Solved

Event ID: 1801 Source: NTDS KCC errors every 15 minutes

Posted on 2013-02-05
15
2,050 Views
Last Modified: 2013-02-07
Hi Friends

I have 2 Domain controllers in 2 different OU is showing this Event ID 1801. I have one bldg that has 2 DC in which 1 shows 1801 and in the next bldg I have 2 Dc in which 1 shows 1801.

I looked up and found tons of information but not sure where to begin.

What I have understood so far that I have to delete the domain dns zone and forest dns zone and redo it.

Ok So I don;t have any issue with replication and inter site happens fast and intrasite in 3 minutes.

so if I take backup of all three PC and do it in 1 at a time will it cause problem. I know I can;t delete domain dns zone and forest dns zone on all 3 DC at once.

Just wanted to make sure.

and under ntdsutil : domain management doesn't work. Am I missing any thing.

I would very much appreciate if someone send me the steps to fix the issue (and not create any more)

Thanks
event1801.jpg
0
Comment
Question by:Kmitra
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
What is the text of that error, if you don't mind?
0
 
LVL 5

Author Comment

by:Kmitra
Comment Utility
The partition DC=DomainDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

&

The partition DC=ForestDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

Thanks
0
 
LVL 5

Expert Comment

by:d_nedelchev
Comment Utility
You can try the steps described here (posts by T.G. Tran and Jim VanDyke).

Another thing that you can try is to increase logging level for the NTDS service in order to get more detailed information about the problem:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics]
"1 Knowledge Consistency Checker"=dword:00000000

Open in new window


Set the value to 1 or 2. The maximum logging level is 5, but it will flood the Directory Service log.

Reboot the DC and see if the increased logging level can shed some light on the issue.
0
 
LVL 35

Expert Comment

by:Nick Sui
Comment Utility
When did you implemented 2nd DC in environment? and did you perform various tests to make sure DC Replication is working properly?

All partitions a DC hosts must be initialized first with a partner before it can sync.

You have replication issue between these two servers. Did you check if there any DNS errors on both the DCs?

-----
Sys.
0
 
LVL 9

Expert Comment

by:Zenvenky
Comment Utility
I have 2 Domain controllers in 2 different OU is showing this Event ID 1801

I need clarification on this, when you open ADUC where do you see 2 DCs? Is it in Domain Controllers OU or both are in different OUs.

If both the DCs are in different OUs then that's the issue.
0
 
LVL 35

Expert Comment

by:Nick Sui
Comment Utility
Agreed with zenvenky..

You should not move DCs from its default OU which is "Domain Controllers " OU.

-----
Sys.
0
 
LVL 5

Author Comment

by:Kmitra
Comment Utility
I meant I have 2 DC (GC) in 2 sites. Sorry to confuse everyone. Each site has 2 DC's and .


Both sites had 1 DC to begin with and I added another DC for fault tolarance . I don't have any DNS replication or any replication issue I can see. User changes get propagated rightway with in the site and intersite every 5 minutes.

None of the server has any event warning for DNS . and only 1 DC per sites shows 1801.

Hope that helps.

Thanks
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 5

Expert Comment

by:d_nedelchev
Comment Utility
Did you run DCDiag.exe on the DCs that log the error?

dcdiag.exe /v /f:dcdiag.log

or

dcdiag.exe /v /c /f:dcdiag.log
0
 
LVL 5

Author Comment

by:Kmitra
Comment Utility
0
 
LVL 5

Accepted Solution

by:
d_nedelchev earned 500 total points
Comment Utility
Well, I can't find any further information about the problem in those logs. So far all threads regarding this event id which I found on the web suggest that the Application Partition is corrupt and has to be recreated. So this is the procedure:

Start -> Run -> cmd [Enter]

ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server DC3
server connections: q
domain management: list
you should see something like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
3 - DC=DomainDNSZones, DC=blabla, DC=com.
3 - DC=ForestDNSZones, DC=blabla, DC=com.
domain management: delete NC DC=DomainDNSZones,DC=blabla,DC=com
domain management: delete NC DC=ForestDNSZones,DC=blabla,DC=com
domain management: list
now the output should look like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
domain management: q
ntdsutil: q

Now re-create the Application Partition:

DnsCmd DC3 /CreateDirectoryPartition DomainDNSZones.blabla.com
DnsCmd DC3 /CreateDirectoryPartition ForestDNSZones.blabla.com

Or run dnsmgmt.msc -> right-click on the DC3 node -> Create Default Application Directory Partitions...


Here is the thread on the Microsoft TechNet - check the last post.



All this assuming that DC3 is your DNS server, or at least one of them.
0
 
LVL 5

Author Comment

by:Kmitra
Comment Utility
Yes DC3 is 1 DNS server. Its also the FSMO role Holder. That Being said is it ok to perform the above mention task on it ?

Please reply. I can do on the other Server on site 2 which is a DC,GC and DNS. But to me its originating from DC3 as all the default connection is with Dc3. Solving the issue on DC3 will resolve on the other server. So once you confirm I will proceed. I will do a VMzip for DC3.

I truely appreciate you taking time for this issue.

Thanks y'all
0
 
LVL 5

Expert Comment

by:d_nedelchev
Comment Utility
It looks like you will have to backup your DNS Zones before the procedure and restore the afterwards:


Backup:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /EnumZones
DnsCmd /ZoneExport blabla.com .\backup\blabla.com.dns.BAK
DnsCmd /ZoneExport _msdcs.blabla.com .\backup\_msdcs.blabla.com.dns.BAK


Restore:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /ZoneAdd blabla.com /Primary /file .\backup\blabla.com.dns.BAK /load
DnsCmd /ZoneResetType blabla.com /DsPrimary
DnsCmd /Config blabla.com /AllowUpdate 2
DnsCmd /ZoneAdd _msdcs.blabla.com /Primary /file .\backup\_msdcs.blabla.com.dns.BAK /load
DnsCmd /ZoneResetType _msdcs.blabla.com /DsPrimary
DnsCmd /Config _msdcs.blabla.com /AllowUpdate 2

Here is the source for a PowerShell script for Backup & Restore.


My setup is with single DC though and it's 2003 so I cannot give any guarantee of success, but I just went through the procedure and it carried out just fine. The only thing I can add is that after you delete the NCs you must eather wait for the changes to replicate to the other DCs and especialy to the other DNS servers or force the replication.

Another thing... in 2008 the domain management is obviously changed to partition management
0
 
LVL 5

Author Comment

by:Kmitra
Comment Utility
Well It looks like the last 1801 was seen at 3:01pm CST and no more .

So looks like you did it. Great Help. I will keep my eyes open for any other issue. Will keep you posted.

Thanks
0
 
LVL 5

Author Closing Comment

by:Kmitra
Comment Utility
SOLVED Even ID 1801 in Windows Server 2008 R2.
This will help so many other Techies. Simple steps and Event ID 1801 is a HISTORY.

Thank You very much.
0
 
LVL 5

Expert Comment

by:d_nedelchev
Comment Utility
Glad to help, but I have one suggestion. May be you should mark my last post (ID: 38860993) as part of the solution as well, because it is prerequisite for the procedure of re-creating the DNS Application Partition. Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now