JesusFreak42
asked on
Event ID 1311 ActiveDirectory_DomainService Windows Server 2008R2
I just cleaned out a Kerberos Event ID 4 from our server, however we also have the event ID quoted below happening. This is a Windows Server 2008 R2 domain controller at one of three locations.
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=company,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=company,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Few questions and suggestions:
1. How many sites do you have?
2. How many DCs are there in each site?
3. Is that error message reported on all DCs?
4. Ensure Firewall is not blocking the traffic between sites for DCs
5. Check DNS is functioning correctly
6. In VPN connection between sites what is MTU size configured?
7. Run DCdiag and netdiag and look for issues on all DCs or at least on DC where KCC issue reported
8. Run repadmin /showrepl to verify AD replication
1. How many sites do you have?
2. How many DCs are there in each site?
3. Is that error message reported on all DCs?
4. Ensure Firewall is not blocking the traffic between sites for DCs
5. Check DNS is functioning correctly
6. In VPN connection between sites what is MTU size configured?
7. Run DCdiag and netdiag and look for issues on all DCs or at least on DC where KCC issue reported
8. Run repadmin /showrepl to verify AD replication
ASKER
Ok. Spent some time cleaning out a LOT of bad DNS info. Seems pretty clean now. But replication is still failing. Could this be a problem with the Cisco VPN? MTU size?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER