FRS member object for the matching replica set, which is SYSVOL in this example.
    ‧ Example: CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=a,DC=com
    ‧ Result: Populates the fRSMemberReferenceBL attribute on the member object in:
        CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=a,DC=com 

其它參考知識文件：
How To Configure Site Link Attributes
===============================
1. Open the Active Directory Sites and Services console
2. Open the Sites folder, and then open the Inter-Site Transports folder.
3. Open the IP folder or SMTP folder which contains the site link that you want to configure site link attributes for.
4. Right-click the particular site link and then select Properties from the shortcut menu.
    a. In the Description box in the General tab of the Properties dialog box for the site, you can enter a description for the site link.
    b. In the Cost box, you can change the default cost for the site link, and assign a cost to the link. The default cost setting is 100.
    c. In the Replicate Every box, you can change the default replication interval. This is basically the number of minutes between replications. The default setting is 180 minutes. The shortest replication interval that can be set is 15 minutes, and the longest interval that can be specified is 10,080 minutes.
    d. Click the Change Schedule button to configure when the site link is available for replication.
    e. When the Schedule dialog box for the site link opens, you can set when the site link is available for replication, or when it is not available for replication.
    f. Click OK to save configuration changes you made in the Schedule dialog box.
5. Click OK to save changes in the Properties dialog box of the site.
http://technet.microsoft.com/en-us/library/cc755994.aspx#w2k3tr_repto_how_bwzg