Solved

AD KCC Error

Posted on 2013-06-10
2
3,011 Views
Last Modified: 2013-09-03
I have Active directory 2008 R2 and I am seeing this errors on only one domain controller.  I checked some  forums that indicated objects no longer in use and found some in Sites and Services.  I waited 24 hrs but still getting the errors.   Has anyone ran into these errors and what would be the cause?  Here are the errors/warning:


Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          6/10/2013 9:29:23 AM
Event ID:      1865
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      XXXXXXX
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
 
Sites:
CN=XXXXXXXXX,CN=Sites,CN=Configuration,DC=XXXX,DC=XXX
 
 
 
Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          6/10/2013 9:29:23 AM
Event ID:      1311
Task Category: Knowledge Consistency Checker
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      XXXXXXX
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 
Directory partition:
CN=Configuration,DC=XXXX,DC=XXX
 
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
 
Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          6/10/2013 9:29:23 AM
Event ID:      1566
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      XXXXXX
Description:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
 
Site:
CN=XXXXXXX,CN=Sites,CN=Configuration,DC=XXXX,DC=XXX
Directory partition:
CN=Configuration,DC=XXXX,DC=XXX
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=XXXX,DC=XXX
0
Comment
Question by:hbpub
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39234879
It seems to be DNS name resolution issue or or necessary ports are not fully opened between locations or network connectivity issue.Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
 
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
 Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
 
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Active Directory and Active Directory Domain Services Port Requirements.
 http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
 
Troubleshooting Event ID 1311: Knowledge Consistency Checker:
 http://support.microsoft.com/kb/214745
 
Event ID 1566 — Network Name Resource Availability:
http://technet.microsoft.com/en-us/library/dd353930(WS.10).aspx
 
Event ID 1865 — KCC Replication Path Computation:
 http://technet.microsoft.com/en-us/library/cc756648(WS.10).aspx
 
Can you post the following to further help us diagnose this?
 
•Unedited ipconfig /all from each DC
•A PortQry result- (just post any "FILTERED" or "NOT LISTENING" in the results)
 •Dcdiag /q and repadmin /replsum output

Reference link:http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9a65c9f3-9f5e-4284-ad57-b838680cf0c5

Hope this helps
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39234888
In addition if there are intances of server which  is removed from network and still present in AD then run metadata cleanup to remove the same.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question