Re: Tracing KCC activities besides using Ad diagnostic's
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 13 Dec 2006 10:29:48 -0600
"Waldr" <Waldr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA17F177-F511-4F65-8B69-2FE1152A256A@xxxxxxxxxxxxxxxx
thx for the reply herb,
- We have 4 DC's in site Alca, 3 in site Alboa and 2 in site Alni.
- We have a site link to from Alca to Alboa and a site link from Alca to
Alni.
- So due to the ring configuration you mean RET-DC's should have 2
connections to 2 dc's in the Alboa (intra) right?
Yes 1->2<->3->1 (two connetions each, inbound to each server)
- But should all the RET-DC's (in site Alca) should have additional 5
connections (2 with Alboa DC's,
NO. ONE of them should have a pair to ONE in Alboa
and 3 with the alni DC's). Or oly the
bridgehead server will have the 5 addtional connections?
NO, ONLY the Bridgehead will have a connection set with
ONE in each* other site (so two more sets for two more sites)
(Not five more.) ONLY bridgeheads specifically connect
to ONLY bridgeheads in other sites.
*Assuming each site is connected by a lower cost than the sum
of the costs through the remaining site. Otherwise the site
bridgehead servers will connect like this: 1BH<->2BH<->3BH
(Of course that could be 2-1-3 or 1-3-2 instead.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thx in advance Herb.
Waldemar
"Herb Martin" wrote:
"Waldr" <Waldr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:63AD4098-A646-46F2-BC2C-2013F952D224@xxxxxxxxxxxxxxxx
Thx for the reply Martin.
Call me Herb.
We have 4 dc's (RET-DC1, RET-DC2, RET-DC3 & RET-DC4)
Each are in the same building on sepparte floors and each floor consist
on
his own vlan. The servers ip are 10.135.11.2, 10.135.12.2, 10.135.13.2,
10.135.14.2 respectively. So we are have for subnets configure in the
site
and services 10.135.11.x, 10.135.12.x ect. All systems can ping and see
eacth
other. (we also tested the pinging of the GUID and all is ok) The main
site
is called Alca and it connects to 2 other sites Alboa and Alni
What is in those other sites if you only have four DCs and
they are in the same building? Although not an absolute rule,
there should generally be a DC in each site.
- I meant server connections not site links. (these are the ones that
should
be created automatically by kcc)
Yes, Connections is a technical term for the actual
pulls from DC to DC.
- For example RET-DC1 only have automatic connections to DC3, RET-DC3
only
have automatic connections to DC1 & DC2. Each DC should have at least 3
(intra) connectinos right?
No, each should have two Connections with 4 servers.
Every DC should be connected to two others in a logical
ring (1-2-3-4-backto1 or some such, as the numbers won't
necessarily match our human expectations of sequencing.)
If they do not then you likely have the site misdefined, some
DC in the wrong site, OR just plain old DNS problems which
accounts for most replication issues (but you do claim that
DCDiag passes with no replication or DNS errrors.)
- The servers in the other sites that this site is connected to does
appear
in the connectins in some of the DC's but not all of them.
That is likely correct behavior. DC in other site should be
connected to ONE of the DCs in this site in almost all cases.
If it is connected to more than one in this site then this implies
EITHER (or both) a Subnet-Site definition error or one or more
DCs in WRONG Site.
For instances if it looks like this: 1-2-OtherSiteDC-3-4-back to 1
this would imply that OtherSiteDC is in the wrong site for one
(or both of) those reasons (bad subnet defs, or just misplaced DC
because of prior bad subnet defs that have been corrected without
moving the DC to proper site, etc.)
Look in Sites and Services and show me you Subnets for EACH
site with Subnet masks. Also, check each DC and tell me which
site each DC shows itself in.
For example DC1
only have one automicatic connection to one server of the Alboa site
(that
site has 3 dc's). DC2 has mostly all the server connections. So
basically
why
one dc seems to have most of the automatic connections and others in
the
same
site does not?
If you mean the connections to the OTHER site then this is as
designed. One DC gets picked as Bridgehead server (at any
one time) and ONLY that DC replicates to and from other sites.
- Since we know that DNS is the first issues to check we have perform
all
the neccesary steps (in fact we had to because we just finish a Exch5.5
to
a
clustered Ex2003 migration) and we resolved all encountered error.
This does NOT mean you have it correct however.
Didn't you say that it passes DNS checks in DCDiag though?
(That is usually sufficient.)
- We also check all site naming and server locations and subnet
definition
and still no dice. That is the reason I like to dig deeper into kcc
functioning, so find out exactly what he looks for step by step so see
why
some servers get all the automatic connections and some don't.
Digging deeper into KCC is unlikely to fix the problem. Rechecking
the DNS, Sites, Subnets, Server to site assignments, firewall issues,
routing etc are likley to find and fix the problem (practically always
in fact.)
- Maybe you know of a active directory realtime tracing tool that can
show
all realtime changes in the AD once we select the "Check Topology"
option.
I find that tool to be near worthless and do my checks mentally
or with paper or graphics.
Detail your Sites and Services configuration if you need
more help.
I appreciate your input Martin. Thx in advance for any additional
comments
you might have.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Waldemar
"Herb Martin" wrote:
"Waldr" <Waldr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C3C4A8BE-169B-446B-B2DA-B64CCC56241E@xxxxxxxxxxxxxxxx
Dear MS,
We have a child domain consisting of 15 Win2000 DC's in a total of 5
sites.
We have setup manual links in site and services for some of the
sites
but
on
MS advice we like to remove all manual configurations and have kcc
create
all
connections automatically. (network is fully routed)
First: Site LINKS are always manual. You must create these,
as well as Subnets to define the sites.
Generally you should NOT be creating CONNECTIONS which
is the KCCs job 99.99% of the time.
Anyone who advised that without specific reasons is suspect.
Have have remove all manual configurations and let kcc do the job.
We
notice
that on some of the site (one for example that have 4 dc's) not all
DC's
connections are created automatically by kcc. We have checked all
dns
issues
using net & dc diag and dnslint, check all sysvol shares and enable
diagnostic logging (set it to level 3 and 5).
Are you saying there are DCs with NO connection objects in
the same site (where other DCs appear)?
Generally each DC should have two (sometimes 3 if the site
has many DCs) inbound and 2 (or 3) outbound to other DCs.
If this doesn't happen the first thing is to check DNS (and other
IP/firewall issues.)
Then look to see if the DCs are really "in the correct site"
based on the Subnet definitions -- and the actual location
in the Sites containers.
After this, try Time Sync checks and recheck DCDiag again
to make sure you have both DNS and replication working.
We are not receiving any dns nor kcc errors in the eventlogs but
still
the
automatic connections are not created on some of the DC's.
Which? Give IP addresses and subnets for that Site.
State which have connections (in which direction) and
which do not.
So basically we no other error to troubleshoot and the kcc is not
doing
the
job properly and we don't like to create manual connections.
You are correct to avoid this and fix the REAL problem.
Is there a specific documented steps (or kcc tracing tool) that we
can
follow to exactly see where the kcc is failing? Is there a place in
AD
where
some info must be available for kcc to add the automatic links
between
the
DC's.
Probably the KCC has the "wrong information" due to
either DNS, Sites, Subnet definitions, or one or more
DCs being located in the "wrong Site container."
We like to fix the issue for the local site first (intra) and then
troubleshoot the remote site links (inter)
If the problem is to other between different sites there
should generally be only ONE DC (the BridgeHead server)
making the connections outside the site, and you might
check Schedules on the Site Link if that doesn't happen.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Any help will be appreciated.
Waldemar
.
- References:
- Re: Tracing KCC activities besides using Ad diagnostic's
- From: Herb Martin
- Re: Tracing KCC activities besides using Ad diagnostic's
- From: Waldr
- Re: Tracing KCC activities besides using Ad diagnostic's
- From: Herb Martin
- Re: Tracing KCC activities besides using Ad diagnostic's
- From: Waldr
- Re: Tracing KCC activities besides using Ad diagnostic's
- Prev by Date: Configured Identity incorrect for COM applications using Windows 2000 server
- Next by Date: nltest and the /force option for dsgetdc
- Previous by thread: Re: Tracing KCC activities besides using Ad diagnostic's
- Next by thread: Exchange 2003 in a failed DC envirornment
- Index(es):
Relevant Pages
|
