Event ID: 1801 Source: NTDS KCC errors every 15 minutes

Hi Friends

I have 2 Domain controllers in 2 different OU is showing this Event ID 1801. I have one bldg that has 2 DC in which 1 shows 1801 and in the next bldg I have 2 Dc in which 1 shows 1801.

I looked up and found tons of information but not sure where to begin.

What I have understood so far that I have to delete the domain dns zone and forest dns zone and redo it.

Ok So I don;t have any issue with replication and inter site happens fast and intrasite in 3 minutes.

so if I take backup of all three PC and do it in 1 at a time will it cause problem. I know I can;t delete domain dns zone and forest dns zone on all 3 DC at once.

Just wanted to make sure.

and under ntdsutil : domain management doesn't work. Am I missing any thing.

I would very much appreciate if someone send me the steps to fix the issue (and not create any more)

Thanks
event1801.jpg
LVL 5
KmitraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDave242Commented:
What is the text of that error, if you don't mind?
0
KmitraAuthor Commented:
The partition DC=DomainDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

&

The partition DC=ForestDnsZones,DC=blabla,DC=com should be hosted at site CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=blabla,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

Thanks
0
d_nedelchevCommented:
You can try the steps described here (posts by T.G. Tran and Jim VanDyke).

Another thing that you can try is to increase logging level for the NTDS service in order to get more detailed information about the problem:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics]
"1 Knowledge Consistency Checker"=dword:00000000

Open in new window


Set the value to 1 or 2. The maximum logging level is 5, but it will flood the Directory Service log.

Reboot the DC and see if the increased logging level can shed some light on the issue.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Nirmal SharmaSolution ArchitectCommented:
When did you implemented 2nd DC in environment? and did you perform various tests to make sure DC Replication is working properly?

All partitions a DC hosts must be initialized first with a partner before it can sync.

You have replication issue between these two servers. Did you check if there any DNS errors on both the DCs?

-----
Sys.
0
ZenVenkyArchitectCommented:
I have 2 Domain controllers in 2 different OU is showing this Event ID 1801

I need clarification on this, when you open ADUC where do you see 2 DCs? Is it in Domain Controllers OU or both are in different OUs.

If both the DCs are in different OUs then that's the issue.
0
Nirmal SharmaSolution ArchitectCommented:
Agreed with zenvenky..

You should not move DCs from its default OU which is "Domain Controllers " OU.

-----
Sys.
0
KmitraAuthor Commented:
I meant I have 2 DC (GC) in 2 sites. Sorry to confuse everyone. Each site has 2 DC's and .


Both sites had 1 DC to begin with and I added another DC for fault tolarance . I don't have any DNS replication or any replication issue I can see. User changes get propagated rightway with in the site and intersite every 5 minutes.

None of the server has any event warning for DNS . and only 1 DC per sites shows 1801.

Hope that helps.

Thanks
0
d_nedelchevCommented:
Did you run DCDiag.exe on the DCs that log the error?

dcdiag.exe /v /f:dcdiag.log

or

dcdiag.exe /v /c /f:dcdiag.log
0
KmitraAuthor Commented:
0
d_nedelchevCommented:
Well, I can't find any further information about the problem in those logs. So far all threads regarding this event id which I found on the web suggest that the Application Partition is corrupt and has to be recreated. So this is the procedure:

Start -> Run -> cmd [Enter]

ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server DC3
server connections: q
domain management: list
you should see something like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
3 - DC=DomainDNSZones, DC=blabla, DC=com.
3 - DC=ForestDNSZones, DC=blabla, DC=com.
domain management: delete NC DC=DomainDNSZones,DC=blabla,DC=com
domain management: delete NC DC=ForestDNSZones,DC=blabla,DC=com
domain management: list
now the output should look like this:
0 - CN=Configuration, DC=blabla, DC=com.
1 - DC=blabla, DC=com.
2 - CN=Schema, CN=Configuration, DC=blabla, DC=com.
domain management: q
ntdsutil: q

Now re-create the Application Partition:

DnsCmd DC3 /CreateDirectoryPartition DomainDNSZones.blabla.com
DnsCmd DC3 /CreateDirectoryPartition ForestDNSZones.blabla.com

Or run dnsmgmt.msc -> right-click on the DC3 node -> Create Default Application Directory Partitions...


Here is the thread on the Microsoft TechNet - check the last post.



All this assuming that DC3 is your DNS server, or at least one of them.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KmitraAuthor Commented:
Yes DC3 is 1 DNS server. Its also the FSMO role Holder. That Being said is it ok to perform the above mention task on it ?

Please reply. I can do on the other Server on site 2 which is a DC,GC and DNS. But to me its originating from DC3 as all the default connection is with Dc3. Solving the issue on DC3 will resolve on the other server. So once you confirm I will proceed. I will do a VMzip for DC3.

I truely appreciate you taking time for this issue.

Thanks y'all
0
d_nedelchevCommented:
It looks like you will have to backup your DNS Zones before the procedure and restore the afterwards:


Backup:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /EnumZones
DnsCmd /ZoneExport blabla.com .\backup\blabla.com.dns.BAK
DnsCmd /ZoneExport _msdcs.blabla.com .\backup\_msdcs.blabla.com.dns.BAK


Restore:
Start -> Run -> cmd [Enter]
cd /D %SYSTEMROOT%\System32\dns\
DnsCmd /ZoneAdd blabla.com /Primary /file .\backup\blabla.com.dns.BAK /load
DnsCmd /ZoneResetType blabla.com /DsPrimary
DnsCmd /Config blabla.com /AllowUpdate 2
DnsCmd /ZoneAdd _msdcs.blabla.com /Primary /file .\backup\_msdcs.blabla.com.dns.BAK /load
DnsCmd /ZoneResetType _msdcs.blabla.com /DsPrimary
DnsCmd /Config _msdcs.blabla.com /AllowUpdate 2

Here is the source for a PowerShell script for Backup & Restore.


My setup is with single DC though and it's 2003 so I cannot give any guarantee of success, but I just went through the procedure and it carried out just fine. The only thing I can add is that after you delete the NCs you must eather wait for the changes to replicate to the other DCs and especialy to the other DNS servers or force the replication.

Another thing... in 2008 the domain management is obviously changed to partition management
0
KmitraAuthor Commented:
Well It looks like the last 1801 was seen at 3:01pm CST and no more .

So looks like you did it. Great Help. I will keep my eyes open for any other issue. Will keep you posted.

Thanks
0
KmitraAuthor Commented:
SOLVED Even ID 1801 in Windows Server 2008 R2.
This will help so many other Techies. Simple steps and Event ID 1801 is a HISTORY.

Thank You very much.
0
d_nedelchevCommented:
Glad to help, but I have one suggestion. May be you should mark my last post (ID: 38860993) as part of the solution as well, because it is prerequisite for the procedure of re-creating the DNS Application Partition. Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.