?
Solved

Event ID: 1801 Source: NTDS KCC errors every 15 minutes

Posted on 2013-02-05
15
Medium Priority
?
2,566 Views
Last Modified: 2013-02-07
Hi Friends

I have 2 Domain controllers in 2 different OU is showing this Event ID 1801. I have one bldg that has 2 DC in which 1 shows 1801 and in the next bldg I have 2 Dc in which 1 shows 1801.

I looked up and found tons of information but not sure where to begin.

What I have understood so far that I have to delete the domain dns zone and forest dns zone and redo it.

Ok So I don;t have any issue with replication and inter site happens fast and intrasite in 3 minutes.

so if I take backup of all three PC and do it in 1 at a time will it cause problem. I know I can;t delete domain dns zone and forest dns zone on all 3 DC at once.

Just wanted to make sure.

and under ntdsutil : domain management doesn't work. Am I missing any thing.

I would very much appreciate if someone send me the steps to fix the issue (and not create any more)

Thanks
event1801.jpg
0
Comment
Question by:Kmitra
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 27

Expert Comment

by:DrDave242
ID: 38857355
What is the text of that error, if you don't mind?
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38857393
The partition DC=DomainDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

&

The partition DC=ForestDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

Thanks
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38857399
You can try the steps described here (posts by T.G. Tran and Jim VanDyke).

Another thing that you can try is to increase logging level for the NTDS service in order to get more detailed information about the problem:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics]
"1 Knowledge Consistency Checker"=dword:00000000

Open in new window


Set the value to 1 or 2. The maximum logging level is 5, but it will flood the Directory Service log.

Reboot the DC and see if the increased logging level can shed some light on the issue.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38858089
When did you implemented 2nd DC in environment? and did you perform various tests to make sure DC Replication is working properly?

All partitions a DC hosts must be initialized first with a partner before it can sync.

You have replication issue between these two servers. Did you check if there any DNS errors on both the DCs?

-----
Sys.
0
 
LVL 10

Expert Comment

by:ZenVenky
ID: 38858191
I have 2 Domain controllers in 2 different OU is showing this Event ID 1801

I need clarification on this, when you open ADUC where do you see 2 DCs? Is it in Domain Controllers OU or both are in different OUs.

If both the DCs are in different OUs then that's the issue.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38858222
Agreed with zenvenky..

You should not move DCs from its default OU which is "Domain Controllers " OU.

-----
Sys.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38859493
I meant I have 2 DC (GC) in 2 sites. Sorry to confuse everyone. Each site has 2 DC's and .


Both sites had 1 DC to begin with and I added another DC for fault tolarance . I don't have any DNS replication or any replication issue I can see. User changes get propagated rightway with in the site and intersite every 5 minutes.

None of the server has any event warning for DNS . and only 1 DC per sites shows 1801.

Hope that helps.

Thanks
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38859892
Did you run DCDiag.exe on the DCs that log the error?

dcdiag.exe /v /f:dcdiag.log

or

dcdiag.exe /v /c /f:dcdiag.log
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38859946
0
 
LVL 5

Accepted Solution

by:
d_nedelchev earned 2000 total points
ID: 38860409
Well, I can't find any further information about the problem in those logs. So far all threads regarding this event id which I found on the web suggest that the Application Partition is corrupt and has to be recreated. So this is the procedure:

Start -> Run -> cmd [Enter]

ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server DC3
server connections: q
domain management: list
you should see something like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
3 - DC=DomainDNSZones, DC=blabla, DC=com.
3 - DC=ForestDNSZones, DC=blabla, DC=com.
domain management: delete NC DC=DomainDNSZones,DC=blabla,DC=com
domain management: delete NC DC=ForestDNSZones,DC=blabla,DC=com
domain management: list
now the output should look like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
domain management: q
ntdsutil: q

Now re-create the Application Partition:

DnsCmd DC3 /CreateDirectoryPartition DomainDNSZones.blabla.com
DnsCmd DC3 /CreateDirectoryPartition ForestDNSZones.blabla.com

Or run dnsmgmt.msc -> right-click on the DC3 node -> Create Default Application Directory Partitions...


Here is the thread on the Microsoft TechNet - check the last post.



All this assuming that DC3 is your DNS server, or at least one of them.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38860451
Yes DC3 is 1 DNS server. Its also the FSMO role Holder. That Being said is it ok to perform the above mention task on it ?

Please reply. I can do on the other Server on site 2 which is a DC,GC and DNS. But to me its originating from DC3 as all the default connection is with Dc3. Solving the issue on DC3 will resolve on the other server. So once you confirm I will proceed. I will do a VMzip for DC3.

I truely appreciate you taking time for this issue.

Thanks y'all
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38860993
It looks like you will have to backup your DNS Zones before the procedure and restore the afterwards:


Backup:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /EnumZones
DnsCmd /ZoneExport blabla.com .\backup\blabla.com.dns.BAK
DnsCmd /ZoneExport _msdcs.blabla.com .\backup\_msdcs.blabla.com.dns.BAK


Restore:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /ZoneAdd blabla.com /Primary /file .\backup\blabla.com.dns.BAK /load
DnsCmd /ZoneResetType blabla.com /DsPrimary
DnsCmd /Config blabla.com /AllowUpdate 2
DnsCmd /ZoneAdd _msdcs.blabla.com /Primary /file .\backup\_msdcs.blabla.com.dns.BAK /load
DnsCmd /ZoneResetType _msdcs.blabla.com /DsPrimary
DnsCmd /Config _msdcs.blabla.com /AllowUpdate 2

Here is the source for a PowerShell script for Backup & Restore.


My setup is with single DC though and it's 2003 so I cannot give any guarantee of success, but I just went through the procedure and it carried out just fine. The only thing I can add is that after you delete the NCs you must eather wait for the changes to replicate to the other DCs and especialy to the other DNS servers or force the replication.

Another thing... in 2008 the domain management is obviously changed to partition management
0
 
LVL 5

Author Comment

by:Kmitra
ID: 38861712
Well It looks like the last 1801 was seen at 3:01pm CST and no more .

So looks like you did it. Great Help. I will keep my eyes open for any other issue. Will keep you posted.

Thanks
0
 
LVL 5

Author Closing Comment

by:Kmitra
ID: 38863696
SOLVED Even ID 1801 in Windows Server 2008 R2.
This will help so many other Techies. Simple steps and Event ID 1801 is a HISTORY.

Thank You very much.
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 38864066
Glad to help, but I have one suggestion. May be you should mark my last post (ID: 38860993) as part of the solution as well, because it is prerequisite for the procedure of re-creating the DNS Application Partition. Thanks
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question