I have a Windows 2000 Native Domain with 14 sites. Each of my 13 remote sites is physically connected to my central site (Seattle) with a site-to-site VPN tunnel. There is no tunnel between remote sites. In Seattle, I have 2 DCs - both on Win2k. We'll call them SeaDC1 and SeaDC2. SeaDC1 is the PDC and Infrastructure Master. SeaDC2 is the Schema Master, Domain Naming Master, and RID Master. Both are Global Catalog Servers. Each remote site has a Win2003 DC - none of these are a GC Server.
In AD Sites and Services, I have one InterSite Transport Link set up for each remote site - each Transport Link contains two sites: one of the remote sites and Seattle. Unfortunately, I discovered today that for one of my remote sites (Aberdeen), the corresponding Transport Link didn't contain Seattle, but instead contained another remote site that Aberdeen does not have physical connectivity with. Thus Aberdeen's DC (ABDSERVER) has been isolated for some time. I believe it has been since 8/21. When I discovered this, I saw that I was getting very frequent 1566, 1311, 1865, and 1925 error messages from NTDC KCC, as well as error message 4 from Kerberos, all on ABDSERVER.
I added the Seattle site to Aberdeen's Transport Link (and removed the other remote site), so the Transport Link now contains both Aberdeen and Seattle. Then, in AD Sites and Services, I added a connection to SeaDC1 under Aberdeen-ABDSERVER-NTDS Settings. I removed the connection to the other remote server. All of the steps in this paragraph I performed on both ABDSERVER and SeaDC1.
Then I right-clicked on the new SeaDC1 connection I had created and chose Replicate Now. I got the following error message: "The following error occurred during the attempt to synchronize naming context [domain name] from domain controller SeaDC1 to domain controller ABDSERVER: The naming context is in the process of being removed or is not replicated from the specified server. This operation will not continue."
I tried restarting the net logon service and continue to get the same error message. Also, when I look at the event logs for ABDSERVER, I see that I am still getting all error messages above as well as 13508 from NtFrs. See below for content of error messages. Please advise - I'd really appreciate it. Thanks.
1.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1925
Date: 10/6/2008
Time: 2:27:42 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ABDSERVER
Description:
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=nwjust
ice,DC=cor
p
Source domain controller:
CN=NTDS Settings,CN=SeaDC2,CN=Serv
ers,CN=Sea
ttle,CN=Si
tes,CN=Con
figuration
,DC={domai
n name},DC=corp
Source domain controller address:
3daf82c8-07e9-4ff5-a725-fc
3e7cc499c0
._msdcs.{d
omain name}.corp
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
2148074274 The target principal name is incorrect.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
2.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1865
Date: 10/6/2008
Time: 2:27:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ABDSERVER
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=Olympia,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
CN=Yakima,CN=Sites,CN=Conf
iguration,
DC={domain
name},DC=corp
CN=Colville,CN=Sites,CN=Co
nfiguratio
n,DC={doma
in name},DC=corp
CN=Spokane,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
CN=Seattle,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
CN=Wenatchee,CN=Sites,CN=C
onfigurati
on,DC={dom
ain name},DC=corp
CN=Omak,CN=Sites,CN=Config
uration,DC
={domain name},DC=corp
CN=PortAngeles,CN=Sites,CN
=Configura
tion,DC={d
omain name},DC=corp
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
3.
Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 10/6/2008
Time: 2:27:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ABDSERVER
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
CN=Configuration,DC={domai
n name},DC=corp
There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.
User Action
Use Active Directory Sites and Services to perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site.
If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
4.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1566
Date: 10/6/2008
Time: 2:27:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ABDSERVER
Description:
All domain controllers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=Seattle,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
Directory partition:
CN=Configuration,DC={domai
n name},DC=corp
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
figuration
,DC={domai
n name},DC=corp
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
5.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 10/6/2008
Time: 11:02:34 AM
User: N/A
Computer: ABDSERVER
Description:
The File Replication Service is having trouble enabling replication from SeaDC1 to ABDSERVER for c:\windows\sysvol\domain using the DNS name SeaDC1.{domain name}.corp. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name SeaDC1.{domain name}.corp from this computer.
[2] FRS is not running on SeaDC1.{domain name}.corp.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 21 07 00 00 !...
6.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 10/6/2008
Time: 2:12:35 PM
User: N/A
Computer: ABDSERVER
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server SeaDC1$. The target name used was LDAP/29d040c8-9bfb-4266-97
26-c62adca
e6ae6._msd
cs.{domain
name}.corp. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm ({domain name}.CORP), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Start Free Trial
