G'morning (still blerry eyes on the west coast and yet to get some coffee)
The OS is Windows 2000 SP4. And, as per Jorge's initial suggestion, I
disabled BASL, and I am still getting the errors. Finally, if I said "no
custom site links", I misspoke. There are three links -- one for each spoke
("- There are three IP site links: Hub-B1, Hub-B2, and Hub-B3").
I think that Jorge and I were just discussing killing the ISTG, not the KCC,
right? And, as I asked yesterday, maybe all this does not matter as
_replication_ is working and we are doing a full redesign and implementation
in the next 6-9 months.
Thanks. Time to get some coffee.
-- nme
> -----Original Message-----
> From: Dean Wells [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 08, 2005 7:18 AM
> To: Send - AD mailing list
> Subject: RE: [ActiveDir] Branch Office Question
>
> As always, I'm late to this thread so I'll chime in with one
> (hopefully) worthwhile clarification. The ISTG and the KCC
> are not the same thing though the ISTG is considered a
> sub-component of the KCC. Disabling the KCC is a quite
> different thing from merely disabling the ISTG.
>
> May I ask inquire as to the OS version here, I don't believe
> it's been mentioned as yet (apologies if I missed it).
>
> --
> Dean Wells
> MSEtechnology
> * Email: [EMAIL PROTECTED]
> http://msetechnology.com
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
> Sent: Sunday, August 07, 2005 9:49 PM
> To: [email protected]
> Subject: RE: [ActiveDir] Branch Office Question
>
> Yeah. Stop trying to disable the KCC already. The KCC is
> your friend. :) You do, however, want to disable 'bridge all
> site links' (located under the properties of "Intersite
> Transports -> IP"). You need to do this because the network
> is not fully routable due to your VPN tunnels. With BASL
> enabled, all site links are treated as transitive, meaning
> any DC can potentially replicate with any other DC. Since
> that's not true in your environment you need to disable BASL.
>
> ...After reading your response more thoroughly, you mention
> that you have no "custom site links". I assume that means
> you only have the DEFAULTIPSITELINK with all sites in it. If
> true, you need to stop that practice, too, as you're
> effectively creating a full mesh topology. Since your
> network isn't a full mesh, that won't work. You need to
> create individual site links between each site to form the
> proper topology. Don't disable BASL until you've done this.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
> Sent: Sunday, August 07, 2005 4:46 PM
> To: [email protected]
> Subject: RE: [ActiveDir] Branch Office Question
>
> Noah,
>
> Just my curiosity - what is the reason for disabling (or, wanting to
> disable) the KCC? It's not a recommended practice unless you
> have a very large number of links / sites / replication
> objects (and the number changes to a significantly larger
> number in Win2k3 Functional), or the topology is such that
> the KCC and the ISTG is not able to do its job of creating a
> proper spanning tree - neither of which are very likely.
> Companies with 200k plus users and 150 sites don't normally
> run into this problem.
>
> The normal remedy is to take a look at everything else and
> eliminate *IT* (meaning everything else) as a potential
> reason for why the KCC/ISTG isn't working to expectations.
> Then when everything else has been eliminated, reviewing what
> the impact will be of killing off the KCC.
>
> Specifically, the first realization of killing the KCC - all
> of the replication objects between servers - will have to be
> manually maintained.
> The ISTG will no longer do it. In all but the smallest
> shops, this would likely take most of the time of one very
> adept admin.
>
> So - think carefully on this move. As I said - it's not recommended.
>
> Rick
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
> Sent: Sunday, August 07, 2005 4:14 PM
> To: [email protected]
> Subject: RE: [ActiveDir] Branch Office Question
>
> Thanks, Jorge.
>
> So the KCC is on at all sites. In my situation, I want to
> disable the KCC. A few questions:
> - Is the command to do so:
> repadmin /siteoptions branch1dc.company.com /site:branch1
> +IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED
> - Do I have to run this against each DC?
> - I believe I only want to disable the INTER_SITE, not the
> INTRA_SITE, right?
> - Do I think need to manually create the connection objects
> or can I just leave the auto generated ones in place?
> - Does all this change if the VPN topology allows for a fully
> routed network?
>
> Thanks.
>
> -- nme
>
> P.S. I checked the questions you asked. DCs and GCs are
> correct; no custom site links or connections; site membership
> is correct.
>
> > -----Original Message-----
> > From: Almeida Pinto, Jorge de
> > [mailto:[EMAIL PROTECTED]
> > Sent: Saturday, August 06, 2005 11:59 AM
> > To: [email protected]; [email protected]
> > Subject: RE: [ActiveDir] Branch Office Question
> >
> > I expected that.. in a few words hub-and-spoke topology in
> a non fully
> > routed network. For this to work you need a site for each
> location and
> > a site link between each spoke (the
> > bracnhes) and the hub and auto site link bridging is off
> >
> > The other thing I can think of:
> > * Is each DC/GC in the correct site?
> > * Do you have custom site link bridges?
> > * Do you have custom connections (auto connections are visible as
> > automatic connections and custom connections are visible as GUIDs)
> > * Check the site membership of the site links. Is it correct
> > * Other site links connecting the branches somehow
> > * etc
> >
> > By the way. To see if the KCC/ISTG for a site has been
> disabled open
> > up the properties of the NTDS Site Settings object of each site. If
> > you see yellow exclamation marks at the bottom with text explaining
> > it, the KCC is disabled. If you don't see anything it is enabled
> >
> > You can also check it with:
> > repadmin /siteoptions <DC> /site:<SITE>
> >
> > Default-First-Site-Name
> > Current Site Options: (none) -> means the KCC is not disabled
> >
> >
> > Default-First-Site-Name
> > Current Site Options: IS_AUTO_TOPOLOGY_DISABLED
> > IS_INTER_SITE_AUTO_TOPOLOGY_DISA BLED -> means the KCC is
> disabled for
> > intrasite and intersite
> >
> > Cheers
> > #JORGE#
> >
> > ________________________________
> >
> > From: Noah Eiger [mailto:[EMAIL PROTECTED]
> > Sent: Sat 8/6/2005 6:38 PM
> > To: [email protected]
> > Subject: RE: [ActiveDir] Branch Office Question
> >
> >
> > Thanks, Jorge.
> >
> > The topology is as follows:
> > - Each office connects to the hub via a point-to-point VPN.
> > That is, there is no bridging at the hub -- this is a bandwidth
> > consideration.
> > - As for AD: we have three sites Hub, B1, B2, and B3.
> > - Each has a single DC that is also a GC.
> > - There are three IP site links: Hub-B1, Hub-B2, and Hub-B3.
> > I am not sure, but at one point there may have been a
> single site link
> > containing all sites. If there was, it is gone now.
> > The ISTG created a "web" topology. However, we were getting
> > replication errors. I manually deleted the connection objects that
> > connected the hubs to eachother. Those connection objects have not
> > regenerated. There are no manually created connections. Finally, I
> > recall that there is a setting (reg
> > edit?) that tells the ISTG to _not_ automatically create
> connections.
> > To my knowledge, this setting is not enabled.
> >
> > Anything else I should check?
> >
> > -- nme
> >
> >
> > ________________________________
> >
> > From: Almeida Pinto, Jorge de
> > [mailto:[EMAIL PROTECTED]
> > Sent: Friday, August 05, 2005 6:36 PM
> > To: [email protected]
> > Subject: RE: [ActiveDir] Branch Office Question
> >
> >
> > May look as I silly question but can you point out
> (just to be sure)
>
> > how your site and replication topology looks like? How many
> sites and
> > how many site links do you have and how are those
> connected? I assume
> > one domain and each DC = GC...
> >
> > #JORGE#
> >
> > ________________________________
> >
> > From: [EMAIL PROTECTED] on behalf of Noah Eiger
> > Sent: Sat 8/6/2005 3:22 AM
> > To: [email protected]
> > Subject: RE: [ActiveDir] Branch Office Question
> >
> >
> >
> > Hi Jorge:
> >
> > Thanks for the suggestion. That checkbox was indeed
> checked. I have
> > unchecked it and waited longer that a day. Replication
> seems to have
>
> > worked
> > and the box is unchecked at all branch sites. The
> errors persist at
> > all
> > branch sites.
> >
> > Any further thoughts?
> >
> > -- nme
> >
> > > -----Original Message-----
> > > From: Almeida Pinto, Jorge de
> > > [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, August 04, 2005 10:21 AM
> > > To: [email protected];
> > [email protected]
> > > Subject: RE: [ActiveDir] Branch Office Question
> > >
> > > so, your network is not fully routed? is auto site link
> > > bridging enabled or disabled. If it is enabled, disable it!
> > >
> > > To to so:
> > > * start sites and services
> > > * goto to Inter site transports
> > > * right click IP and uncheck "bridge all sitre links"
> > >
> > > wait until this has replicated to the other DCs
> > >
> > > Cheers
> > > #JORGE#
> > >
> > > ________________________________
> > >
> > > From: [EMAIL PROTECTED] on behalf of
> Noah Eiger
> > > Sent: Thu 8/4/2005 6:41 PM
> > > To: [email protected]
> > > Subject: [ActiveDir] Branch Office Question
> > >
> > >
> > > Hi -
> > >
> > > Ok. Finally, one of my questions is ON topic ;-)
> > >
> > > I have three branch office sites that connect to a single
> > > hub. VPN connectivity, Site links, and connection objects
> > > only allows each branch to see the hub. Replication is
> > > working smoothly and consistently. Yet, I am still seeing
> > > repeated errors in the Event Viewers of the branches
> > > complaining that they cannot see one another.
> > >
> > > The options offered in the errors all seem to point to trying
> > > to get the branches to see one another (e.g., "publish
> > > sufficient site connectivity information..."). I want to tell
> > > it not to look for the other branches at all.
> > >
> > > Specifically, I see:
> > >
> > > Event Type: Warning
> > > Event Source: NTDS KCC
> > > Event Category: (1)
> > > Event ID: 1566
> > > Date: 7/29/2005
> > > Time: 11:45:08 AM
> > > User: N/A
> > > Computer: BRANCHDC1
> > >
> > > Event Type: Error
> > > Event Source: NTDS KCC
> > > Event Category: (1)
> > > Event ID: 1311
> > > Date: 7/29/2005
> > > Time: 11:45:08 AM
> > > User: N/A
> > > Computer: BRANCHDC1
> > >
> > > Thanks.
> > >
> > > -- nme
> > >
> > >
> > > This e-mail and any attachment is for authorised use by the
> > > intended recipient(s) only. It may contain proprietary
> > > material, confidential information and/or be subject to legal
> > > privilege. It should not be copied, disclosed to, retained or
> > > used by, any other party. If you are not an intended
> > > recipient then please promptly delete this e-mail and any
> > > attachment and all copies and inform the sender. Thank you.
> > > List info : http://www.activedir.org/List.aspx
> > > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > > List archive:
> > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > >
> > >
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
