kerry_dsouza
asked on
KCC Errors 1311,1566 and 1865 affecting AD Replication on Windows 2003
I have recently promoted a Windows 2003 DC in the Domain and I am having issues with the DNS and the Active Directory replication.I see a lot of KCC error events in the logs but in the File Replication Service log I see that the server has been promoted to a DC and the NETLOGON and the SYSVOL shares are shared but the AD replication is messed up with these events.
Any ideas?
Thanks
K
Any ideas?
Thanks
K
Looks like the site is down in AD's eyes.
Run dcdiag post results.
Does this DC have connection to the site that it is complaining about?
Run dcdiag post results.
Does this DC have connection to the site that it is complaining about?
ASKER
Yup I can ping the servers alright and with no issues and also now the KCC events have magically stopped and I no longer get them but the DNS still has some misconfiguration which i am unable to fix.
Here is the lastest Dcdiag
latest-dcdiag.txt
Here is the lastest Dcdiag
latest-dcdiag.txt
ASKER
This is the error in my DNS event logs
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 1/12/2012
Time: 5:11:52 PM
User: N/A
Computer: BSRDCGC400
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 1/12/2012
Time: 5:11:52 PM
User: N/A
Computer: BSRDCGC400
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
DNS can cause KDS errors.
Post dcdiag /test:dns
Post dcdiag /test:dns
ASKER
Here you go..
==============
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Connectivity
......................... BSRDCGC400 passed test Connectivity
Doing primary tests
Testing server: ME-Basra\BSRDCGC400
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : kbrsat
Running enterprise tests on : kbrsat.kbr.com
Starting test: DNS
......................... kbrsat.kbr.com passed test DNS
==========================
==============
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Connectivity
......................... BSRDCGC400 passed test Connectivity
Doing primary tests
Testing server: ME-Basra\BSRDCGC400
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : kbrsat
Running enterprise tests on : kbrsat.kbr.com
Starting test: DNS
......................... kbrsat.kbr.com passed test DNS
==========================
That looks good.
Any other errors in the Event logs for DNS?
Run dcdiag /fix
Any other errors in the Event logs for DNS?
Run dcdiag /fix
ASKER
I have started the /fix but one thing I noticed is that the Logons take like forever.
for example the Local File server on site took like 7 minutes to login which is not normal at all and when I checked the Logonserver using the SET command it authenticated to the local DC (BSRDCGC400) but it ages to login....
DCDIAG /FIX
==========================
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Connectivity
......................... BSRDCGC400 passed test Connectivity
Doing primary tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Replications
......................... BSRDCGC400 passed test Replications
Starting test: NCSecDesc
......................... BSRDCGC400 passed test NCSecDesc
Starting test: NetLogons
......................... BSRDCGC400 passed test NetLogons
Starting test: Advertising
......................... BSRDCGC400 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... BSRDCGC400 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... BSRDCGC400 passed test RidManager
Starting test: MachineAccount
......................... BSRDCGC400 passed test MachineAccount
Starting test: Services
......................... BSRDCGC400 passed test Services
Starting test: ObjectsReplicated
......................... BSRDCGC400 passed test ObjectsReplicated
Starting test: frssysvol
......................... BSRDCGC400 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BSRDCGC400 failed test frsevent
Starting test: kccevent
......................... BSRDCGC400 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B7A
Time Generated: 01/12/2012 17:17:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:53
(Event String could not be retrieved)
......................... BSRDCGC400 failed test systemlog
Starting test: VerifyReferences
......................... BSRDCGC400 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : kbrsat
Starting test: CrossRefValidation
......................... kbrsat passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... kbrsat passed test CheckSDRefDom
Running enterprise tests on : kbrsat.kbr.com
Starting test: Intersite
......................... kbrsat.kbr.com passed test Intersite
Starting test: FsmoCheck
......................... kbrsat.kbr.com passed test FsmoCheck
for example the Local File server on site took like 7 minutes to login which is not normal at all and when I checked the Logonserver using the SET command it authenticated to the local DC (BSRDCGC400) but it ages to login....
DCDIAG /FIX
==========================
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Connectivity
......................... BSRDCGC400 passed test Connectivity
Doing primary tests
Testing server: ME-Basra\BSRDCGC400
Starting test: Replications
......................... BSRDCGC400 passed test Replications
Starting test: NCSecDesc
......................... BSRDCGC400 passed test NCSecDesc
Starting test: NetLogons
......................... BSRDCGC400 passed test NetLogons
Starting test: Advertising
......................... BSRDCGC400 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... BSRDCGC400 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... BSRDCGC400 passed test RidManager
Starting test: MachineAccount
......................... BSRDCGC400 passed test MachineAccount
Starting test: Services
......................... BSRDCGC400 passed test Services
Starting test: ObjectsReplicated
......................... BSRDCGC400 passed test ObjectsReplicated
Starting test: frssysvol
......................... BSRDCGC400 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BSRDCGC400 failed test frsevent
Starting test: kccevent
......................... BSRDCGC400 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B7A
Time Generated: 01/12/2012 17:17:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 01/12/2012 17:17:53
(Event String could not be retrieved)
......................... BSRDCGC400 failed test systemlog
Starting test: VerifyReferences
......................... BSRDCGC400 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : kbrsat
Starting test: CrossRefValidation
......................... kbrsat passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... kbrsat passed test CheckSDRefDom
Running enterprise tests on : kbrsat.kbr.com
Starting test: Intersite
......................... kbrsat.kbr.com passed test Intersite
Starting test: FsmoCheck
......................... kbrsat.kbr.com passed test FsmoCheck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you getting DNS errors on all DCs?
As it is explained in the events your new DC is unable to dialog with other DCs in the "UK-London" AD site. So it is unable to create replication site links.
This can typically comes from network issues. This can be due to missing IP routes to join the requires site, or firewall on the way that refuse requires TCP/UDP traffic.
From your new DC, try to ping DCs in UK-London by their IP address. Also, try to ping by their FQDN name and see if DNS resolution is OK.
Have a good day.