Solved

KCC Replication

Posted on 2011-09-08
11
1,136 Views
Last Modified: 2012-05-12
Is the a way to force KCC to recreate the "automatically generated" connection between domain controllers at different sites?

I know it can be done manually but am hoping to force the system to do it.
0
Comment
Question by:EKITA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 200 total points
ID: 36506589
You can run repadmin /kcc    http://technet.microsoft.com/en-us/library/cc742173(WS.10).aspx

The KCC runs every 15 minutes by default.

Thanks

Mike
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36506610
If you break the availability of all existing manually configured replication connections, KCC will auto kick in and generate new connections.  By breaking, I mean disrupting the ability to allow that particular connection from functioning.  The resulting KCC automatics will only build working connections, so it's not the best.  Example, if for a site, you have a dc2 connecting ONLY to dc1, and DC1 is the only connector to your other sites, KCC will kick in once it realized it can not reach DC1.  The resulting automatic will only be to DC2, leaving DC1 out of the loop.

To cause the connection to fail, you'd have to do something drastic, like power down the DC that's manually configured, or disable it's nic, etc.  Not very elegant.

Alternatively, when you CHANGE a replication schedule value, such as increase or decrease the interval, this will trigger KCC to re-examine/execute.  This may not create the AUTO connections though, if the manually configured entries are there.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36506756
Generally the KCC does a good job and you should not need manual connections.  Good blog by Mark with more info here

http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

Thanks

Mike
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:EKITA
ID: 36507330
mkline71,

I followed the steps outlined in the blog however when i run repadmin /kcc it deletes the newly created connection.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36508792
It may delete the unwanted connection.Along with repadmin /kcc also ran repadmin /syncall /AdeP on all the DC and wait for some interval for the replication to take place.
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36515044
Kind of thinking that if you remove all existing connections and trigger the KCC with repadmin, it'll create all the auto connections?
0
 

Author Comment

by:EKITA
ID: 36531911
I’m upping the points on this one.

Here is the complete picture:

We have two sites. SiteA and SiteB.
SiteA has two DCs and SiteB has one. All DCs are GCs

One of the DCs at SiteA was demoted and re-promoted back to a DC without enough time allotted for AD to replicate to all DCs across sites.

The fallout is that the newly promoted DC at SiteA is not replicating to the DC at SiteB. However, the DC at SiteB is replicating successfully both ways to the other DC at SiteA.

I get the following errors:
The following error occurred with during the attempt to synchronize the naming context domainname.local from domain controller “new promoted DC at Site A” to “DC at Site B”. The naming context is in the process of being removed or is not replicated from the specified server. The operation will not continue.

 I also see event 1272 on the new DC.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 300 total points
ID: 36533678
As you have mentioned that in Site A one of the DC was demoted was the demotion gracefull.If not was it removed forcefull and if it was removed forcefully have you ran metadataclean to remove the instances from AD database and dns.It seems that  dc is not promoted properly.

However can you post the dcdiag /q and repadmin /replsum output of DC's in siteA and SiteB this will give clear picture.
0
 

Author Comment

by:EKITA
ID: 36550570
DC1 - Rebuilt DC at SITE A
----------------------------
DCDIAG:

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC1 failed test NCSecDesc

REPLSUM:

Replication Summary Start Time: 2011-09-16 12:35:00
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      40m:52s    0 /   5    0  
 DC2                      46m:28s    0 /  10    0  
 DC3                      40m:52s    0 /   5    0  
 
Destination DSA     largest delta    fails/total %%   error

 DC1                      46m:28s    0 /   5    0  
 DC2                      40m:52s    0 /  10    0
 DC3                      40m:08s    0 /   5    0  
-----------------------------------------------------------------------------------------------------------------------------------
DC2 - Other DC at SITE A

DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC2 failed test NCSecDesc
             
REPLSUM:

Replication Summary Start Time: 2011-09-16 12:46:03

Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error
 DC1                      51m:55s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      51m:55s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error
 DC1                      57m:31s    0 /   5    0  
 DC2                      51m:55s    0 /  10    0
 DC3                      51m:11s    0 /   5    0  
             

DC3 - Remote DC at SITE B
-----------------------------------------------------------------------------------------------------------------------------------
DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC3 failed test NCSecDesc
             
REPLSUM:
Replication Summary Start Time: 2011-09-16 17:52:24
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      58m:16s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      58m:16s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error

 DC1                      03m:53s    0 /   5    0  
 DC2                      58m:19s    0 /  10    0  
 DC3                      57m:35s    0 /   5    0





             

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36555360
All the three DC's are in sync,the dcdiag and repadmin output shows no issues with any of the DC.
It seems that the KCC has removed the unwanted connection and the required site connectioned is established.

0
 

Author Comment

by:EKITA
ID: 36560091
I manually recreated the connection between DC1 & DC3. However, when I right click and select "replicate now", I get this error "The following error occurred during the attempt to synchronize naming context domainname.com from Domain Controller DC1 to Domain Controller DC3: The naming context is in the process of being removed or is not replicated from the specified server." This operation will not continue
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question