Noah, Just my curiosity - what is the reason for disabling (or, wanting to disable) the KCC? It's not a recommended practice unless you have a very large number of links / sites / replication objects (and the number changes to a significantly larger number in Win2k3 Functional), or the topology is such that the KCC and the ISTG is not able to do its job of creating a proper spanning tree - neither of which are very likely. Companies with 200k plus users and 150 sites don't normally run into this problem.
The normal remedy is to take a look at everything else and eliminate *IT* (meaning everything else) as a potential reason for why the KCC/ISTG isn't working to expectations. Then when everything else has been eliminated, reviewing what the impact will be of killing off the KCC. Specifically, the first realization of killing the KCC - all of the replication objects between servers - will have to be manually maintained. The ISTG will no longer do it. In all but the smallest shops, this would likely take most of the time of one very adept admin. So - think carefully on this move. As I said - it's not recommended. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Sunday, August 07, 2005 4:14 PM To: [email protected] Subject: RE: [ActiveDir] Branch Office Question Thanks, Jorge. So the KCC is on at all sites. In my situation, I want to disable the KCC. A few questions: - Is the command to do so: repadmin /siteoptions branch1dc.company.com /site:branch1 +IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED - Do I have to run this against each DC? - I believe I only want to disable the INTER_SITE, not the INTRA_SITE, right? - Do I think need to manually create the connection objects or can I just leave the auto generated ones in place? - Does all this change if the VPN topology allows for a fully routed network? Thanks. -- nme P.S. I checked the questions you asked. DCs and GCs are correct; no custom site links or connections; site membership is correct. > -----Original Message----- > From: Almeida Pinto, Jorge de > [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 06, 2005 11:59 AM > To: [email protected]; [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > I expected that.. in a few words hub-and-spoke topology in a > non fully routed network. For this to work you need a site > for each location and a site link between each spoke (the > bracnhes) and the hub and auto site link bridging is off > > The other thing I can think of: > * Is each DC/GC in the correct site? > * Do you have custom site link bridges? > * Do you have custom connections (auto connections are > visible as automatic connections and custom connections are > visible as GUIDs) > * Check the site membership of the site links. Is it correct > * Other site links connecting the branches somehow > * etc > > By the way. To see if the KCC/ISTG for a site has been > disabled open up the properties of the NTDS Site Settings > object of each site. If you see yellow exclamation marks at > the bottom with text explaining it, the KCC is disabled. If > you don't see anything it is enabled > > You can also check it with: > repadmin /siteoptions <DC> /site:<SITE> > > Default-First-Site-Name > Current Site Options: (none) -> means the KCC is not disabled > > > Default-First-Site-Name > Current Site Options: IS_AUTO_TOPOLOGY_DISABLED > IS_INTER_SITE_AUTO_TOPOLOGY_DISA BLED -> means the KCC is > disabled for intrasite and intersite > > Cheers > #JORGE# > > ________________________________ > > From: Noah Eiger [mailto:[EMAIL PROTECTED] > Sent: Sat 8/6/2005 6:38 PM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > Thanks, Jorge. > > The topology is as follows: > - Each office connects to the hub via a point-to-point VPN. > That is, there is no bridging at the hub -- this is a > bandwidth consideration. > - As for AD: we have three sites Hub, B1, B2, and B3. > - Each has a single DC that is also a GC. > - There are three IP site links: Hub-B1, Hub-B2, and Hub-B3. > I am not sure, but at one point there may have been a single > site link containing all sites. If there was, it is gone now. > The ISTG created a "web" topology. However, we were getting > replication errors. I manually deleted the connection objects > that connected the hubs to eachother. Those connection > objects have not regenerated. There are no manually created > connections. Finally, I recall that there is a setting (reg > edit?) that tells the ISTG to _not_ automatically create > connections. To my knowledge, this setting is not enabled. > > Anything else I should check? > > -- nme > > > ________________________________ > > From: Almeida Pinto, Jorge de > [mailto:[EMAIL PROTECTED] > Sent: Friday, August 05, 2005 6:36 PM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > May look as I silly question but can you point out > (just to be sure) how your site and replication topology > looks like? How many sites and how many site links do you > have and how are those connected? I assume one domain and > each DC = GC... > > #JORGE# > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Noah Eiger > Sent: Sat 8/6/2005 3:22 AM > To: [email protected] > Subject: RE: [ActiveDir] Branch Office Question > > > > Hi Jorge: > > Thanks for the suggestion. That checkbox was indeed > checked. I have > unchecked it and waited longer that a day. Replication > seems to have worked > and the box is unchecked at all branch sites. The > errors persist at all > branch sites. > > Any further thoughts? > > -- nme > > > -----Original Message----- > > From: Almeida Pinto, Jorge de > > [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 04, 2005 10:21 AM > > To: [email protected]; > [email protected] > > Subject: RE: [ActiveDir] Branch Office Question > > > > so, your network is not fully routed? is auto site link > > bridging enabled or disabled. If it is enabled, disable it! > > > > To to so: > > * start sites and services > > * goto to Inter site transports > > * right click IP and uncheck "bridge all sitre links" > > > > wait until this has replicated to the other DCs > > > > Cheers > > #JORGE# > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of > Noah Eiger > > Sent: Thu 8/4/2005 6:41 PM > > To: [email protected] > > Subject: [ActiveDir] Branch Office Question > > > > > > Hi - > > > > Ok. Finally, one of my questions is ON topic ;-) > > > > I have three branch office sites that connect to a single > > hub. VPN connectivity, Site links, and connection objects > > only allows each branch to see the hub. Replication is > > working smoothly and consistently. Yet, I am still seeing > > repeated errors in the Event Viewers of the branches > > complaining that they cannot see one another. > > > > The options offered in the errors all seem to point to trying > > to get the branches to see one another (e.g., "publish > > sufficient site connectivity information..."). I want to tell > > it not to look for the other branches at all. > > > > Specifically, I see: > > > > Event Type: Warning > > Event Source: NTDS KCC > > Event Category: (1) > > Event ID: 1566 > > Date: 7/29/2005 > > Time: 11:45:08 AM > > User: N/A > > Computer: BRANCHDC1 > > > > Event Type: Error > > Event Source: NTDS KCC > > Event Category: (1) > > Event ID: 1311 > > Date: 7/29/2005 > > Time: 11:45:08 AM > > User: N/A > > Computer: BRANCHDC1 > > > > Thanks. > > > > -- nme > > > > > > This e-mail and any attachment is for authorised use by the > > intended recipient(s) only. It may contain proprietary > > material, confidential information and/or be subject to legal > > privilege. It should not be copied, disclosed to, retained or > > used by, any other party. If you are not an intended > > recipient then please promptly delete this e-mail and any > > attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
