Domain controller errors every 15 minutes

Posted on 2006-04-27
Last Modified: 2010-04-13
I have 6 sites that are connected via VPN connection(hub and spoke design).  My primary site,(hub) is the only site that can be seen by the other 5 of my remote site domain controllers is giving me the following  2 errors every 15 minutes..

Event Type:      Error
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1311
Date:            4/27/2006
Time:            10:59:03 AM
User:            N/A
Computer:      DCNT02
The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=quadrian,DC=com, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable).  

For (a), please use the Active Directory Sites and Services Manager to do one of the following:
1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site.  This option is preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=quadrian,DC=com in this site from a Domain Controller that contains the same Partition in another site.  

For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted.

For more information, see Help and Support Center at

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1566
Date:            4/27/2006
Time:            10:59:03 AM
User:            N/A
Computer:      DCNT02
All servers in site CN=Vienna,CN=Sites,CN=Configuration,DC=quadrian,DC=com that can replicate partition CN=Configuration,DC=quadrian,DC=com over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=quadrian,DC=com are currently unavailable.

For more information, see Help and Support Center at

As a side note the site "Vienna" mentioned above is NOT accessible to this domain controller.
and I have no connector configured to reach any other DC's accept the "hub" DC

There is no way for the remote sites to reach each other. They can only talk to the main site,(hub).

Hope this makes sense...

Thanks in advance!
Question by:sullend
    LVL 8

    Assisted Solution

    It sounds like someone setup a directory replication to this server.
    If there has never bee a connection to the remote site Vienna, you should try and delete the replication.

    Do you have anything in Active Directory Sites And Services?

    LVL 4

    Accepted Solution

    Is the vpn tunnel permanantly up, or is it triggered by interesting traffic? Are there filters that prevent one spoke from talking to another?

    You may need to manually engineer your replication links and cost to get replication running the way you need. A good place to start looking though is ADSAS as David suggested to see how KCC currently sees your domain. In particular, look for a DC that has a different picture of the replication topology then the rest.
    LVL 4

    Assisted Solution

    BTW, KCC will try and create a logical ring by default based on link cost - this can be inefficient on a spoke design! Plus you may want to refine replication schedule.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now