Ah!!! That worked!! Thanks. Yes, the hub now sees the remotes and dssite.msc is feeling much better.
I am still seeing KCC errors. However, now they only related to the two remotes trying to find each other. How do I tell the remotes to only replicate with the hub? Slight aside: in dssite.msc, two subnets have ACS>Limits folders below them; the problem site has nothing below it. Any idea why or if it is even important? thanks > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Carey, Greg > Sent: Monday, September 30, 2002 6:53 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] KCC Error > > > Try this: > Make the HUB DNS the first DNS for each DC, then run the ipconfig > /registerDNS. This should put all the necessary info into the > hub after which you can rearrange the DNS to your desired order. > From there hopefully the replication should take care of itself > (if not, repeat the procedure for the Hub to each other DC). > > > -----Original Message----- > From: Noah Eiger [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 29, 2002 4:19 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] KCC Error > > > Hi- > > Netdiag shows a bunch of DNS oddities. Basically, it seems that A > only knows > a very little about C; C seems to know about A but not completely. The SRV > records are incomplete, especially at the hub. > > Is there a way to ask each server to "rediscover" the other sites > and update > them in DNS? > > One thing that is confusing to me is that I don't really know what it > "should" look like. In the hub and spoke scenario, should every > server know > about everyone else's DNS or just about themselves and the hub? > Also, since > I am using Demand Dial Interfaces (i.e., the PPTP tunnels), each > server gets > multiple IP addresses on different subnets. For example, A has > and IP on its > local subnet via its Ethernet interface but also addresses assigned on the > remote subnets when the VPN connection is made. Is this causing problems? > > Basically, I am willing to tear down C and run DCPROMO again if needed, > though it is not clear to me that that would fix the problems. > > nme > > P.S. Gil, yes, the Zones are AD integrated on the Forward. I noticed that > the reverses were only Primary so I changed them to AD integrated. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Tim HInes > > Sent: Saturday, September 28, 2002 12:58 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] KCC Error > > > > > > Noah, > > > > Did you try running netdiag on the DCs to look for DNS errors? Make sure > > that each server has registered its guid name in DNS. The KCC > uses these > > records when creating replication links. These records should be in the > > _msdcs folder. You should be able to ping using the record. > > > > ----- Original Message ----- > > From: "Noah Eiger" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, September 28, 2002 2:16 PM > > Subject: RE: [ActiveDir] KCC Error > > > > > > > Rick, thanks for the suggestions. > > > > > > First, the general setup is this: sites A, B, and C. Let's call > > A the hub > > > and C the "problem" site. Each has one DC that runs its own > > DNS. Each has > > > been designated a GC. They use PPTP tunnels to reach the hub -- this > > > communication appears to be working fine. > > > > > > To answer some of your questions: > > > - There has always been one server per site. The "move" was > only within > > > dssite since when you first run DCPROMO over a WAN, it does not > > put it in > > > the proper site automatically. > > > - There are two IP site links: A-B and A-C, each containing only their > > > respective members. Subnets and static routes in rrasmgmt.msc > > are correct. > > > > > > I suspect this is a DNS problem but do not know how to > resolve it. From > > any > > > site, nslookup (pointing to the local DNS server) finds all the > > other DCs > > by > > > full name. However, if I look in dnsmgmt, I get different results > > depending > > > on the server. For example, from the hub (A), there is no entry > > for site C > > > when I look in: ..._msdcs>dc>_sites> Also, under ..._tcp, there are > > listings > > > servers A and B but not C for the _gc, _kerberos, _ldap, etc. > > > > > > I will spare you more minutae. Any ideas how I can get A to > > recognize C in > > > DNS? I have tried ipconfig /registerdns and netdiag /fix both > > to no avail. > > > > > > Thanks again. > > > > > > nme > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > Rick Kingslan > > > > Sent: Friday, September 27, 2002 9:22 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > > > > Noah, > > > > > > > > Pardon my confusion. I'm trying to get my mind around the > > problem that > > > > you're experiencing, but something didn't quite make sense. > > > > > > > > If there is one server per site, were there two servers in > a site, and > > > > that is what prompted the move? Also, DNS - is there DNS on each > > > > server? Is there an A record for the server with the other missing > > > > records? > > > > > > > > Now, on to somethings that might assist in finding the problem: > > > > > > > > I suspect that there is no site link defined for the site > in which the > > > > DC that you moved is now located. If there is no site link > > object, then > > > > the Inter-Site Topology Generator will not have sufficient > information > > > > in which to replicate with the DC in the 'foreign' site. The > > site that > > > > the server WAS in DID have a link, and the local replication > > > > (intra-site) worked fine between the two servers. Moving it > > to another > > > > site with no site link object created a situation where the > KCC cannot > > > > complete the spanning tree. > > > > > > > > Solving this.... > > > > > > > > Basically, what they are talking about in option A is to open up AD > > > > Sites and Services and create the proper site links from source to > > > > destination. By default, there is a DEFAULTSITELINK object > > (yeah, great > > > > name) in the IP under Inter Site Transports. And, in this > > would be the > > > > Default-First-Site-Name (again, great name). > > > > > > > > If you confirm that you have complete coverage of the link topology > > > > (enough for the KCC to create the entire spanning tree) the > erros will > > > > resolve and the replication topology will be restored. > > > > > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > > > Microsoft Certified Trainer > > > > MCSA, MCSE+I - Windows NT / 2000 > > > > > > > > "Any sufficiently advanced technology > > > > is indistinguishable from magic." > > > > --- Arthur C. Clarke > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of > Noah Eiger > > > > > Sent: Friday, September 27, 2002 4:33 PM > > > > > To: Active Directory List > > > > > Subject: [ActiveDir] KCC Error > > > > > > > > > > > > > > > Hello: > > > > > > > > > > I have three sites that are (supposed to be) in a hub and > > > > > spoke configuration. Each site has only one server with is > > > > > both a DC and GC. Yesterday, I saw that one of the servers > > > > > was in the wrong site and moved it. Since then, I have been > > > > > receiving constant errors such as the one below. > > > > > > > > > > I noticed that when I check the SRV records (as per Tim > > > > > Hines' t-shooting > > > > > tips) at the "hub", I see that the problem site is not listed > > > > > as a DNS server. I added that within DNS Forward Lookups, did > > > > > the net stop/start of netlogon and dns, but still nothing. > > > > > > > > > > Any ideas or tips on how I can ask this question so it > > makes sense ;-) > > > > > > > > > > Here is the eventlog message: > > > > > > > > > > ================================================================ > > > > > EVENT # : 22692 > > > > > EVENTLOG : Directory Service > > > > > EVENT TYPE : ERROR (1) > > > > > SOURCE : NTDS KCC > > > > > CATEGORY : Knowledge Consistency Checker > > > > > EVENT ID : 1311 > > > > > TIME : 9/27/2002 2:23:12 PM > > > > > MESSAGE : The Directory Service consistency checker has > > > > > determined that > > > > > either (a) there > > > > > is not enough physical connectivity published via the Active > > > > > Directory Sites and Services Manager to create a spanning > > > > > tree connecting all the sites containing the Partition > > > > > DC=prbo,DC=org, or (b) replication cannot be performed with > > > > > one or more critical servers in order for changes to > > > > > propagate across all sites (most often due to the servers > > > > > being unreachable). For (a), please use the Active Directory > > > > > Sites and Services Manager to do one of the following: 1. > > > > > Publish sufficient site connectivity information such that > > > > > the system can infer a route by which this Partition can > > > > > reach this site. This option is preferred. 2. Add an > > > > > ntdsConnection object to a Domain Controller that contains > > > > > the Partition DC=prbo,DC=org in this site from a Domain > > > > > Controller that contains the same Partition in another site. > > > > > For (b), please see previous events logged by the NTDS KCC > > > > > source that identify the servers that could not be contacted. > > > > > ================================================================ > > > > > > > > > > -------------------------------------------- > > > > > Noah M. Eiger > > > > > Manager of Information Technology > > > > > PRBO Conservation Science > > > > > [EMAIL PROTECTED] > > > > > 415-269-1832 (cellular) > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > List archive: > > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
