You could run netdiag /fix and dcdiag /fix. You could also restart the netlogon service on the DCs to re-register SRV record. Netlogon.log should provide you with which records to look for. Be sure that your DCs are pointing to the right DNS server (and not, say, to an ISP DNS)
Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 -----Original Message----- From: Noah Eiger [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 29, 2002 10:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] KCC Error Hi- Netdiag shows a bunch of DNS oddities. Basically, it seems that A only knows a very little about C; C seems to know about A but not completely. The SRV records are incomplete, especially at the hub. Is there a way to ask each server to "rediscover" the other sites and update them in DNS? One thing that is confusing to me is that I don't really know what it "should" look like. In the hub and spoke scenario, should every server know about everyone else's DNS or just about themselves and the hub? Also, since I am using Demand Dial Interfaces (i.e., the PPTP tunnels), each server gets multiple IP addresses on different subnets. For example, A has and IP on its local subnet via its Ethernet interface but also addresses assigned on the remote subnets when the VPN connection is made. Is this causing problems? Basically, I am willing to tear down C and run DCPROMO again if needed, though it is not clear to me that that would fix the problems. nme P.S. Gil, yes, the Zones are AD integrated on the Forward. I noticed that the reverses were only Primary so I changed them to AD integrated. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Tim HInes > Sent: Saturday, September 28, 2002 12:58 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] KCC Error > > > Noah, > > Did you try running netdiag on the DCs to look for DNS errors? Make sure > that each server has registered its guid name in DNS. The KCC uses these > records when creating replication links. These records should be in the > _msdcs folder. You should be able to ping using the record. > > ----- Original Message ----- > From: "Noah Eiger" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, September 28, 2002 2:16 PM > Subject: RE: [ActiveDir] KCC Error > > > > Rick, thanks for the suggestions. > > > > First, the general setup is this: sites A, B, and C. Let's call > A the hub > > and C the "problem" site. Each has one DC that runs its own > DNS. Each has > > been designated a GC. They use PPTP tunnels to reach the hub -- this > > communication appears to be working fine. > > > > To answer some of your questions: > > - There has always been one server per site. The "move" was only within > > dssite since when you first run DCPROMO over a WAN, it does not > put it in > > the proper site automatically. > > - There are two IP site links: A-B and A-C, each containing only their > > respective members. Subnets and static routes in rrasmgmt.msc > are correct. > > > > I suspect this is a DNS problem but do not know how to resolve it. From > any > > site, nslookup (pointing to the local DNS server) finds all the > other DCs > by > > full name. However, if I look in dnsmgmt, I get different results > depending > > on the server. For example, from the hub (A), there is no entry > for site C > > when I look in: ..._msdcs>dc>_sites> Also, under ..._tcp, there are > listings > > servers A and B but not C for the _gc, _kerberos, _ldap, etc. > > > > I will spare you more minutae. Any ideas how I can get A to > recognize C in > > DNS? I have tried ipconfig /registerdns and netdiag /fix both > to no avail. > > > > Thanks again. > > > > nme > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Kingslan > > > Sent: Friday, September 27, 2002 9:22 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > Noah, > > > > > > Pardon my confusion. I'm trying to get my mind around the > problem that > > > you're experiencing, but something didn't quite make sense. > > > > > > If there is one server per site, were there two servers in a site, and > > > that is what prompted the move? Also, DNS - is there DNS on each > > > server? Is there an A record for the server with the other missing > > > records? > > > > > > Now, on to somethings that might assist in finding the problem: > > > > > > I suspect that there is no site link defined for the site in which the > > > DC that you moved is now located. If there is no site link > object, then > > > the Inter-Site Topology Generator will not have sufficient information > > > in which to replicate with the DC in the 'foreign' site. The > site that > > > the server WAS in DID have a link, and the local replication > > > (intra-site) worked fine between the two servers. Moving it > to another > > > site with no site link object created a situation where the KCC cannot > > > complete the spanning tree. > > > > > > Solving this.... > > > > > > Basically, what they are talking about in option A is to open up AD > > > Sites and Services and create the proper site links from source to > > > destination. By default, there is a DEFAULTSITELINK object > (yeah, great > > > name) in the IP under Inter Site Transports. And, in this > would be the > > > Default-First-Site-Name (again, great name). > > > > > > If you confirm that you have complete coverage of the link topology > > > (enough for the KCC to create the entire spanning tree) the erros will > > > resolve and the replication topology will be restored. > > > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > > Microsoft Certified Trainer > > > MCSA, MCSE+I - Windows NT / 2000 > > > > > > "Any sufficiently advanced technology > > > is indistinguishable from magic." > > > --- Arthur C. Clarke > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of Noah Eiger > > > > Sent: Friday, September 27, 2002 4:33 PM > > > > To: Active Directory List > > > > Subject: [ActiveDir] KCC Error > > > > > > > > > > > > Hello: > > > > > > > > I have three sites that are (supposed to be) in a hub and > > > > spoke configuration. Each site has only one server with is > > > > both a DC and GC. Yesterday, I saw that one of the servers > > > > was in the wrong site and moved it. Since then, I have been > > > > receiving constant errors such as the one below. > > > > > > > > I noticed that when I check the SRV records (as per Tim > > > > Hines' t-shooting > > > > tips) at the "hub", I see that the problem site is not listed > > > > as a DNS server. I added that within DNS Forward Lookups, did > > > > the net stop/start of netlogon and dns, but still nothing. > > > > > > > > Any ideas or tips on how I can ask this question so it > makes sense ;-) > > > > > > > > Here is the eventlog message: > > > > > > > > ================================================================ > > > > EVENT # : 22692 > > > > EVENTLOG : Directory Service > > > > EVENT TYPE : ERROR (1) > > > > SOURCE : NTDS KCC > > > > CATEGORY : Knowledge Consistency Checker > > > > EVENT ID : 1311 > > > > TIME : 9/27/2002 2:23:12 PM > > > > MESSAGE : The Directory Service consistency checker has > > > > determined that > > > > either (a) there > > > > is not enough physical connectivity published via the Active > > > > Directory Sites and Services Manager to create a spanning > > > > tree connecting all the sites containing the Partition > > > > DC=prbo,DC=org, or (b) replication cannot be performed with > > > > one or more critical servers in order for changes to > > > > propagate across all sites (most often due to the servers > > > > being unreachable). For (a), please use the Active Directory > > > > Sites and Services Manager to do one of the following: 1. > > > > Publish sufficient site connectivity information such that > > > > the system can infer a route by which this Partition can > > > > reach this site. This option is preferred. 2. Add an > > > > ntdsConnection object to a Domain Controller that contains > > > > the Partition DC=prbo,DC=org in this site from a Domain > > > > Controller that contains the same Partition in another site. > > > > For (b), please see previous events logged by the NTDS KCC > > > > source that identify the servers that could not be contacted. > > > > ================================================================ > > > > > > > > -------------------------------------------- > > > > Noah M. Eiger > > > > Manager of Information Technology > > > > PRBO Conservation Science > > > > [EMAIL PROTECTED] > > > > 415-269-1832 (cellular) > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
