Noah, Did you try running netdiag on the DCs to look for DNS errors? Make sure that each server has registered its guid name in DNS. The KCC uses these records when creating replication links. These records should be in the _msdcs folder. You should be able to ping using the record.
----- Original Message ----- From: "Noah Eiger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 28, 2002 2:16 PM Subject: RE: [ActiveDir] KCC Error > Rick, thanks for the suggestions. > > First, the general setup is this: sites A, B, and C. Let's call A the hub > and C the "problem" site. Each has one DC that runs its own DNS. Each has > been designated a GC. They use PPTP tunnels to reach the hub -- this > communication appears to be working fine. > > To answer some of your questions: > - There has always been one server per site. The "move" was only within > dssite since when you first run DCPROMO over a WAN, it does not put it in > the proper site automatically. > - There are two IP site links: A-B and A-C, each containing only their > respective members. Subnets and static routes in rrasmgmt.msc are correct. > > I suspect this is a DNS problem but do not know how to resolve it. From any > site, nslookup (pointing to the local DNS server) finds all the other DCs by > full name. However, if I look in dnsmgmt, I get different results depending > on the server. For example, from the hub (A), there is no entry for site C > when I look in: ..._msdcs>dc>_sites> Also, under ..._tcp, there are listings > servers A and B but not C for the _gc, _kerberos, _ldap, etc. > > I will spare you more minutae. Any ideas how I can get A to recognize C in > DNS? I have tried ipconfig /registerdns and netdiag /fix both to no avail. > > Thanks again. > > nme > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Kingslan > > Sent: Friday, September 27, 2002 9:22 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] KCC Error > > > > > > Noah, > > > > Pardon my confusion. I'm trying to get my mind around the problem that > > you're experiencing, but something didn't quite make sense. > > > > If there is one server per site, were there two servers in a site, and > > that is what prompted the move? Also, DNS - is there DNS on each > > server? Is there an A record for the server with the other missing > > records? > > > > Now, on to somethings that might assist in finding the problem: > > > > I suspect that there is no site link defined for the site in which the > > DC that you moved is now located. If there is no site link object, then > > the Inter-Site Topology Generator will not have sufficient information > > in which to replicate with the DC in the 'foreign' site. The site that > > the server WAS in DID have a link, and the local replication > > (intra-site) worked fine between the two servers. Moving it to another > > site with no site link object created a situation where the KCC cannot > > complete the spanning tree. > > > > Solving this.... > > > > Basically, what they are talking about in option A is to open up AD > > Sites and Services and create the proper site links from source to > > destination. By default, there is a DEFAULTSITELINK object (yeah, great > > name) in the IP under Inter Site Transports. And, in this would be the > > Default-First-Site-Name (again, great name). > > > > If you confirm that you have complete coverage of the link topology > > (enough for the KCC to create the entire spanning tree) the erros will > > resolve and the replication topology will be restored. > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > Microsoft Certified Trainer > > MCSA, MCSE+I - Windows NT / 2000 > > > > "Any sufficiently advanced technology > > is indistinguishable from magic." > > --- Arthur C. Clarke > > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]] On Behalf Of Noah Eiger > > > Sent: Friday, September 27, 2002 4:33 PM > > > To: Active Directory List > > > Subject: [ActiveDir] KCC Error > > > > > > > > > Hello: > > > > > > I have three sites that are (supposed to be) in a hub and > > > spoke configuration. Each site has only one server with is > > > both a DC and GC. Yesterday, I saw that one of the servers > > > was in the wrong site and moved it. Since then, I have been > > > receiving constant errors such as the one below. > > > > > > I noticed that when I check the SRV records (as per Tim > > > Hines' t-shooting > > > tips) at the "hub", I see that the problem site is not listed > > > as a DNS server. I added that within DNS Forward Lookups, did > > > the net stop/start of netlogon and dns, but still nothing. > > > > > > Any ideas or tips on how I can ask this question so it makes sense ;-) > > > > > > Here is the eventlog message: > > > > > > ================================================================ > > > EVENT # : 22692 > > > EVENTLOG : Directory Service > > > EVENT TYPE : ERROR (1) > > > SOURCE : NTDS KCC > > > CATEGORY : Knowledge Consistency Checker > > > EVENT ID : 1311 > > > TIME : 9/27/2002 2:23:12 PM > > > MESSAGE : The Directory Service consistency checker has > > > determined that > > > either (a) there > > > is not enough physical connectivity published via the Active > > > Directory Sites and Services Manager to create a spanning > > > tree connecting all the sites containing the Partition > > > DC=prbo,DC=org, or (b) replication cannot be performed with > > > one or more critical servers in order for changes to > > > propagate across all sites (most often due to the servers > > > being unreachable). For (a), please use the Active Directory > > > Sites and Services Manager to do one of the following: 1. > > > Publish sufficient site connectivity information such that > > > the system can infer a route by which this Partition can > > > reach this site. This option is preferred. 2. Add an > > > ntdsConnection object to a Domain Controller that contains > > > the Partition DC=prbo,DC=org in this site from a Domain > > > Controller that contains the same Partition in another site. > > > For (b), please see previous events logged by the NTDS KCC > > > source that identify the servers that could not be contacted. > > > ================================================================ > > > > > > -------------------------------------------- > > > Noah M. Eiger > > > Manager of Information Technology > > > PRBO Conservation Science > > > [EMAIL PROTECTED] > > > 415-269-1832 (cellular) > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
