Hi- Thank you to everyone who has made suggestions. While I am still getting the KCC errors on both remotes (as the look for eachother), replication appears to be working properly in all other respects.
I have disabled the "bridge all site links" but the errors persist. I am reluctant to start deleting things that were automatically generated within the dssite or dns. Any other thoughts on how to tell the remotes to only look for the hub? I get KCC errors 1566, 1311, and then 1265. If nothing else, does someone know a way to make it quit kicking out the errors :-) thanks. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Fugleberg, David > A > Sent: Monday, September 30, 2002 3:09 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] KCC Error > > > Noah - you may want to disable the 'bridge all site links' > behavior (it's enabled by default). In Active Directory Sites > and services, expand "Intersite Transports" and look at the > properties of the IP folder beneath it. Uncheck the "bridge all > site links" checkbox. > > For more details, you can have a look at the Branch Office > Deployment guide > http://www.microsoft.com/technet/treeview/default.asp?url=/technet /prodtechnol/ad/windows2000/deploy/adguide/DEFAULT.asp, or at Q244368, or in the Resource Kit - just look > for information on site link bridges. > > Hope that helps. > Dave > > -----Original Message----- > From: Noah Eiger [mailto:[EMAIL PROTECTED]] > Sent: Monday, September 30, 2002 4:42 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] KCC Error > > > I deleted or (more likely) renamed my DEFAULTFIRSTSITELINK. I now > have just > two links A-B and A-C. They are equal cost. Do I need to setup a B-C link > with some low cost? I think what happens is that B tries to get to C by > transiting A which does not sound right to me. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Carey, Greg > > Sent: Monday, September 30, 2002 1:01 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] KCC Error > > > > > > When you set up your Inter-Site Transports links, did you make > > them lower cost than your DEFAULTIPSITELINK when calculating the > > total [ie site1 to hub = x and site2 to hub = y; so x + y < > > Default link cost]? If not, the KCC would use the default for > > site1 to site2 because the total cost is equal or less. > > > > As for your second question: I've not seen the Limits folder at > > all before so will leave it up to someone else ;) > > > > -----Original Message----- > > From: Noah Eiger [mailto:[EMAIL PROTECTED]] > > Sent: Monday, September 30, 2002 3:25 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] KCC Error > > > > > > Ah!!! That worked!! Thanks. Yes, the hub now sees the remotes and > > dssite.msc > > is feeling much better. > > > > I am still seeing KCC errors. However, now they only related to the two > > remotes trying to find each other. How do I tell the remotes to only > > replicate with the hub? > > > > Slight aside: in dssite.msc, two subnets have ACS>Limits folders > > below them; > > the problem site has nothing below it. Any idea why or if it is even > > important? > > > > thanks > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Carey, Greg > > > Sent: Monday, September 30, 2002 6:53 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > Try this: > > > Make the HUB DNS the first DNS for each DC, then run the ipconfig > > > /registerDNS. This should put all the necessary info into the > > > hub after which you can rearrange the DNS to your desired order. > > > From there hopefully the replication should take care of itself > > > (if not, repeat the procedure for the Hub to each other DC). > > > > > > > > > -----Original Message----- > > > From: Noah Eiger [mailto:[EMAIL PROTECTED]] > > > Sent: Sunday, September 29, 2002 4:19 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > Hi- > > > > > > Netdiag shows a bunch of DNS oddities. Basically, it seems that A > > > only knows > > > a very little about C; C seems to know about A but not > > completely. The SRV > > > records are incomplete, especially at the hub. > > > > > > Is there a way to ask each server to "rediscover" the other sites > > > and update > > > them in DNS? > > > > > > One thing that is confusing to me is that I don't really know what it > > > "should" look like. In the hub and spoke scenario, should every > > > server know > > > about everyone else's DNS or just about themselves and the hub? > > > Also, since > > > I am using Demand Dial Interfaces (i.e., the PPTP tunnels), each > > > server gets > > > multiple IP addresses on different subnets. For example, A has > > > and IP on its > > > local subnet via its Ethernet interface but also addresses > > assigned on the > > > remote subnets when the VPN connection is made. Is this causing > > problems? > > > > > > Basically, I am willing to tear down C and run DCPROMO again > if needed, > > > though it is not clear to me that that would fix the problems. > > > > > > nme > > > > > > P.S. Gil, yes, the Zones are AD integrated on the Forward. I > > noticed that > > > the reverses were only Primary so I changed them to AD integrated. > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Tim HInes > > > > Sent: Saturday, September 28, 2002 12:58 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [ActiveDir] KCC Error > > > > > > > > > > > > Noah, > > > > > > > > Did you try running netdiag on the DCs to look for DNS > > errors? Make sure > > > > that each server has registered its guid name in DNS. The KCC > > > uses these > > > > records when creating replication links. These records > > should be in the > > > > _msdcs folder. You should be able to ping using the record. > > > > > > > > ----- Original Message ----- > > > > From: "Noah Eiger" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Saturday, September 28, 2002 2:16 PM > > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > > > > > Rick, thanks for the suggestions. > > > > > > > > > > First, the general setup is this: sites A, B, and C. Let's call > > > > A the hub > > > > > and C the "problem" site. Each has one DC that runs its own > > > > DNS. Each has > > > > > been designated a GC. They use PPTP tunnels to reach the > hub -- this > > > > > communication appears to be working fine. > > > > > > > > > > To answer some of your questions: > > > > > - There has always been one server per site. The "move" was > > > only within > > > > > dssite since when you first run DCPROMO over a WAN, it does not > > > > put it in > > > > > the proper site automatically. > > > > > - There are two IP site links: A-B and A-C, each containing > > only their > > > > > respective members. Subnets and static routes in rrasmgmt.msc > > > > are correct. > > > > > > > > > > I suspect this is a DNS problem but do not know how to > > > resolve it. From > > > > any > > > > > site, nslookup (pointing to the local DNS server) finds all the > > > > other DCs > > > > by > > > > > full name. However, if I look in dnsmgmt, I get different results > > > > depending > > > > > on the server. For example, from the hub (A), there is no entry > > > > for site C > > > > > when I look in: ..._msdcs>dc>_sites> Also, under ..._tcp, > there are > > > > listings > > > > > servers A and B but not C for the _gc, _kerberos, _ldap, etc. > > > > > > > > > > I will spare you more minutae. Any ideas how I can get A to > > > > recognize C in > > > > > DNS? I have tried ipconfig /registerdns and netdiag /fix both > > > > to no avail. > > > > > > > > > > Thanks again. > > > > > > > > > > nme > > > > > > > > > > > -----Original Message----- > > > > > > From: [EMAIL PROTECTED] > > > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Rick Kingslan > > > > > > Sent: Friday, September 27, 2002 9:22 PM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: RE: [ActiveDir] KCC Error > > > > > > > > > > > > > > > > > > Noah, > > > > > > > > > > > > Pardon my confusion. I'm trying to get my mind around the > > > > problem that > > > > > > you're experiencing, but something didn't quite make sense. > > > > > > > > > > > > If there is one server per site, were there two servers in > > > a site, and > > > > > > that is what prompted the move? Also, DNS - is there > DNS on each > > > > > > server? Is there an A record for the server with the > > other missing > > > > > > records? > > > > > > > > > > > > Now, on to somethings that might assist in finding the problem: > > > > > > > > > > > > I suspect that there is no site link defined for the site > > > in which the > > > > > > DC that you moved is now located. If there is no site link > > > > object, then > > > > > > the Inter-Site Topology Generator will not have sufficient > > > information > > > > > > in which to replicate with the DC in the 'foreign' site. The > > > > site that > > > > > > the server WAS in DID have a link, and the local replication > > > > > > (intra-site) worked fine between the two servers. Moving it > > > > to another > > > > > > site with no site link object created a situation where the > > > KCC cannot > > > > > > complete the spanning tree. > > > > > > > > > > > > Solving this.... > > > > > > > > > > > > Basically, what they are talking about in option A is to > > open up AD > > > > > > Sites and Services and create the proper site links > from source to > > > > > > destination. By default, there is a DEFAULTSITELINK object > > > > (yeah, great > > > > > > name) in the IP under Inter Site Transports. And, in this > > > > would be the > > > > > > Default-First-Site-Name (again, great name). > > > > > > > > > > > > If you confirm that you have complete coverage of the > > link topology > > > > > > (enough for the KCC to create the entire spanning tree) the > > > erros will > > > > > > resolve and the replication topology will be restored. > > > > > > > > > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > > > > > Microsoft Certified Trainer > > > > > > MCSA, MCSE+I - Windows NT / 2000 > > > > > > > > > > > > "Any sufficiently advanced technology > > > > > > is indistinguishable from magic." > > > > > > --- Arthur C. Clarke > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: [EMAIL PROTECTED] > > > > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of > > > Noah Eiger > > > > > > > Sent: Friday, September 27, 2002 4:33 PM > > > > > > > To: Active Directory List > > > > > > > Subject: [ActiveDir] KCC Error > > > > > > > > > > > > > > > > > > > > > Hello: > > > > > > > > > > > > > > I have three sites that are (supposed to be) in a hub and > > > > > > > spoke configuration. Each site has only one server with is > > > > > > > both a DC and GC. Yesterday, I saw that one of the servers > > > > > > > was in the wrong site and moved it. Since then, I have been > > > > > > > receiving constant errors such as the one below. > > > > > > > > > > > > > > I noticed that when I check the SRV records (as per Tim > > > > > > > Hines' t-shooting > > > > > > > tips) at the "hub", I see that the problem site is not listed > > > > > > > as a DNS server. I added that within DNS Forward Lookups, did > > > > > > > the net stop/start of netlogon and dns, but still nothing. > > > > > > > > > > > > > > Any ideas or tips on how I can ask this question so it > > > > makes sense ;-) > > > > > > > > > > > > > > Here is the eventlog message: > > > > > > > > > > > > > > > ================================================================ > > > > > > > EVENT # : 22692 > > > > > > > EVENTLOG : Directory Service > > > > > > > EVENT TYPE : ERROR (1) > > > > > > > SOURCE : NTDS KCC > > > > > > > CATEGORY : Knowledge Consistency Checker > > > > > > > EVENT ID : 1311 > > > > > > > TIME : 9/27/2002 2:23:12 PM > > > > > > > MESSAGE : The Directory Service consistency checker has > > > > > > > determined that > > > > > > > either (a) there > > > > > > > is not enough physical connectivity published via the Active > > > > > > > Directory Sites and Services Manager to create a spanning > > > > > > > tree connecting all the sites containing the Partition > > > > > > > DC=prbo,DC=org, or (b) replication cannot be performed with > > > > > > > one or more critical servers in order for changes to > > > > > > > propagate across all sites (most often due to the servers > > > > > > > being unreachable). For (a), please use the Active Directory > > > > > > > Sites and Services Manager to do one of the following: 1. > > > > > > > Publish sufficient site connectivity information such that > > > > > > > the system can infer a route by which this Partition can > > > > > > > reach this site. This option is preferred. 2. Add an > > > > > > > ntdsConnection object to a Domain Controller that contains > > > > > > > the Partition DC=prbo,DC=org in this site from a Domain > > > > > > > Controller that contains the same Partition in another site. > > > > > > > For (b), please see previous events logged by the NTDS KCC > > > > > > > source that identify the servers that could not be contacted. > > > > > > > > ================================================================ > > > > > > > > > > > > > > -------------------------------------------- > > > > > > > Noah M. Eiger > > > > > > > Manager of Information Technology > > > > > > > PRBO Conservation Science > > > > > > > [EMAIL PROTECTED] > > > > > > > 415-269-1832 (cellular) > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > > List archive: > > > > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > List archive: > > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
