Solved

Event ID: 1801 Source: NTDS KCC errors every 15 minutes

Posted on 2013-02-05
15
2,208 Views
Last Modified: 2013-02-07
Hi Friends

I have 2 Domain controllers in 2 different OU is showing this Event ID 1801. I have one bldg that has 2 DC in which 1 shows 1801 and in the next bldg I have 2 Dc in which 1 shows 1801.

I looked up and found tons of information but not sure where to begin.

What I have understood so far that I have to delete the domain dns zone and forest dns zone and redo it.

Ok So I don;t have any issue with replication and inter site happens fast and intrasite in 3 minutes.

so if I take backup of all three PC and do it in 1 at a time will it cause problem. I know I can;t delete domain dns zone and forest dns zone on all 3 DC at once.

Just wanted to make sure.

and under ntdsutil : domain management doesn't work. Am I missing any thing.

I would very much appreciate if someone send me the steps to fix the issue (and not create any more)

Thanks
event1801.jpg
0
Comment
Question by:Kmitra
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 26

Expert Comment

by:DrDave242
ID: 38857355
What is the text of that error, if you don't mind?
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38857393
The partition DC=DomainDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

&

The partition DC=ForestDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

Thanks
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38857399
You can try the steps described here (posts by T.G. Tran and Jim VanDyke).

Another thing that you can try is to increase logging level for the NTDS service in order to get more detailed information about the problem:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics]
"1 Knowledge Consistency Checker"=dword:00000000

Open in new window


Set the value to 1 or 2. The maximum logging level is 5, but it will flood the Directory Service log.

Reboot the DC and see if the increased logging level can shed some light on the issue.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38858089
When did you implemented 2nd DC in environment? and did you perform various tests to make sure DC Replication is working properly?

All partitions a DC hosts must be initialized first with a partner before it can sync.

You have replication issue between these two servers. Did you check if there any DNS errors on both the DCs?

-----
Sys.
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 38858191
I have 2 Domain controllers in 2 different OU is showing this Event ID 1801

I need clarification on this, when you open ADUC where do you see 2 DCs? Is it in Domain Controllers OU or both are in different OUs.

If both the DCs are in different OUs then that's the issue.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38858222
Agreed with zenvenky..

You should not move DCs from its default OU which is "Domain Controllers " OU.

-----
Sys.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38859493
I meant I have 2 DC (GC) in 2 sites. Sorry to confuse everyone. Each site has 2 DC's and .


Both sites had 1 DC to begin with and I added another DC for fault tolarance . I don't have any DNS replication or any replication issue I can see. User changes get propagated rightway with in the site and intersite every 5 minutes.

None of the server has any event warning for DNS . and only 1 DC per sites shows 1801.

Hope that helps.

Thanks
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38859892
Did you run DCDiag.exe on the DCs that log the error?

dcdiag.exe /v /f:dcdiag.log

or

dcdiag.exe /v /c /f:dcdiag.log
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38859946
0
 
LVL 5

Accepted Solution

by:
d_nedelchev earned 500 total points
ID: 38860409
Well, I can't find any further information about the problem in those logs. So far all threads regarding this event id which I found on the web suggest that the Application Partition is corrupt and has to be recreated. So this is the procedure:

Start -> Run -> cmd [Enter]

ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server DC3
server connections: q
domain management: list
you should see something like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
3 - DC=DomainDNSZones, DC=blabla, DC=com.
3 - DC=ForestDNSZones, DC=blabla, DC=com.
domain management: delete NC DC=DomainDNSZones,DC=blabla,DC=com
domain management: delete NC DC=ForestDNSZones,DC=blabla,DC=com
domain management: list
now the output should look like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
domain management: q
ntdsutil: q

Now re-create the Application Partition:

DnsCmd DC3 /CreateDirectoryPartition DomainDNSZones.blabla.com
DnsCmd DC3 /CreateDirectoryPartition ForestDNSZones.blabla.com

Or run dnsmgmt.msc -> right-click on the DC3 node -> Create Default Application Directory Partitions...


Here is the thread on the Microsoft TechNet - check the last post.



All this assuming that DC3 is your DNS server, or at least one of them.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38860451
Yes DC3 is 1 DNS server. Its also the FSMO role Holder. That Being said is it ok to perform the above mention task on it ?

Please reply. I can do on the other Server on site 2 which is a DC,GC and DNS. But to me its originating from DC3 as all the default connection is with Dc3. Solving the issue on DC3 will resolve on the other server. So once you confirm I will proceed. I will do a VMzip for DC3.

I truely appreciate you taking time for this issue.

Thanks y'all
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38860993
It looks like you will have to backup your DNS Zones before the procedure and restore the afterwards:


Backup:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /EnumZones
DnsCmd /ZoneExport blabla.com .\backup\blabla.com.dns.BAK
DnsCmd /ZoneExport _msdcs.blabla.com .\backup\_msdcs.blabla.com.dns.BAK


Restore:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /ZoneAdd blabla.com /Primary /file .\backup\blabla.com.dns.BAK /load
DnsCmd /ZoneResetType blabla.com /DsPrimary
DnsCmd /Config blabla.com /AllowUpdate 2
DnsCmd /ZoneAdd _msdcs.blabla.com /Primary /file .\backup\_msdcs.blabla.com.dns.BAK /load
DnsCmd /ZoneResetType _msdcs.blabla.com /DsPrimary
DnsCmd /Config _msdcs.blabla.com /AllowUpdate 2

Here is the source for a PowerShell script for Backup & Restore.


My setup is with single DC though and it's 2003 so I cannot give any guarantee of success, but I just went through the procedure and it carried out just fine. The only thing I can add is that after you delete the NCs you must eather wait for the changes to replicate to the other DCs and especialy to the other DNS servers or force the replication.

Another thing... in 2008 the domain management is obviously changed to partition management
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38861712
Well It looks like the last 1801 was seen at 3:01pm CST and no more .

So looks like you did it. Great Help. I will keep my eyes open for any other issue. Will keep you posted.

Thanks
0
 
LVL 5

Author Closing Comment

by:Kmitra
ID: 38863696
SOLVED Even ID 1801 in Windows Server 2008 R2.
This will help so many other Techies. Simple steps and Event ID 1801 is a HISTORY.

Thank You very much.
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38864066
Glad to help, but I have one suggestion. May be you should mark my last post (ID: 38860993) as part of the solution as well, because it is prerequisite for the procedure of re-creating the DNS Application Partition. Thanks
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question