سلام .من اکتیودارکتوری خود رو با دستور dcdiag تست کردم و چند مورد خطا داره لطفا بگین چطوری این خطا رو رفع کنم
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER-AC2012
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER-AC2012
Starting test: Connectivity
......................... SERVER-AC2012 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER-AC2012
Starting test: Advertising
Warning: SERVER-AC2012 is not advertising as a time server.
......................... SERVER-AC2012 failed test Advertising
Starting test: FrsEvent
......................... SERVER-AC2012 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... SERVER-AC2012 failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER-AC2012 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER-AC2012 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER-AC2012 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER-AC2012 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER-AC2012 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER-AC2012 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER-AC2012 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER-AC2012] A recent replication attempt failed:
From SERVER2016DC2 to SERVER-AC2012
Naming Context: DC=ForestDnsZones,DC=khayam,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2022-08-07 19:18:02.
The last success occurred at 2020-06-11 08:19:29.
19062 failures have occurred since the last success.
[SERVER2016DC2] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[SERVER2019DC2] DsBindWithSpnEx() failed with error 1398,
There is a time and/or date difference between the client and server..
[Replications Check,SERVER-AC2012] A recent replication attempt failed:
From SERVER2016DC2 to SERVER-AC2012
Naming Context: DC=DomainDnsZones,DC=khayam,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2022-08-07 19:18:02.
The last success occurred at 2020-06-11 08:19:29.
19062 failures have occurred since the last success.
[Replications Check,SERVER-AC2012] A recent replication attempt failed:
From SERVER2016DC2 to SERVER-AC2012
Naming Context: CN=Schema,CN=Configuration,DC=khayam,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2022-08-07 19:18:02.
The last success occurred at 2020-06-11 08:19:29.
19061 failures have occurred since the last success.
[Replications Check,SERVER-AC2012] A recent replication attempt failed:
From SERVER2016DC2 to SERVER-AC2012
Naming Context: CN=Configuration,DC=khayam,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2022-08-07 19:18:02.
The last success occurred at 2020-06-11 08:19:29.
19062 failures have occurred since the last success.
[Replications Check,SERVER-AC2012] A recent replication attempt failed:
From SERVER2016DC2 to SERVER-AC2012
Naming Context: DC=khayam,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2022-08-07 19:18:02.
The last success occurred at 2020-06-11 08:31:02.
19059 failures have occurred since the last success.
......................... SERVER-AC2012 failed test Replications
Starting test: RidManager
......................... SERVER-AC2012 passed test RidManager
Starting test: Services
Invalid service startup type: NETLOGON on SERVER-AC2012, current value DEMAND_START, expected value
AUTO_START
......................... SERVER-AC2012 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 08/07/2022 19:01:44
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server2019dc2$. The target name used was KHAYAM\SERVER2016DC2$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (KHAYAM.LOCAL) is different from the client domain (KHAYAM.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 08/07/2022 19:18:02
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server2019dc2$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/c54ec21c-e264-4cb0-a5ca-4f370c223d22/khayam.local@khayam.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (KHAYAM.LOCAL) is different from the client domain (KHAYAM.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
A warning event occurred. EventID: 0x80000025
Time Generated: 08/07/2022 19:36:45
Event String:
The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
A warning event occurred. EventID: 0x80000023
Time Generated: 08/07/2022 19:36:45
Event String:
The Key Distribution Center (KDC) encountered a ticket-granting-ticket (TGT) from another KDC (SERVER2019DC2) that did not contain a PAC attributes field. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
An error event occurred. EventID: 0x40000004
Time Generated: 08/07/2022 19:41:46
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server2019dc2$. The target name used was LDAP/c54ec21c-e264-4cb0-a5ca-4f370c223d22._msdcs.khayam.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (KHAYAM.LOCAL) is different from the client domain (KHAYAM.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000005
Time Generated: 08/07/2022 19:41:46
Event String:
The Kerberos client received a KRB_AP_ERR_TKT_NYV error from the server server2019dc2$. This indicates that the ticket presented to that server is not yet valid (due to a discrepancy between ticket and server time. Contact your system administrator to make sure the client and server times are synchronized, and that the time for the Key Distribution Center Service (KDC) in realm KHAYAM.LOCAL is synchronized with the KDC in the client realm.
......................... SERVER-AC2012 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER-AC2012 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : khayam
Starting test: CheckSDRefDom
......................... khayam passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... khayam passed test CrossRefValidation
Running enterprise tests on : khayam.local
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... khayam.local failed test LocatorCheck
Starting test: Intersite
......................... khayam.local passed test Intersite
