Replication errors – NTDS KCC

---

• From: sctrojans83 <gundamdiep@xxxxxxxxx>
• Date: Tue, 25 Jul 2006 14:57:02 -0700

---

We are having issues with a remote site (RM01) not replicating data back to
our HQ site. From HQ to RM01 there is no issue. The two sites are connected
via a VPN connection. All traffic between the 2 sites is allowed to pass
freely without any ports being blocked. We are getting the following errors
in the event viewer in the server in HQ every 15 minutes
Error 1311, Warnings 1865, 1566, 1232

The following 1311 error gave us concern.

- - - - - - - - - -
Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 7/24/2006
Time: 1:26:30 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: HQW3DC2
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the
following directory partition.

Directory partition:
CN=Configuration,DC=internal,DC=dhome,DC=com

There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is probably
due to inaccessible domain controllers.
User Action
Use Active Directory Sites and Services to perform one of the following
actions:
- Publish sufficient site connectivity information so that the KCC can
determine a route by which this directory partition can reach this site. This
is the preferred option.
- Add a Connection object to a domain controller that contains the directory
partition in this site from a domain controller that contains the same
directory partition in another site.

If neither of the Active Directory Sites and Services tasks correct this
condition, see previous events logged by the KCC that identify the
inaccessible domain controllers. For more information, see Help and Support
Center at http://go.microsoft.com/fwlink/events.asp.
- - - - - - - - - -

We have 7 sites total and only 2 sites are having issues. We though it may
be this issue with Windows Server SP1 and the Firewall so we applied the
following hotfix, http://support.microsoft.com/kb/899148/en-us but that
didn’t fix our issue. When then tried manually creating the Active Directory
Connection in the Sites and Services but that did not resolve our issue, so
we deleted all the connections to the remote site (RM01) and let the KCC
automatically rebuild the connections.

The KCC did recreate the <automatically generated> connections for HQ to
RM01 and we can see this from all our DCs. But from RM01 to HQ it does not
show an <automatically generated> connection when viewing the AD Sites and
Services from any DC besides RM01.
So it looks like replication traffic is still flowing only in one direction.
From HQ to RM01 is fine but nothing going the other direction. For the past
3 hours we have not gotten any 1311 errors but warnings 1925 in random
intervals.

- - - - - - - - - -
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1925
Date: 7/25/2006
Time: 2:38:56 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: HQW3DC2
Description:
The attempt to establish a replication link for the following writable
directory partition failed.

Directory partition:
CN=Configuration,DC=internal,DC=dhome,DC=com
Source domain controller:
CN=NTDS
Settings,CN=ELMW3DC1,CN=Servers,CN=ElM,CN=Sites,CN=Configuration,DC=internal,DC=decorehome,DC=com
Source domain controller address:
63cec3b5-c130-4313-805c-6a0f0d19ff4c._msdcs.internal.decorehome.com
Intersite transport (if any):
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=internal,DC=decorehome,DC=com

This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.

User Action
Verify if the source domain controller is accessible or network connectivity
is available.

Additional Data
Error value:
1727 The remote procedure call failed and did not execute.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
- - - - - - - - - -

Any help would be greatly appreciated. Thank you.


.

---

• Follow-Ups:
  • Re: Replication errors - NTDS KCC
    • From: Jorge Silva

• Prev by Date: Re: Deleted computer Account
• Next by Date: Re: Schema errors when trying to update for 2003 R2
• Previous by thread: Re: Deleted computer Account
• Next by thread: Re: Replication errors - NTDS KCC
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Replication errors - NTDS KCC ... following directory partition. ... Sites and Services for the KCC to create a spanning tree replication ... Add a Connection object to a domain controller that contains the ... (microsoft.public.windows.server.active_directory) Re: Replication errors - NTDS KCC ... following directory partition. ... Sites and Services for the KCC to create a spanning tree replication ... Add a Connection object to a domain controller that contains the ... (microsoft.public.windows.server.active_directory) Re: server 2003 [error_netname_deleted] ... Domain Controller Diagnosis ... Starting test: Connectivity ... can replicate the directory partition over this ... (microsoft.public.windows.server.active_directory) Re: active directory replication ... Domain Controller Diagnosis ... Starting test: Connectivity ... replicas and are not verifiably latent, or dc's no longer replicating this ... can replicate the directory partition over this ... (microsoft.public.windows.server.active_directory) Re: Global Catalog not installing ... The local domain controller has been selected to be a global catalog. ... the domain controller does not host a read-only replica of the ... following directory partition. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-08