Active Directory Site Replication
I have six sites set up in AD and for some reason in Sites and Services it keeps automatically generating connections between one particular site and all of the rest of them. This particular site is not the PDC or the holder of any FSMO role. I deleted the connections and added it so they all replicate with the PDC, but after a while it re-creates the connections between that same particular site and the rest.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi ccwestbrook, Mike
Bridge all site links is enabled by default and when disabled relies on manual bridges being created by an administrator. But is only applicable when there are no DC's within an intermediary site to perform partition replication. hence why we create the bridge to allow partition replication to remote sites beyond a single link where DCs are present.
This does not seem to be related to the scenario in hand. Also yes the KCC runs every 15 minutes "by default" however the original post seemed to indicate to me that the connections reappeared over a longer period of time. The KCC only re-creates connectors between DCs within a site boundary, it is then the role of ISTG to establish connection relationships between sites. So this would be indicative of a longer timeframe being required to re-establish all links.
This kind of latency can also be a result of interference and the deletion of the automatically created replication connectors, essentially isolating the DCs from each other. and whilst the KCC runs every 15 minutes, it sometimes does not manage to re-create the links on older DC platforms until a reboot cycle has been performed allows an opposite side of a connector to be re-established as it is part of the netlogon process that registers the DC and Site SRV records that are dependencies for the connectors discovery process.
Ideally whilst even the ISTG role holder for a site can be nominated by an administrator, as mentioned before for an environment of this size it should be left alone.
So this problem may be related to someone specifying ISTG role holders and controlling the links at the site level.
Alternatively, it may be even simpler than that.
It could be possible that someone has misunderstood the structure required for Site-Links and that they must follow the physical site design.
In this manner, it may be the case that someone has created site-links from their site which we'll call HQ to all the other sites in the environment, thinking that this is a good thing. Of course if it is not reflective of the physical environment it is not good at all,
So, if AD thinks we have this hub and spoke design, then yes it would create links from the hub site to all the spoke "satellite" sites.
If that is the case, it will be necessary to re-create the sites-links, the sites can stay as they are, do not delete these, well you can't anyway without ejecting the DCs from them.
Regards,
NadeemV
Bridge all site links is enabled by default and when disabled relies on manual bridges being created by an administrator. But is only applicable when there are no DC's within an intermediary site to perform partition replication. hence why we create the bridge to allow partition replication to remote sites beyond a single link where DCs are present.
This does not seem to be related to the scenario in hand. Also yes the KCC runs every 15 minutes "by default" however the original post seemed to indicate to me that the connections reappeared over a longer period of time. The KCC only re-creates connectors between DCs within a site boundary, it is then the role of ISTG to establish connection relationships between sites. So this would be indicative of a longer timeframe being required to re-establish all links.
This kind of latency can also be a result of interference and the deletion of the automatically created replication connectors, essentially isolating the DCs from each other. and whilst the KCC runs every 15 minutes, it sometimes does not manage to re-create the links on older DC platforms until a reboot cycle has been performed allows an opposite side of a connector to be re-established as it is part of the netlogon process that registers the DC and Site SRV records that are dependencies for the connectors discovery process.
Ideally whilst even the ISTG role holder for a site can be nominated by an administrator, as mentioned before for an environment of this size it should be left alone.
So this problem may be related to someone specifying ISTG role holders and controlling the links at the site level.
Alternatively, it may be even simpler than that.
It could be possible that someone has misunderstood the structure required for Site-Links and that they must follow the physical site design.
In this manner, it may be the case that someone has created site-links from their site which we'll call HQ to all the other sites in the environment, thinking that this is a good thing. Of course if it is not reflective of the physical environment it is not good at all,
So, if AD thinks we have this hub and spoke design, then yes it would create links from the hub site to all the spoke "satellite" sites.
If that is the case, it will be necessary to re-create the sites-links, the sites can stay as they are, do not delete these, well you can't anyway without ejecting the DCs from them.
Regards,
NadeemV
Hi,
Remove the connection object then follow below step,
Remove the site link with the site you don't want to establish connection or don't want KCC to create connection object. You can find the site link in "Intersite Transports" in dssite.msc console.
After performing above step, run repadmin /kcc which would re-calculate the availability and creates the connection object based on cost and link availability..,
Remove the connection object then follow below step,
Remove the site link with the site you don't want to establish connection or don't want KCC to create connection object. You can find the site link in "Intersite Transports" in dssite.msc console.
After performing above step, run repadmin /kcc which would re-calculate the availability and creates the connection object based on cost and link availability..,
Hi Vin_Shooter,
Reapadmin /kcc will not re-create Site Links.
The only Site LInk that is created automatically is the "Default First Site Name Link", which contains the first site that is part of the automatic creation of your environment.
The KCC will establish the replication connectors between the DCs, based on the Site-Links that are created. Hence why the behaviour exhibited may be down to incorrect Site-Link configuration as I mentioned earlier.
Deleting the site links and running repadmin /kcc will result in only replication connectors within the site of the DC you execute the command against being re-created.
The correct method would be:
1. Ensure that the correct DCs are within the site boundaries.
2. Ensure that Subnets are associated to the Site boundaries correctly
3. Analyse your Wan Design to determine the Site-Links
1. Delete any incorrectly configured Site-Links by
5. Re-create the Site-Links as they should be represented
Now you can run the KCC and ensure that the connections are re-created between the DCs within a site boundary correctly.
Executing the KCC on a DC that is an ISRG role holder will also trigger the ISTGH to generate connections between the nominated bridgehead servers within different site boundaries.
Regards,
NadeemV
Reapadmin /kcc will not re-create Site Links.
The only Site LInk that is created automatically is the "Default First Site Name Link", which contains the first site that is part of the automatic creation of your environment.
The KCC will establish the replication connectors between the DCs, based on the Site-Links that are created. Hence why the behaviour exhibited may be down to incorrect Site-Link configuration as I mentioned earlier.
Deleting the site links and running repadmin /kcc will result in only replication connectors within the site of the DC you execute the command against being re-created.
The correct method would be:
1. Ensure that the correct DCs are within the site boundaries.
2. Ensure that Subnets are associated to the Site boundaries correctly
3. Analyse your Wan Design to determine the Site-Links
1. Delete any incorrectly configured Site-Links by
5. Re-create the Site-Links as they should be represented
Now you can run the KCC and ensure that the connections are re-created between the DCs within a site boundary correctly.
Executing the KCC on a DC that is an ISRG role holder will also trigger the ISTGH to generate connections between the nominated bridgehead servers within different site boundaries.
Regards,
NadeemV
Hi
Refer below article...Subject line will only tell you the fact
You Are Not Smarter Than The KCC
http://blogs.technet.com/b/markmoro/archive/2012/10/26/3445433.aspx
Refer below article...Subject line will only tell you the fact
You Are Not Smarter Than The KCC
http://blogs.technet.com/b/markmoro/archive/2012/10/26/3445433.aspx
Hi NadeemV,
I haven't commented that repadmin /kcc would create site Link!!!!!!!
Kindly go through my above comment properly one more time.
Hope my english is not that bad...., :)
Step1: Have requested the questioner to remove the connection object and then the site link.
Step2: Asked questioner to run repadmin /kcc which would recalculates and creates the connection object....,
I haven't commented that repadmin /kcc would create site Link!!!!!!!
Kindly go through my above comment properly one more time.
Hope my english is not that bad...., :)
Step1: Have requested the questioner to remove the connection object and then the site link.
Step2: Asked questioner to run repadmin /kcc which would recalculates and creates the connection object....,
Hi Vin_Shooter,
I have re-read your response and agree that you only said to delete the links that were not required and did not specify that KCC would re-create the site links.
However, I had already provided the answer and it may not be only a case of removing the site-links not required but also creating those that are now required in accordance to the actual wan topology,
This is why I responded saying KCC was not the complete answer, so I in turn also direct you to re-read my earlier response to yours. for your convenience I have pasted the section from my first response below.
"So, if AD thinks we have this hub and spoke design, then yes it would create links from the hub site to all the spoke "satellite" sites.
If that is the case, it will be necessary to re-create the sites-links, the sites can stay as they are, do not delete these, well you can't anyway without ejecting the DCs from them.
"
Regards,
NadeemV
I have re-read your response and agree that you only said to delete the links that were not required and did not specify that KCC would re-create the site links.
However, I had already provided the answer and it may not be only a case of removing the site-links not required but also creating those that are now required in accordance to the actual wan topology,
This is why I responded saying KCC was not the complete answer, so I in turn also direct you to re-read my earlier response to yours. for your convenience I have pasted the section from my first response below.
"So, if AD thinks we have this hub and spoke design, then yes it would create links from the hub site to all the spoke "satellite" sites.
If that is the case, it will be necessary to re-create the sites-links, the sites can stay as they are, do not delete these, well you can't anyway without ejecting the DCs from them.
"
Regards,
NadeemV
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
http://technet.microsoft.com/en-us/library/dd736189(v=ws.10).aspx
The KCC runs every 15 minutes and I'm guessing that is when you are seeing your new connection objects
Thanks
Mike