Solved

Event ID 1311 ActiveDirectory_DomainService Windows Server 2008R2

Posted on 2014-11-12
5
933 Views
Last Modified: 2014-12-04
I just cleaned out a Kerberos Event ID 4 from our server, however we also have the event ID quoted below happening. This is a Windows Server 2008 R2 domain controller at one of three locations.  



The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 
Directory partition:
DC=company,DC=local
 
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
 
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
 
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
0
Comment
Question by:JesusFreak42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 500 total points
ID: 40437891
Sounds like you have DCs in multiple sites and there could be connectivity issue between sites. It is also possible that you have decommissioned DC in AD Sites and Services. Open AD Sites and Services and expand all sites. Check for any DC that has been decommissioned.
0
 

Author Comment

by:JesusFreak42
ID: 40438437
There is no decommissioned DC in AD S&S. We already looked around for that. As far as connectivity, the internet connection between the sites is only Comcast broadband, but the plans are pretty fast and there haven't been any real issues. Other possibilities, and or solutions?
0
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40439540
Few questions and suggestions:

1. How many sites do you have?
2. How many DCs are there in each site?
3. Is that error message reported on all DCs?
4. Ensure Firewall is not blocking the traffic between sites for DCs
5. Check DNS is functioning correctly
6. In VPN connection between sites what is MTU size configured?
7. Run DCdiag and netdiag and look for issues on all DCs or at least on DC where KCC issue reported
8. Run repadmin /showrepl to verify AD replication
0
 

Author Comment

by:JesusFreak42
ID: 40446050
Ok. Spent some time cleaning out a LOT of bad DNS info. Seems pretty clean now. But replication is still failing. Could this be a problem with the Cisco VPN? MTU size?
0
 
LVL 5

Assisted Solution

by:Abdul Khadja Alaoudine
Abdul Khadja Alaoudine earned 500 total points
ID: 40446144
One of my question was about VPN MTU size. Yes, it could be because of it.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question