Active Directory KCC issue

Discussion in 'Networks' started by Gingerdave, May 11, 2012.

  1. Gingerdave

    Gingerdave Megabyte Poster

    990
    44
    74
    Hi Guys, I've got an odd AD issue that I hope you can help with.

    My AD infrastructure consists of 7 sites with 8 DCs consisting of a mix of 2003 and 2008 servers. My newest Site (Manchester 2) was built at my Leeds office and initally configured with site links to our London, Leeds and Edinburgh sites. When we actually installed the site the firewall and connection wouldnt support the 3 links and we dropped out the Branch Office VPN link to Edinburgh. This sever is running 2008 R2.

    This initally caused issue becasue the site link hadn't been removed, once that was all the DC's stopped sulking except the one in Manchester 2. Manchester 2 now has constant Directory Services errors

    Error1

    Event ID 1311
    Event Type: ERROR
    The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

    Directory partition:
    CN=Configuration,DC=(REDACTED),DC=(REDACTED)

    There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

    User Action
    Perform one of the following actions:
    - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
    - Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

    Error 2
    Event ID 1865
    Event Type: Warning
    The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

    Sites:
    CN=Edinburgh,CN=Sites,CN=Configuration,DC=(REDACTED),DC=(REDACTED)

    Event 3
    Event ID:1566
    Event Type Warning:

    All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

    Site:
    CN=Edinburgh,CN=Sites,CN=Configuration,DC=tba,DC=local
    Directory partition:
    CN=Configuration,DC=tba,DC=local
    Transport:
    CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=(REDACTED),DC=(REDACTED)


    I've followed a lot of the troubleshooting links that show you how to restore connectivity to a site that has lost it, but not how to resolve a DC that thinks its got connectivty that it shouldnt.

    Can anyone offer some advice?

    Thanks
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  2. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Did you figure this one out in the end?
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  3. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    You said that the DC was configured at a different site first. Was dpromo etc. run at that time? Also I take it the IP address has changed since it has been relocated?

    I had a similar issue and it turned out that the A record for the DC in DNS had not updated after the DC was relocated and the IP address changed. I fixed this and could ping all DCs by FQDN from the new DC and then replication started working again.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  4. Gingerdave

    Gingerdave Megabyte Poster

    990
    44
    74
    Thanks for the reply Sparky.

    It was set up as a member server initally, then placed in a DMZ on the Leeds Firewall, DC promoed once it was on the internal address for the subnet it would be serving.

    I'll double check the DNS records but the issue seemes to be it wants to contact the Edinburgh site, even though it doesnt have a site link to it.
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  5. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    What site is it sitting in at the moment? just the default site? also might sound like a silly question, but do you have all your networks configured properly in sites and services? I am thinking maybe that DC is tied to a network that no longer is available?
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. Gingerdave

    Gingerdave Megabyte Poster

    990
    44
    74
    its sitting in the Manchester2 site which was created for it. THe Edinburgh site does exist but there is no direct connection (either BOVPN or site in ad) between the Manchester site and the Edinburgh one.
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.