Learn how to a build a cloud-first strategyRegister Now


NTDS KCC Errors with Event ID 1566, 1311 & 1865

Posted on 2006-05-09
Medium Priority
Last Modified: 2012-11-06
Setup: IN our single domain there are 3 sites, each site has a subnet, Site 1 (HQ) has 2 domain controllers running Server 2003 Standard SP1, remote Site 2 and remote Site 3 each have 1 domain controller running Server 2003 Standard Sp1. Domain is 2003 Native mode. At the HQ site the FSMO roles are split across the 2 DC's server 1 has Infrastructure master, Server 2 has PDC and RID and is a GC. The DC at each remote site is a GC. DNS is Dynamic and AD integrated and replicates to all DCs in the AD domain.
Sites and subnets created in AD sites and services. Replication Links created from: HQ site server 1 from HQ Site server 3 and remote site 2 DC; HQ server 2 from HQ server 1 and remote site 2 DC; Remote site 2 from HQ server 1 and HQ server 2; Remote site 3 from HQ server 1 and HQ server 2. Time sync is internal windows time from the HQ Server 2.
Each site has a firewall which is open to replication traffic as far as can be told by following other technical documents on ports needed to allow replication

Issue: replication works with no issues for 7-10 days, then HQ server 2 begins to record KCC errors in the Directory service log with event ids 1566, 1311 & 1865 Along with DNS event error 6002.

The text of error 1566 :
All domain controllers in the following site that can replicate the directory partition over this transport are currently unavailable.
Directory partition:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mycompany,DC=co,DC=uk

The text of error 1311:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
 There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.

The text of error 1865 is:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

The DNS evnt id 6002 text is:
The transfer of version 11001 of zone mycompany.co.uk by the DNS server was aborted by the server at To restart the transfer of the zone, you must initiate transfer at the secondary server

While these errors occur the HQ server 1 cannot connect to the DC at remote sites 2 & 3 by \\servername the error returned is Windows cannot find the server "servername". Although ping will reply with response and normal response time. Nslookup remote servername returns result fine.
Dcdiag will fail the kccevent test as well as reporting number of failed replications
The only way this can be cured is to reboot the server. HQ Server 2 will also report this error a few days later.

Question: what is the issue here? why would KCC errors happen consistently after the same time period on each HQ server?

Thanks for any help.
Question by:Singnetsvc
  • 4
LVL 20

Accepted Solution

Lazarus earned 2000 total points
ID: 16644608
I think this site should be of great help to you:
EventId.net is very good for helping find specfic examples of Event ID problems. The Link I gave here specfically deals with your problems and can point in the right direction
LVL 20

Expert Comment

ID: 16644616
LVL 20

Expert Comment

ID: 16671856
Singnetsvc, Any headway on this problem ?
LVL 20

Expert Comment

ID: 16723046
Have you abandoned me? ;(

Expert Comment

ID: 22011992
Future viewers - set all connection MTUs to the lowest tested threshold. If you don't know how to test & set an MTU, 1492 is a much better default than 1500.

Turn on BH Discovery.

Restart your DCs

You should have proper replication topology.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question