Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1143
  • Last Modified:

KCC Replication

Is the a way to force KCC to recreate the "automatically generated" connection between domain controllers at different sites?

I know it can be done manually but am hoping to force the system to do it.
0
EKITA
Asked:
EKITA
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
Mike KlineCommented:
You can run repadmin /kcc    http://technet.microsoft.com/en-us/library/cc742173(WS.10).aspx

The KCC runs every 15 minutes by default.

Thanks

Mike
0
 
BobintheNocCommented:
If you break the availability of all existing manually configured replication connections, KCC will auto kick in and generate new connections.  By breaking, I mean disrupting the ability to allow that particular connection from functioning.  The resulting KCC automatics will only build working connections, so it's not the best.  Example, if for a site, you have a dc2 connecting ONLY to dc1, and DC1 is the only connector to your other sites, KCC will kick in once it realized it can not reach DC1.  The resulting automatic will only be to DC2, leaving DC1 out of the loop.

To cause the connection to fail, you'd have to do something drastic, like power down the DC that's manually configured, or disable it's nic, etc.  Not very elegant.

Alternatively, when you CHANGE a replication schedule value, such as increase or decrease the interval, this will trigger KCC to re-examine/execute.  This may not create the AUTO connections though, if the manually configured entries are there.
0
 
Mike KlineCommented:
Generally the KCC does a good job and you should not need manual connections.  Good blog by Mark with more info here

http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

Thanks

Mike
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
EKITAAuthor Commented:
mkline71,

I followed the steps outlined in the blog however when i run repadmin /kcc it deletes the newly created connection.
0
 
SandeshdubeyCommented:
It may delete the unwanted connection.Along with repadmin /kcc also ran repadmin /syncall /AdeP on all the DC and wait for some interval for the replication to take place.
0
 
BobintheNocCommented:
Kind of thinking that if you remove all existing connections and trigger the KCC with repadmin, it'll create all the auto connections?
0
 
EKITAAuthor Commented:
I’m upping the points on this one.

Here is the complete picture:

We have two sites. SiteA and SiteB.
SiteA has two DCs and SiteB has one. All DCs are GCs

One of the DCs at SiteA was demoted and re-promoted back to a DC without enough time allotted for AD to replicate to all DCs across sites.

The fallout is that the newly promoted DC at SiteA is not replicating to the DC at SiteB. However, the DC at SiteB is replicating successfully both ways to the other DC at SiteA.

I get the following errors:
The following error occurred with during the attempt to synchronize the naming context domainname.local from domain controller “new promoted DC at Site A” to “DC at Site B”. The naming context is in the process of being removed or is not replicated from the specified server. The operation will not continue.

 I also see event 1272 on the new DC.
0
 
SandeshdubeyCommented:
As you have mentioned that in Site A one of the DC was demoted was the demotion gracefull.If not was it removed forcefull and if it was removed forcefully have you ran metadataclean to remove the instances from AD database and dns.It seems that  dc is not promoted properly.

However can you post the dcdiag /q and repadmin /replsum output of DC's in siteA and SiteB this will give clear picture.
0
 
EKITAAuthor Commented:
DC1 - Rebuilt DC at SITE A
----------------------------
DCDIAG:

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC1 failed test NCSecDesc

REPLSUM:

Replication Summary Start Time: 2011-09-16 12:35:00
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      40m:52s    0 /   5    0  
 DC2                      46m:28s    0 /  10    0  
 DC3                      40m:52s    0 /   5    0  
 
Destination DSA     largest delta    fails/total %%   error

 DC1                      46m:28s    0 /   5    0  
 DC2                      40m:52s    0 /  10    0
 DC3                      40m:08s    0 /   5    0  
-----------------------------------------------------------------------------------------------------------------------------------
DC2 - Other DC at SITE A

DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC2 failed test NCSecDesc
             
REPLSUM:

Replication Summary Start Time: 2011-09-16 12:46:03

Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error
 DC1                      51m:55s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      51m:55s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error
 DC1                      57m:31s    0 /   5    0  
 DC2                      51m:55s    0 /  10    0
 DC3                      51m:11s    0 /   5    0  
             

DC3 - Remote DC at SITE B
-----------------------------------------------------------------------------------------------------------------------------------
DCDIAG

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=ForestDnsZones,DC=domainname,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have             Replicating Directory Changes In Filtered Set
         access rights for the naming context:         DC=DomainDnsZones,DC=domainname,DC=com
         ......................... DC3 failed test NCSecDesc
             
REPLSUM:
Replication Summary Start Time: 2011-09-16 17:52:24
Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error

 DC1                      58m:16s    0 /   5    0  
 DC2                      57m:31s    0 /  10    0  
 DC3                      58m:16s    0 /   5    0  

Destination DSA     largest delta    fails/total %%   error

 DC1                      03m:53s    0 /   5    0  
 DC2                      58m:19s    0 /  10    0  
 DC3                      57m:35s    0 /   5    0





             

0
 
SandeshdubeyCommented:
All the three DC's are in sync,the dcdiag and repadmin output shows no issues with any of the DC.
It seems that the KCC has removed the unwanted connection and the required site connectioned is established.

0
 
EKITAAuthor Commented:
I manually recreated the connection between DC1 & DC3. However, when I right click and select "replicate now", I get this error "The following error occurred during the attempt to synchronize naming context domainname.com from Domain Controller DC1 to Domain Controller DC3: The naming context is in the process of being removed or is not replicated from the specified server." This operation will not continue
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now