Solved

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology error following PDC HDD restore from backup

Posted on 2015-01-08
13
1,156 Views
1 Endorsement
Last Modified: 2015-01-09
Hi There,

I have a single domain with 2 sites connected over site-to-site VPN.

Site A

Server1 (SBS 2003)
Server3 (Windows 2008)

Site B

Server2 (Windows 2003)

Today the HDD on Site A PDC server1 crashed. My only option was to restore using a three days old backup copy from Symantec System Restore V10.

The restore process was straight forward and in less than 30 min the server was up and running again however I can now see on the event viewer on server1 few errors regarding The Knowledge Consistency Checker (KCC).

server 1 ev
I can ping from between all servers and the VPN link in up and running fine.

Thanks for your advise.
1
Comment
Question by:Rod_2012
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40539345
Run the following commands to get more info.
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
dcdiag /v
dcdiag /dnsall

The followling link will also help correct the 1865 event id issue regarding KCC.
KCC Replication Path Computation

Will.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40539362
Could be caused by multiple issues:

1.  DC record is not updated in DSN
2.  Google USN rollback and resolve it (ensure to take System State backup of both DCs)
3.  Refer to this link:  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28459578.html

My suggestion would be to demote the problematic DC and promote it again
0
 

Author Comment

by:Rod_2012
ID: 40539370
C:\>repadmin /replsum
Replication Summary Start Time: 2015-01-09 01:39:26

Beginning data collection for replication summary, this may take awhile:
  ......


Source DC           largest delta  fails/total  %%  error
 SERVER1               21h:46m:14s   10 /  10  100  (2148074274) Can't retri...
 SERVER2                   47m:46s    0 /  10    0
 SERVER3                   46m:06s    0 /  10    0






C:\>repadmin /replsum
Replication Summary Start Time: 2015-01-09 01:39:26

Beginning data collection for replication summary, this may take awhile:
  ......


Source DC           largest delta  fails/total  %%  error
 SERVER1               21h:46m:14s   10 /  10  100  (2148074274) Can't retri...
 SERVER2                   47m:46s    0 /  10    0
 SERVER3                   46m:06s    0 /  10    0





C:\>repadmin /showrepl

repadmin running command /showrepl against server localhost

SITEA\SERVER1
DC Options: IS_GC
Site Options: (none)
DC object GUID: 844c0245-660f-4546-b7b6-dd3914548935
DC invocationID: 9c709aa2-9b59-400d-9468-ae3d69fa2030

==== INBOUND NEIGHBORS ======================================

DC=DOMAIN,DC=local
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:04 was successful.
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.

CN=Configuration,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:05 was successful.

CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.

DC=DomainDnsZones,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.

DC=ForestDnsZones,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.



C:\>repadmin /replsum
Replication Summary Start Time: 2015-01-09 01:39:26

Beginning data collection for replication summary, this may take awhile:
  ......


Source DC           largest delta  fails/total  %%  error
 SERVER1               21h:46m:14s   10 /  10  100  (2148074274) Can't retri...
 SERVER2                   47m:46s    0 /  10    0
 SERVER3                   46m:06s    0 /  10    0





C:\>repadmin /showrepl

repadmin running command /showrepl against server localhost

SITEA\SERVER1
DC Options: IS_GC
Site Options: (none)
DC object GUID: 844c0245-660f-4546-b7b6-dd3914548935
DC invocationID: 9c709aa2-9b59-400d-9468-ae3d69fa2030

==== INBOUND NEIGHBORS ======================================

DC=DOMAIN,DC=local
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:04 was successful.
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.

CN=Configuration,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:05 was successful.

CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.

DC=DomainDnsZones,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.

DC=ForestDnsZones,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.


C:\>repadmin /bridgeheads

repadmin running command /bridgeheads against server localhost

Gathering topology from site SITEA (SERVER1.DOMAIN.local):

Bridgeheads for site SITEB (Server2.DOMAIN.local):
             Source Site    Local Bridge  Trns         Fail. Time    #    Status

         ===============  ==============  ====  =================   ===  =======
=
                  SITEA         SERVER2Assertion     IP 2015-01-08 03:53:12   3
   Can't retrieve message string -2146893022 (0x80090322), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration
                  SITEA         SERVER2Assertion     IP             (never)   0
   Can't retrieve message string 0 (0x0), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration

Bridgeheads for site SITEA (SERVER1.DOMAIN.local):
             Source Site    Local Bridge  Trns         Fail. Time    #    Status

         ===============  ==============  ====  =================   ===  =======
=
                  SITEB         SERVER1Assertion     IP             (never)   0
   Can't retrieve message string 0 (0x0), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration


        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.

DC=ForestDnsZones,DC=DOMAIN,DC=local
    SITEA\SERVER3 via RPC
        DC object GUID: 113f7543-bf09-4656-bf28-784509f69ff3
        Last attempt @ 2015-01-09 00:59:05 was successful.
    SITEB\SERVER2 via RPC
        DC object GUID: 8e9feefd-b6a3-48ac-aaf0-e5b2e99ab42b
        Last attempt @ 2015-01-09 00:59:06 was successful.


C:\>repadmin /bridgeheads

repadmin running command /bridgeheads against server localhost

Gathering topology from site SITEA (SERVER1.DOMAIN.local):

Bridgeheads for site SITEB (Server2.DOMAIN.local):
             Source Site    Local Bridge  Trns         Fail. Time    #    Status

         ===============  ==============  ====  =================   ===  =======
=
                  SITEA         SERVER2Assertion     IP 2015-01-08 03:53:12   3
   Can't retrieve message string -2146893022 (0x80090322), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration
                  SITEA         SERVER2Assertion     IP             (never)   0
   Can't retrieve message string 0 (0x0), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration

Bridgeheads for site SITEA (SERVER1.DOMAIN.local):
             Source Site    Local Bridge  Trns         Fail. Time    #    Status

         ===============  ==============  ====  =================   ===  =======
=
                  SITEB         SERVER1Assertion     IP             (never)   0
   Can't retrieve message string 0 (0x0), error 1815.
                 DomainDnsZones ForestDnsZones DOMAIN Configuration


C:\>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine SERVER1, is a DC.
   * Connecting to directory service on server SERVER1.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 3 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: SITEA\SERVER1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SERVER1 passed test Connectivity

Doing primary tests

   Testing server: SITEA\SERVER1
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=DomainDnsZones,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
         ......................... SERVER1 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SERVER1.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=DOMAIN,DC=local
            (Domain,Version 2)
         ......................... SERVER1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SERVER1\netlogon
         Verified share \\SERVER1\sysvol
         ......................... SERVER1 passed test NetLogons
      Starting test: Advertising
         The DC SERVER1 is advertising itself as a DC and having a DS.
         The DC SERVER1 is advertising as an LDAP server
         The DC SERVER1 is advertising as having a writeable directory
         The DC SERVER1 is advertising as a Key Distribution Center
         The DC SERVER1 is advertising as a time server
         The DS SERVER1 is advertising as a GC.
         ......................... SERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN
=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN
=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN=Si
tes,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN=Si
tes,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Serve
rs,CN=SITEA,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... SERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3109 to 1073741823
         * SERVER1.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2609 to 3108
         * rIDPreviousAllocationPool is 2609 to 3108
         * rIDNextRID: 2609
         ......................... SERVER1 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SERVER1 on DC SERVER1.
         * SPN found :LDAP/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/SERVER1.DOMAIN.local
         * SPN found :LDAP/SERVER1
         * SPN found :LDAP/SERVER1.DOMAIN.local/DOMAIN
         * SPN found :LDAP/844c0245-660f-4546-b7b6-dd3914548935._msdcs.DOMAIN.local

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/844c0245-660f-4546-b7
b6-dd3914548935/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local
         * SPN found :HOST/SERVER1
         * SPN found :HOST/SERVER1.DOMAIN.local/DOMAIN
         * SPN found :GC/SERVER1.DOMAIN.local/DOMAIN.local
         ......................... SERVER1 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
            IsmServ Service is stopped on [SERVER1]
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERVER1 failed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         SERVER1 is in domain DC=DOMAIN,DC=local
         Checking for CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local in domain
 DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN=Sites,
CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1
 servers
            Object is up-to-date on all servers.
         ......................... SERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERVER1 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 01/08/2015   23:05:47
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 01/09/2015   00:01:46
            (Event String could not be retrieved)
         ......................... SERVER1 failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minut
es.
         ......................... SERVER1 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   00:44:22
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:03:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:21:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:40:35
            (Event String could not be retrieved)
         ......................... SERVER1 failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on
         CN=SERVER1,CN=Servers,CN=SITEA,CN=Sites,CN=Configuration,DC=DOMAIN,DC=loc
al
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=DOMAIN,DC=local
         and backlink on CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local are
         correct.
         The system object reference (serverReferenceBL)
         CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=DOMAIN,DC=local
         and backlink on
         CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=SITEA,CN=Sites,CN=Configurat
ion,DC=DOMAIN,DC=local
         are correct.
         ......................... SERVER1 passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : DOMAIN
      Starting test: CrossRefValidation
         ......................... DOMAIN passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DOMAIN passed test CheckSDRefDom

   Running enterprise tests on : DOMAIN.local
      Starting test: Intersite
         Skipping site SITEB, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site SITEA, this site is outside the scope provided by the
         command line arguments provided.
         ......................... DOMAIN.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00003fd
         PDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00003fd
         KDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00003fd
         ......................... DOMAIN.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS




C:\>dcdiag /dnsall

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: SITEA\SERVER1
      Starting test: Connectivity
         ......................... SERVER1 passed test Connectivity

Doing primary tests

   Testing server: SITEA\SERVER1
      Starting test: Replications
         ......................... SERVER1 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER1 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER1 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER1 passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [SERVER1]
         ......................... SERVER1 failed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER1 failed test frsevent
      Starting test: kccevent
         ......................... SERVER1 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:03:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:21:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 01/09/2015   01:40:35
            (Event String could not be retrieved)
         ......................... SERVER1 failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : DOMAIN
      Starting test: CrossRefValidation
         ......................... DOMAIN passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DOMAIN passed test CheckSDRefDom

   Running enterprise tests on : DOMAIN.local
      Starting test: Intersite
         ......................... DOMAIN.local passed test Intersite
      Starting test: FsmoCheck
         ......................... DOMAIN.local passed test FsmoCheck

C:\>

Open in new window

0
 
LVL 24

Expert Comment

by:Sekar Chinnakannu
ID: 40539384
Did you checked the SERVER1? is the server 1 is up and running? may its down and causing the replication issue. Try to ping and make sure DNS config are correct
0
 

Author Comment

by:Rod_2012
ID: 40539393
SERVER1 is up and running.  I am connected to it from home over a VPN.

All the logs above it have extracted from SERVER1.

PING RESULTS:

SERVER1 -> SERVER2 OK
SERVER1 -> SERVER3 OK

SERVER2 -> SERVER1 OK
SERVER2 -> SERVER3 OK

SERVER3 -> SERVER1 OK
SERVER3 -> SERVER2 OK


I had a look on DNS server and I couldn't see anything wrong neither.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40540101
There is something definitely wrong with server one based on the replsum output. Have you checked the logs on this server? Is this server holding any fsmo roles?

Type netdom query fsmo

Will.
0
 
LVL 24

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40540611
This issue is caused by Kerberos and you need to reset the secure channel password.  Try the following:

1.  Stop KDC service and change startup from automatic to manual
2.  Run the following:  resetpwd /server:server IP /userD:user /passwordD:xxxxx  (i.e. netdom resetpwd /server:a.b.c.d /userD:administrator /passwordD:administratorpassword) and note that the IP address should be one of the working DCs IP, preferably the PDC
3.  Start KDC service and change startup to automatic
4.  Perform the tests which failed earlier again and see if it works
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40540621
One more thing, specify the userD: in form of /userD:domain\administrator
0
 

Author Comment

by:Rod_2012
ID: 40540667
Mohammed, thank you.

I am about to run the command on step number 2 you kindly suggested,  can you clarify please?

The problematic server is the PDC, SERVER1. I have another DC on same the same site, SERVER3.
Therefore I should run the command below from SERVER1 specifying SERVER3 (DC) as below?

netdom resetpwd /server:SERVER3 /userD:domain\administrator /passwordD:administratorpassword
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40540680
That is correct as it will reset the password on SERVER3.
0
 

Author Comment

by:Rod_2012
ID: 40540744
Happy Friday :-)


C:\Documents and Settings\Administrator>repadmin /replsum
Replication Summary Start Time: 2015-01-09 17:35:19

Beginning data collection for replication summary, this may take awhile:
  ......


Source DC           largest delta  fails/total  %%  error
 SERVER1                      :35s    0 /  10    0
 SERVER2                      :51s    0 /   5    0
 SERVER3                      :46s    0 /  10    0


Destination DC    largest delta    fails/total  %%  error
 SERVER1                      :51s    0 /  10    0
 SERVER2                      :27s    0 /  10    0
 SERVER3                      :36s    0 /   5    0
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40541187
Did this resolve the issue for you?
0
 

Author Comment

by:Rod_2012
ID: 40541302
Hi Mohammed,

Yes it did.

I had to run the same command again on site B on Server 2 to fix the secure connection. Force replication and everything is fine now.

Many thanks for your help.
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SBS 20011 to Office 365 7 55
Windows 2008 R2 _MSDSC Delegation 8 37
IIS 7.5 to 8.0 6 75
Active Directory screwed 9 34
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now