Is the DNS AD integrated? -----Original Message----- From: Noah Eiger [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 11:17 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] KCC Error
Rick, thanks for the suggestions. First, the general setup is this: sites A, B, and C. Let's call A the hub and C the "problem" site. Each has one DC that runs its own DNS. Each has been designated a GC. They use PPTP tunnels to reach the hub -- this communication appears to be working fine. To answer some of your questions: - There has always been one server per site. The "move" was only within dssite since when you first run DCPROMO over a WAN, it does not put it in the proper site automatically. - There are two IP site links: A-B and A-C, each containing only their respective members. Subnets and static routes in rrasmgmt.msc are correct. I suspect this is a DNS problem but do not know how to resolve it. From any site, nslookup (pointing to the local DNS server) finds all the other DCs by full name. However, if I look in dnsmgmt, I get different results depending on the server. For example, from the hub (A), there is no entry for site C when I look in: ..._msdcs>dc>_sites> Also, under ..._tcp, there are listings servers A and B but not C for the _gc, _kerberos, _ldap, etc. I will spare you more minutae. Any ideas how I can get A to recognize C in DNS? I have tried ipconfig /registerdns and netdiag /fix both to no avail. Thanks again. nme > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Kingslan > Sent: Friday, September 27, 2002 9:22 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] KCC Error > > > Noah, > > Pardon my confusion. I'm trying to get my mind around the problem > that you're experiencing, but something didn't quite make sense. > > If there is one server per site, were there two servers in a site, and > that is what prompted the move? Also, DNS - is there DNS on each > server? Is there an A record for the server with the other missing > records? > > Now, on to somethings that might assist in finding the problem: > > I suspect that there is no site link defined for the site in which the > DC that you moved is now located. If there is no site link object, > then the Inter-Site Topology Generator will not have sufficient > information in which to replicate with the DC in the 'foreign' site. > The site that the server WAS in DID have a link, and the local > replication > (intra-site) worked fine between the two servers. Moving it to another > site with no site link object created a situation where the KCC cannot > complete the spanning tree. > > Solving this.... > > Basically, what they are talking about in option A is to open up AD > Sites and Services and create the proper site links from source to > destination. By default, there is a DEFAULTSITELINK object (yeah, > great > name) in the IP under Inter Site Transports. And, in this would be the > Default-First-Site-Name (again, great name). > > If you confirm that you have complete coverage of the link topology > (enough for the KCC to create the entire spanning tree) the erros will > resolve and the replication topology will be restored. > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Noah Eiger > > Sent: Friday, September 27, 2002 4:33 PM > > To: Active Directory List > > Subject: [ActiveDir] KCC Error > > > > > > Hello: > > > > I have three sites that are (supposed to be) in a hub and spoke > > configuration. Each site has only one server with is both a DC and > > GC. Yesterday, I saw that one of the servers was in the wrong site > > and moved it. Since then, I have been receiving constant errors such > > as the one below. > > > > I noticed that when I check the SRV records (as per Tim Hines' > > t-shooting > > tips) at the "hub", I see that the problem site is not listed as a > > DNS server. I added that within DNS Forward Lookups, did the net > > stop/start of netlogon and dns, but still nothing. > > > > Any ideas or tips on how I can ask this question so it makes sense > > ;-) > > > > Here is the eventlog message: > > > > ================================================================ > > EVENT # : 22692 > > EVENTLOG : Directory Service > > EVENT TYPE : ERROR (1) > > SOURCE : NTDS KCC > > CATEGORY : Knowledge Consistency Checker > > EVENT ID : 1311 > > TIME : 9/27/2002 2:23:12 PM > > MESSAGE : The Directory Service consistency checker has > > determined that > > either (a) there > > is not enough physical connectivity published via the Active > > Directory Sites and Services Manager to create a spanning tree > > connecting all the sites containing the Partition DC=prbo,DC=org, or > > (b) replication cannot be performed with one or more critical > > servers in order for changes to propagate across all sites (most > > often due to the servers being unreachable). For (a), please use the > > Active Directory Sites and Services Manager to do one of the > > following: 1. Publish sufficient site connectivity information such > > that the system can infer a route by which this Partition can > > reach this site. This option is preferred. 2. Add an > > ntdsConnection object to a Domain Controller that contains > > the Partition DC=prbo,DC=org in this site from a Domain > > Controller that contains the same Partition in another site. > > For (b), please see previous events logged by the NTDS KCC > > source that identify the servers that could not be contacted. > > ================================================================ > > > > -------------------------------------------- > > Noah M. Eiger > > Manager of Information Technology > > PRBO Conservation Science > > [EMAIL PROTECTED] > > 415-269-1832 (cellular) > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
