Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
3 days, 10 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Computer object is not replicated from one DC to another after 24 hours lapsed ?
Posted on 2016-10-31
People,
Can anyone here please assist me in troubleshooting the AD domain controller replication where some of my AD computer object is not replicated after waiting for more than 24 hours from one DC to another ?
Here's some background information:
PRODDC67-VM --> Data Center Domain Controller.
PRODDC70-VM --> Remote Office Domain Controller.
This is the PortQry tool result from one DC to another above:
This is the error from the DCDIAG from PRODDC70-VM:
Any help would be greatly appreciated.
Thanks,
Can anyone here please assist me in troubleshooting the AD domain controller replication where some of my AD computer object is not replicated after waiting for more than 24 hours from one DC to another ?
Here's some background information:
PRODDC67-VM --> Data Center Domain Controller.
PRODDC70-VM --> Remote Office Domain Controller.
This is the PortQry tool result from one DC to another above:
portqry.exe -n PRODDC70-VM -e 135 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 137 -p UDP exits with return code 0x80000003.
portqry.exe -n PRODDC70-VM -e 138 -p UDP exits with return code 0x00000002.
portqry.exe -n PRODDC70-VM -e 139 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 3268 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 3269 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 389 -p BOTH exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 42 -p TCP exits with return code 0x00000001.
portqry.exe -n PRODDC70-VM -e 445 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 53 -p BOTH exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 636 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC70-VM -e 88 -p BOTH exits with return code 0x00000002.
portqry.exe -n PRODDC67-VM -e 135 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 137 -p UDP exits with return code 0x80000003.
portqry.exe -n PRODDC67-VM -e 138 -p UDP exits with return code 0x00000002.
portqry.exe -n PRODDC67-VM -e 139 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 3268 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 3269 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 389 -p BOTH exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 42 -p TCP exits with return code 0x00000001.
portqry.exe -n PRODDC67-VM -e 445 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 53 -p BOTH exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 636 -p TCP exits with return code 0x00000000.
portqry.exe -n PRODDC67-VM -e 88 -p BOTH exits with return code 0x00000002.
This is the error from the DCDIAG from PRODDC70-VM:
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 11/01/2016 17:21:00
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 11/01/2016 17:21:00
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 11/01/2016 17:21:00
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 11/01/2016 17:21:00
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 11/01/2016 17:21:00
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Any help would be greatly appreciated.
Thanks,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
4 Comments
Active 1 day ago
Niten,
This is the error result from the PRODDC67-VM
This is the error result from the PRODDC67-VM
PRODDC67-VM: Current time is 2016-11-01 10:23:40.
DC=ForestDnsZones,DC=MyDomain,DC=local
Last replication received from PRODDC70-VM at 2016-10-11 20:06:33
DC=DomainDnsZones,DC=MyDomain,DC=local
Last replication received from PRODDC70-VM at 2016-10-11 20:06:33
CN=Schema,CN=Configuration,DC=MyDomain,DC=local
Last replication received from PRODDC70-VM at 2016-10-11 20:06:32
CN=Configuration,DC=MyDomain,DC=local
Last replication received from PRODDC70-VM at 2016-10-11 20:06:32
DC=MyDomain,DC=local
Last replication received from PRODDC70-VM at 2016-10-11 20:06:32
Active today
Seems like you have connectivity issues since the last replication happened on 11-10-2016. Do you have two DCs in your environment only. Is the time on both dcs synchronized. Can you run repadmin /replsum and repadmin /syncall and see if you get any errors.
Active today
There is a technet thread with an error similar to yours on at the link below.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/e689b8d9-845e-4f2e-af6b-b237fb76ebb4/the-knowledge-consistency-checker-kcc-was-unable-to-form-a-complete-spanning-tree-network?forum=winserverDS
The issue was solved by registering the w32time...see link below:
https://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain-2/
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site
https://social.technet.microsoft.com/Forums/windowsserver/en-US/e689b8d9-845e-4f2e-af6b-b237fb76ebb4/the-knowledge-consistency-checker-kcc-was-unable-to-form-a-complete-spanning-tree-network?forum=winserverDS
The issue was solved by registering the w32time...see link below:
https://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain-2/
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory.
If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month3 days, 10 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.