Link to home
Start Free TrialLog in
Avatar of InSearchOf
InSearchOfFlag for United States of America

asked on

Dcdiag failures on some of my domain controllers

We are running win 2008 R2 domain controllers. I am having some replication issues. I ran dcdiag and everything passed except the KCCevent test. I am also getting event id 1311 under active directory_domain service
Avatar of Manuel Flores
Manuel Flores
Flag of Spain image

It means; Not enough physical connectivity published at the Active Directory Sites and Services Manager

1.  It was running before?

2.  You must check the configuration under Active Directory Sites and Services Manager. Maybe some network changes (did you make any change?) don't match with that configuration.

3. Did you enable the windows firewall service?.  Could you by now stop the firewall if they are running?.  You'll find running; services.msc

..MFlores..
Avatar of InSearchOf

ASKER

1. Not sure if it was running before.
2. When I look at sites and services I some entries with weird numbers like a GUID
3. Windows Firewall is enabled
Disable, by now the windows firewall just to test.

Using the event viewer filter you are able to see form where this is happening, and how often are that events traced.
Alright. I stopped the service and I lost connectivity with site. One should have nothing to do with the other unless it is coincidental. Might be having an ISP issue
You should see something similar to this;

User generated image
and

User generated image
The DC are not being sincronized.  How long have been traced that even 1311 ?.  If time ago, I don't think it is an ISP problem.

Once you get access again, please check the inter-site transports.

So, the servers are in different locations... then you must have two sites defined under Active Directory Sites and services.

..MFlores..
yes I have different sites. When I check the NTDS settings for the different sites I se entries in there that look like a GUID.
ASKER CERTIFIED SOLUTION
Avatar of Manuel Flores
Manuel Flores
Flag of Spain image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Despite of the firewall, the AD objects let's say; users settings are replicated correctly?.

i.e. if you create a new user in the master AD, it is replicated to the other?
It is better if you can paste a screenshot of your current AD site and services config.

Find attached a running AD with 2 DC (one Windows 2003 + one Windows 2012) so you can see what a correct structure must show.
deh-ad-config.png
Tool:  Active Directory Replication Status Tool
https://www.microsoft.com/en-us/download/details.aspx?id=30005

I never have to use this tool yet, however seems specific for this issue.
Thanks for all the help. I have one last question about the "DEFAULTIPSITELINK". Should all my sites be included in that link?