Solved

KCC Replication

Posted on 2011-09-08
11
1,123 Views
Last Modified: 2012-05-12
Is the a way to force KCC to recreate the "automatically generated" connection between domain controllers at different sites?

I know it can be done manually but am hoping to force the system to do it.
0
Comment
Question by:EKITA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 200 total points
ID: 36506589
You can run repadmin /kcc    http://technet.microsoft.com/en-us/library/cc742173(WS.10).aspx

The KCC runs every 15 minutes by default.

Thanks

Mike
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36506610
If you break the availability of all existing manually configured replication connections, KCC will auto kick in and generate new connections.  By breaking, I mean disrupting the ability to allow that particular connection from functioning.  The resulting KCC automatics will only build working connections, so it's not the best.  Example, if for a site, you have a dc2 connecting ONLY to dc1, and DC1 is the only connector to your other sites, KCC will kick in once it realized it can not reach DC1.  The resulting automatic will only be to DC2, leaving DC1 out of the loop.

To cause the connection to fail, you'd have to do something drastic, like power down the DC that's manually configured, or disable it's nic, etc.  Not very elegant.

Alternatively, when you CHANGE a replication schedule value, such as increase or decrease the interval, this will trigger KCC to re-examine/execute.  This may not create the AUTO connections though, if the manually configured entries are there.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36506756
Generally the KCC does a good job and you should not need manual connections.  Good blog by Mark with more info here

http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

Thanks

Mike
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:EKITA
ID: 36507330
mkline71,

I followed the steps outlined in the blog however when i run repadmin /kcc it deletes the newly created connection.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36508792
It may delete the unwanted connection.Along with repadmin /kcc also ran repadmin /syncall /AdeP on all the DC and wait for some interval for the replication to take place.
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36515044
Kind of thinking that if you remove all existing connections and trigger the KCC with repadmin, it'll create all the auto connections?
0
 

Author Comment

by:EKITA
ID: 36531911
I’m upping the points on this one.

Here is the complete picture:

We have two sites. SiteA and SiteB.
SiteA has two DCs and SiteB has one. All DCs are GCs

One of the DCs at SiteA was demoted and re-promoted back to a DC without enough time allotted for AD to replicate to all DCs across sites.

The fallout is that the newly promoted DC at SiteA is not replicating to the DC at SiteB. However, the DC at SiteB is replicating successfully both ways to the other DC at SiteA.

I get the following errors:
The following error occurred with during the attempt to synchronize the naming context domainname.local from domain controller “new promoted DC at Site A” to “DC at Site B”. The naming context is in the process of being removed or is not replicated from the specified server. The operation will not continue.

 I also see event 1272 on the new DC.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 300 total points
ID: 36533678
As you have mentioned that in Site A one of the DC was demoted was the demotion gracefull.If not was it removed forcefull and if it was removed forcefully have you ran metadataclean to remove the instances from AD database and dns.It seems that  dc is not promoted properly.

However can you post the dcdiag /q and repadmin /replsum output of DC's in siteA and SiteB this will give clear picture.
0
 

Author Comment

by:EKITA
ID: 36550570
DC1 - Rebuilt DC at SITE A
----------------------------
DCDIAG:

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC1 failed test NCSecDesc

REPLSUM:

Replication Summary Start Time: 2011-09-16 12:35:00
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      40m:52s    0 /   5    0  
 DC2                      46m:28s    0 /  10    0  
 DC3                      40m:52s    0 /   5    0  
 
Destination DSA     largest delta    fails/total %%   error

 DC1                      46m:28s    0 /   5    0  
 DC2                      40m:52s    0 /  10    0
 DC3                      40m:08s    0 /   5    0  
-----------------------------------------------------------------------------------------------------------------------------------
DC2 - Other DC at SITE A

DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC2 failed test NCSecDesc
             
REPLSUM:

Replication Summary Start Time: 2011-09-16 12:46:03

Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error
 DC1                      51m:55s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      51m:55s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error
 DC1                      57m:31s    0 /   5    0  
 DC2                      51m:55s    0 /  10    0
 DC3                      51m:11s    0 /   5    0  
             

DC3 - Remote DC at SITE B
-----------------------------------------------------------------------------------------------------------------------------------
DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC3 failed test NCSecDesc
             
REPLSUM:
Replication Summary Start Time: 2011-09-16 17:52:24
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      58m:16s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      58m:16s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error

 DC1                      03m:53s    0 /   5    0  
 DC2                      58m:19s    0 /  10    0  
 DC3                      57m:35s    0 /   5    0





             

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36555360
All the three DC's are in sync,the dcdiag and repadmin output shows no issues with any of the DC.
It seems that the KCC has removed the unwanted connection and the required site connectioned is established.

0
 

Author Comment

by:EKITA
ID: 36560091
I manually recreated the connection between DC1 & DC3. However, when I right click and select "replicate now", I get this error "The following error occurred during the attempt to synchronize naming context domainname.com from Domain Controller DC1 to Domain Controller DC3: The naming context is in the process of being removed or is not replicated from the specified server." This operation will not continue
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question