• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Domain controller errors every 15 minutes

I have 6 sites that are connected via VPN connection(hub and spoke design).  My primary site,(hub) is the only site that can be seen by the other 5 sites..one of my remote site domain controllers is giving me the following  2 errors every 15 minutes..

Event Type:      Error
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1311
Date:            4/27/2006
Time:            10:59:03 AM
User:            N/A
Computer:      DCNT02
Description:
The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=quadrian,DC=com, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable).  

For (a), please use the Active Directory Sites and Services Manager to do one of the following:
1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site.  This option is preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=quadrian,DC=com in this site from a Domain Controller that contains the same Partition in another site.  

For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1566
Date:            4/27/2006
Time:            10:59:03 AM
User:            N/A
Computer:      DCNT02
Description:
All servers in site CN=Vienna,CN=Sites,CN=Configuration,DC=quadrian,DC=com that can replicate partition CN=Configuration,DC=quadrian,DC=com over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=quadrian,DC=com are currently unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


As a side note the site "Vienna" mentioned above is NOT accessible to this domain controller.
and I have no connector configured to reach any other DC's accept the "hub" DC

There is no way for the remote sites to reach each other. They can only talk to the main site,(hub).

Hope this makes sense...

Thanks in advance!
0
sullend
Asked:
sullend
  • 2
3 Solutions
 
dhoustonieCommented:
It sounds like someone setup a directory replication to this server.
If there has never bee a connection to the remote site Vienna, you should try and delete the replication.

Do you have anything in Active Directory Sites And Services?


David
0
 
rage419Commented:
Is the vpn tunnel permanantly up, or is it triggered by interesting traffic? Are there filters that prevent one spoke from talking to another?

You may need to manually engineer your replication links and cost to get replication running the way you need. A good place to start looking though is ADSAS as David suggested to see how KCC currently sees your domain. In particular, look for a DC that has a different picture of the replication topology then the rest.
0
 
rage419Commented:
BTW, KCC will try and create a logical ring by default based on link cost - this can be inefficient on a spoke design! Plus you may want to refine replication schedule.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now