• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1302
  • Last Modified:

KCC Site setup problem

I have a domain with 2 DC (TGDC1) and (TGDC2) and 2 Sites Main site and DR site.

I had alot of machines using the TGDC2 (DR Server) as a logon server.

So I have setup a site called DR, Moved the server TGDC2 to the DR site, Setup the relevant subnets and linked them to the relevant sites, On the TGDC1 (Main site) set this as the bridgehead server.

I then ran a "Check Replication topology" on each server at each site, a DCDIAG and NETDIAG.

BUT I still get the following 2  errors every 10 minutes in my Directory Event log ??????

Event ID:1801
Source: NTDS KCC
Computer: TGDC1
The partition DC=DomainDnsZones,DC=teathers,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=teathers,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

Event ID:1801
Source: NTDS KCC
Computer: TGDC1
The partition DC=ForestDnsZones,DC=teathers,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=teathers,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

0
KASBANK
Asked:
KASBANK
  • 6
  • 6
1 Solution
 
Jay_Jay70Commented:
Hi KASBANK,

what kind of a link do you have between them

and what does dcdiag say
0
 
KASBANKAuthor Commented:
100mb Link

Here are the results of DCDIAG on TGDC1


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TGDC1
      Starting test: Connectivity
         ......................... TGDC1 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TGDC1
      Starting test: Replications
         ......................... TGDC1 passed test Replications
      Starting test: NCSecDesc
         ......................... TGDC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... TGDC1 passed test NetLogons
      Starting test: Advertising
         ......................... TGDC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... TGDC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... TGDC1 passed test RidManager
      Starting test: MachineAccount
         ......................... TGDC1 passed test MachineAccount
      Starting test: Services
         ......................... TGDC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... TGDC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... TGDC1 passed test frssysvol
      Starting test: frsevent
         ......................... TGDC1 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000709
            Time Generated: 05/10/2006   13:23:49
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80000709
            Time Generated: 05/10/2006   13:23:49
            (Event String could not be retrieved)
         ......................... TGDC1 failed test kccevent
      Starting test: systemlog
         ......................... TGDC1 passed test systemlog
      Starting test: VerifyReferences
         ......................... TGDC1 passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : teathers
      Starting test: CrossRefValidation
         ......................... teathers passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... teathers passed test CheckSDRefDom
   
   Running enterprise tests on : teathers.com
      Starting test: Intersite
         ......................... teathers.com passed test Intersite
      Starting test: FsmoCheck
         ......................... teathers.com passed test FsmoCheck
0
 
Jay_Jay70Commented:
are both your DC's global catalogs, they will need to be :)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
KASBANKAuthor Commented:
Yes they are both global Catalog servers.
0
 
KASBANKAuthor Commented:
It looks simular, but what do I need to delete out of ADSIEDIT ? ? ? I have never used ASDIEDIT before, Ive got it loaded up but no idea what to look at.
And that link is a bit generic about what he remvoed to get it working.
0
 
Jay_Jay70Commented:
let me play with ADSIEDIT today and see what i can find for you
0
 
KASBANKAuthor Commented:
It looks like I have solved this

The ForestDnsZones and DomainDnsZones are corrupt. Use Ntdsutil to remove the Application Partition. The name can be found using Adsiedit. Go to the Configuration Container and look under CN=Partitions to get the correct name.

 DC=DomainDnsZones,DC=teathers,DC=com

DC=ForestDnsZones,DC=teathers,DC=com

Once the Application Partition has been removed, use Adsiedit to verify that it has been removed on all DCs. You can then recreate the partition in DNS, go to DNS, right-click on the server and select Create Default Application Directory Partitions. You should see ForestDnsZones and DomainDnsZones in the Forward Lookup Zone of the domain. Allow it to replicate
0
 
KASBANKAuthor Commented:
This page was very usuful on syntax of NTDSUTIL

http://www.it-faq.pl/mskb/322/669.HTM


0
 
Jay_Jay70Commented:
hmm that link doesnt load? is it deffinitely the right one as i am interested at looiking at it as well :)
0
 
KASBANKAuthor Commented:
Luckily I saved a copy of the link for you

How To Manage the Application Directory Partition and Replicas in Windows Server 2003 (322669)
________________________________________

The information in this article applies to:
•      Microsoft Windows Server 2003, Enterprise Edition
•      Microsoft Windows Server 2003, Standard Edition
•      Microsoft Windows Small Business Server 2003, Premium Edition
•      Microsoft Windows Small Business Server 2003, Standard Edition
________________________________________
This article was previously published under Q322669
IN THIS TASK
•      SUMMARY
o      How to Create or Delete an Application Directory Partition
o      How to Add or Remove an Application Directory Partition Replica
o      How to Display Application Directory Partition Information
o      How to Set an Application Directory Partition Reference Domain
SUMMARY
This article describes how to use Ntdsutil.exe to manage the application directory partition. An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition is said to host a replica of that partition. Only domain controllers that are running a member of the Windows Server family can host a replica of an application directory partition.

Programs and services can use application directory partitions to store program-specific data. Application directory partitions can contain any type of object, except security principals. Telephony application programming interface (TAPI) is an example of a service that stores its program-specific data in an application directory partition.

back to the top
How to Create or Delete an Application Directory Partition
The following placeholders are used in the procedure that is described in this section:
•      server_name: The DNS name of the domain controller on which you want to create or delete the application directory partition.
•      application_directory_partition: The distinguished name of the application directory partition that you want to create or delete. For example, the distinguished name of the application directory partition test.microsoft.com is dc=test, dc=Microsoft, dc=com.
•      domain_controller: The DNS name of the domain controller on which you want to create or delete the application directory partition. You can also type NULL to create the application directory partition on the domain controller to which you are currently connected.
1.      Click Start, and then click Run.
2.      In the Open box, type ntdsutil.
3.      At the ntdsutil command prompt, type domain management.
4.      At the domain management command prompt, type connection.
5.      At the connection command prompt, type connect to server server_name.
6.      At the connection command prompt, type quit.
7.      At the domain management command prompt, perform one of the following tasks:
      To create an application directory partition, type the following command:
create nc application_directory_partitiondomain_controller
      To delete an application directory partition, type the following command:
delete nc application_directory_partition
•      WARNING: If you remove the last replica of an application directory partition, you may permanently lose all of the data that is contained in the partition. You must decide when it is safe to delete the last copy of a particular partition.

NOTE: The value for the domain_controller parameter of the create nc command must either be the DNS name of a domain controller or a NULL variable. If you are creating the application directory partition on the domain controller to which you are currently connected, use the NULL variable.
back to the top
How to Add or Remove an Application Directory Partition Replica
An application directory partition replica is an instance of the application directory partition on another domain controller.

The following placeholders are used in the procedure that is described in this section:
•      application_directory_partition: The distinguished name for the application directory partition of which you want to add or remove a replica. For example, the distinguished name of the application directory partition test.microsoft.com is dc=test, dc=microsoft, dc=com.
•      domain_controller: The DNS name of the domain controller on which you want to add or remove the replica of the application directory partition.
1.      Click Start, and then click Run.
2.      In the Open box, type ntdsutil.
3.      At the ntdsutil command prompt, type domain management.
4.      At the domain management command prompt, type connection.
5.      At the connection command prompt, type connect to server domain_controller.
6.      At the connection command prompt, type quit.
7.      At the domain management command prompt, perform one of the following tasks:
o      To add an application directory partition replica, type the following command:
add nc replica application_directory_partitiondomain_controller
o      To remove an application directory partition replica, type the following command:
remove nc replica application_directory_partition
8.      WARNING: If you remove the last replica of an application directory partition, you may permanently lose all of the data that is contained in the partition.

NOTE: You can use the NULL value for the domain_controller parameter of the add nc replica and remove nc replica commands if you are adding or removing the application directory partition replica on the domain controller to which you are currently connected.
back to the top
How to Display Application Directory Partition Information
1.      Click Start, and then click Run.
2.      In the Open box, type ntdsutil.
3.      At the ntdsutil command prompt, type domain management.
4.      At the domain management command prompt, type connection.
5.      At the connection command prompt, type connect to server domain_controller (where domain_controller is the DNS name of the domain controller for which you want to display application directory partition information).
6.      At the connection command prompt, type quit.
7.      At the domain management command prompt, type list.
back to the top
How to Set an Application Directory Partition Reference Domain
The security descriptor reference domain defines a domain name for the default security descriptor for objects in the application directory partition. By default, the security descriptor reference domain is the parent domain of the application directory partition. If the application directory partition is a child of another application directory partition, the default security descriptor reference domain is the security descriptor reference domain of the parent application directory partition. If the application directory partition has no parent, the forest root domain becomes the default security descriptor reference domain. You can use Ntdsutil to change the default security descriptor reference domain.

The following placeholders are used in the procedure that is described in this section:
•      domain_controller: The DNS name of the domain controller in the domain that you want to be the security reference domain for this application directory partition.
•      application_directory_partition: The distinguished name for the application directory partition for which you want to set the reference domain. For example, the distinguished name of the application directory partition test.microsoft.com is dc=test, dc=microsoft, dc=com.
1.      Click Start, and then click Run.
2.      In the Open box, type ntdsutil.
3.      At the ntdsutil command prompt, type domain management.
4.      At the domain management command prompt, type connection.
5.      At the connection command prompt, type connect to server domain_controller.
6.      At the connection command, type quit.
7.      At the domain management command, type the following command:
set nc reference domain application_directory_partitiondomain_controller
0
 
Jay_Jay70Commented:
thankyou :)
0
 
GranModCommented:
PAQed with points refunded (250)

GranMod
Community Support Moderator
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now