NTDC KCC Error 1801 -
I just recently started working at a new company that is having some Active Directory/DNS issues. Before I got here there were several DC's that have come and gone and I don't know if the DNS partitions were created properly.
I noticed the following error message on the 2003 DC:
Directory Service Error NTDS KCC 1801:
The partition DC=DomainDnsZones,DC=tbpac
CN=Default-First-Site-Name
has not been instantiated yet. However, the KCC could not find any hosts from
which to replicate this partition.
I tried demoting it, removing DNS, and then re-promoting the server/installing DNS. This just caused these error messages to move over to our Windows 2008 DC. Here is some more background on our environment.
One internal AD Domain, with several domains listed in DNS - for different websites.
We currently have two network sites: Default-First-Site-Name
2 Dc's. One Windows Server 2008 and 1 Server 2003.
Second Site: One DC
AD seems to be replicating fine between the two sites and the subnets seem to be configured correctly. Most of DcDiag /e /v seems to run fine.
One the DC that gets the KCC errors, it fails the KCC and SystemLog sections of DCDIag.
Here is the output on that:
Starting test: kccevent
An Warning Event occured. EventID: 0x80000709
Time Generated: 04/22/2011 09:01:43
Event String: The partition DC=ForestDnsZones,DC=XXXXX
An Warning Event occured. EventID: 0x80000709
Time Generated: 04/22/2011 09:01:43
Event String: The partition DC=DomainDnsZones,DC=xxxxx
......................... <DCNAME> failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:05:30
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:08:06
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:15:50
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:17:12
Event String: While processing a TGS request for the target
......................... <DCNAME> failed test systemlog
After reading up a bit on this, it seems like the DomanDNS and ForestDNS active directory partition may be corrupted. I went ahead and changed the DNS Servers from AD Integrated to a Primary - Secondary to get DNS temporarily out of AD. In addition to the errors mentioned, the secondary 03 DC would also have issues loading the zone from AD at times.
So, does it look like I will need to zap the Domain/Forest partitions and if so - could I accomplish this through ADSIEdit, or should it only been done through NTDSUtil? I have seen some conflicting advice.
Any help would be appreciated. Thanks in Advance!
Andrew
I noticed the following error message on the 2003 DC:
Directory Service Error NTDS KCC 1801:
The partition DC=DomainDnsZones,DC=tbpac
CN=Default-First-Site-Name
has not been instantiated yet. However, the KCC could not find any hosts from
which to replicate this partition.
I tried demoting it, removing DNS, and then re-promoting the server/installing DNS. This just caused these error messages to move over to our Windows 2008 DC. Here is some more background on our environment.
One internal AD Domain, with several domains listed in DNS - for different websites.
We currently have two network sites: Default-First-Site-Name
2 Dc's. One Windows Server 2008 and 1 Server 2003.
Second Site: One DC
AD seems to be replicating fine between the two sites and the subnets seem to be configured correctly. Most of DcDiag /e /v seems to run fine.
One the DC that gets the KCC errors, it fails the KCC and SystemLog sections of DCDIag.
Here is the output on that:
Starting test: kccevent
An Warning Event occured. EventID: 0x80000709
Time Generated: 04/22/2011 09:01:43
Event String: The partition DC=ForestDnsZones,DC=XXXXX
An Warning Event occured. EventID: 0x80000709
Time Generated: 04/22/2011 09:01:43
Event String: The partition DC=DomainDnsZones,DC=xxxxx
......................... <DCNAME> failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:05:30
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:08:06
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:15:50
Event String: While processing a TGS request for the target
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:15:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2011 08:16:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000001B
Time Generated: 04/22/2011 08:17:12
Event String: While processing a TGS request for the target
......................... <DCNAME> failed test systemlog
After reading up a bit on this, it seems like the DomanDNS and ForestDNS active directory partition may be corrupted. I went ahead and changed the DNS Servers from AD Integrated to a Primary - Secondary to get DNS temporarily out of AD. In addition to the errors mentioned, the secondary 03 DC would also have issues loading the zone from AD at times.
So, does it look like I will need to zap the Domain/Forest partitions and if so - could I accomplish this through ADSIEdit, or should it only been done through NTDSUtil? I have seen some conflicting advice.
Any help would be appreciated. Thanks in Advance!
Andrew
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I read those articles, and still...there seems to be a conflict: Should I delete the DomainDNS and ForestDNS partitions directly from ADSI Edit, or should I use NTDSUtil? Do both methods end up in the same result?