Hmmmm...I have recently experienced the same issue but it did not involve a ghosted/cloned DC. What did happen was a child domain controller (spock) in a separate site from its other child DCs was demoted. A new DC was brought up with the same name a few hours later. I am afraid that the "dcpromo'd out" state of the original DC was not replicated fully throughout the enterprise before the new, same-named DC was brought online. Originally, I tried to convince the child domain admins to bring up the new DC with a different name, but they didn't want to do it.
While there don't appear to be any issues with authentication, etc, currently, I certainly do have replication issues where only some of the directory partitions are being replicated. I also see this in my dcdiag report, in a section related to a different child domain/controller: "Failed to read object metadata on SPOCK, error The name does not identify an object; the name identifies a phantom." I am thinking these admins should put up another DC in that site, let things settle down, and then DCPromo out the first DC for good. Any thoughts/comments? Thanks! Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Thursday, June 02, 2005 1:39 PM To: [email protected] Subject: RE: [ActiveDir] DC's not communicating with each other The logs don't really tell much because they are so full they are only holding 2 day's worth of data. I keep getting repeats of the following Events in my Directory Services Event Log: Event ID: 1865 "The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site..." Event ID: 1925 "The attempt to establish a replication link for the following writable directory partition failed. ..." -- Event ID: 1566 "All domain controllers in the following site that can replicate the directory partition over this transport are currently unavailable...." -- Event ID 1311: "The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: CN=Configuration,DC=mydc,DC=mydomain,DC=edu There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. -- All of the Domain controllers are still allowing users to log on, which is why I'm limping through the last week and a half of the Quarter. I believe the problem occurred because I restored my PDC from a ghost image of the day before at the end of march because of a problem the server had with a windows update that I couldn't get rid of. And ever since replication seems to have been working but my guess is it's only been working 1 direction. My PDC receives updates from another DC in the site and that has worked. But replication from my PDC back to that DC has not. Although this last week replication has just given up all together. Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Wednesday, June 01, 2005 12:03 PM To: 'Matt Brown '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] DC's not communicating with each other Does the PDC FSMO or the other DCs have any events with errors can possibly tell more about this issue? #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 6/1/2005 6:39 PM Subject: [ActiveDir] DC's not communicating with each other I've talked about this a little before, but I dug in a littler further and found more info. I have 4 domain controllers in 1 domain. When I'm on one of the 3 DC's that is not the PDC and I try to connect to the PDC it tells me I'm not authorized. I get this when trying to connect to the PDC's AD users and computers, DNS, or even a file share. I can however connect to any of these services using the IP address. This is strange because all DC's can ping each other and resolve the IP addresses from the names just fine and I don't seem to be having any DNS issues. The 3 DC's (not the PDC) can connect to each other just fine. I'm pretty sure I'm going to need to remove 1 or more of the DC's from the domain and re-introduce them. I'm just trying to figure out if I should remove the PDC or remove the other 3 DCs. Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
