AD Replication Issues - Event ID's 1865, 1311, 1566

-

i have small domain: joneswaldo.com 

i have 3 domain controllers in main office: jwpdc, jwcms, jwisp

i have 4 domain controllers offsite connected on ipsec vpn tunnels main office: jwstg, jwpc, jwcm, , jwuc

one of domain controllers offsite jwcm having ad replication issues, , cannot browse other domain controller jwcm unc when logon failure: target account name incorrect. if stop kerberos key distribution center service , set manual, reboot server can browse other dc's. help!

directory service logs:

        

event 1865:

knowledge consistency checker (kcc) unable form complete spanning tree network topology. result, following list of sites cannot reached local site. 

sites: 
cn=stgeorge,cn=sites,cn=configuration,dc=joneswaldo,dc=com 
cn=parkcity,cn=sites,cn=configuration,dc=joneswaldo,dc=com 
cn=saltlakecity,cn=sites,cn=configuration,dc=joneswaldo,dc=com 
cn=utahcounty,cn=sites,cn=configuration,dc=joneswaldo,dc=com 

event 1311:

knowledge consistency checker (kcc) has detected problems following directory partition. 

directory partition:
cn=configuration,dc=joneswaldo,dc=com 

there insufficient site connectivity information in active directory sites , services kcc create spanning tree replication topology. or, 1 or more domain controllers directory partition unable replicate directory partition information. due inaccessible domain controllers. 

user action 
use active directory sites , services perform 1 of following actions: 
- publish sufficient site connectivity information kcc can determine route directory partition can reach site. preferred option. 
- add connection object domain controller contains directory partition in site domain controller contains same directory partition in site. 

if neither of active directory sites , services tasks correct condition, see previous events logged kcc identify inaccessible domain controllers.

more information, see , support center @ http://go.microsoft.com/fwlink/events.asp.

event 1566:

domain controllers in following site can replicate directory partition on transport unavailable. 

site:
cn=utahcounty,cn=sites,cn=configuration,dc=joneswaldo,dc=com 
directory partition:
cn=configuration,dc=joneswaldo,dc=com 
transport:
cn=ip,cn=inter-site transports,cn=sites,cn=configuration,dc=joneswaldo,dc=com

frs logs:

event 13508:  

the file replication service having trouble enabling replication jwpdc jwcm c:\windows\sysvol\domain using dns name jwpdc.joneswaldo.com. frs keep retrying. 
 following of reasons see warning. 

 [1] frs can not correctly resolve dns name jwpdc.joneswaldo.com computer. 
 [2] frs not running on jwpdc.joneswaldo.com. 
 [3] topology information in active directory replica has not yet replicated domain controllers. 

event log message appear once per connection, after problem fixed see event log message indicating connection has been established.

it seems dns name resolution issue or or necessary ports not opened between locations or network connectivity issue.portquery free tool ms can downloaded , installed verify necessary ports opened or not.

also, disable local windows firewall service, default enabled in vista/windows 2008 , above. check network connectivity , latency.
disable windows firewall:http://technet.microsoft.com/en-us/library/cc766337(ws.10).aspx

active directory , active directory domain services port requirements.
http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx

ensure following dns setting on dc:
1. each dc / dns server points private ip address primary dns server , other remote/local dns servers secondary in tcp/ip properties.
2. each dc has 1 ip address , single network adapter enabled.
3. contact isp , valid dns ips them , add in forwarders, not set public dns server in tcp/ip setting of dc.
4. once done, run "ipconfig /flushdns & ipconfig /registerdns", restart dns , netlogon service each dc.
not put private dns ip addresses in forwarder list.
5.assigning static ip address dc if ip address assigned dhcp server dc.it not recommended

troubleshooting event id 1311: knowledge consistency checker:

http://support.microsoft.com/kb/214745

event id 1566 — network name resource availability:

http://technet.microsoft.com/en-us/library/dd353930(ws.10).aspx

event id 1865 — kcc replication path computation:

http://technet.microsoft.com/en-us/library/cc756648(ws.10).aspx

can post following further diagnose this?

•unedited ipconfig /all each dc
•a portqry result- (just post "filtered" or "not listening" in results)
•dcdiag /q , repadmin /replsum output

hope helps

best regards,

sandesh dubey.

mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog

disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

2008 Windows Deployment Server Properties Error

-
currently wading through setup , configuration of wds on 2008 server. have captured xp sp2 image , purposes of testing not prestaging. pxe response settings have been set "respond (known & unknown) client computers" leaving "for unknown clients, notify administrator etc" unchecked when ok properties sheet error "server properties error" "the system cannot find file specified" when attempting use command "wdsutil /approve-autoadddevices /requestid:1" in response pending devices within gui "an error occurred while trying execute command. error code: 0x6 error description: access denied" surely if not attempting add workstations domain (no prestaging) there shouldn't problem. any appreciated  answering part of own question although if can explain reason appreciated. server properties error occurs when launching windows deployment services using start>all programs>administrative tools. if access via server manager...
Read more

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

-
hi, i'm new server 2003.  installed it.  removed enhanced ie security.  proceed download , install windows server 2003 sp1, of dot net (1.1, 2.0, 3.0, 3.5, , updates), , sp2. after downloaded , installed of above, tried windows update menu option in ie.  (ie 8 windows server 2003) , sits there "done" in lower left hand corner.  never brings in window. so try www.microsoft.com -> download , trails -> update.  received error message "files required use microsoft update no longer registered or installed on computer".  click on register or reinstall files me now.  window changes , "check latest version of windows updating software .... ".   sits there (last time sat there on hour). i went on internet , found instructions: regsvr32 wuapi.dll regsvr32 wups.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 atl.dll regsvr32 msxml3.dll did not work either.  have other suggestions?...
Read more

How do a find data in one file, search for it in another file and if not found, write a custom message to another file

-
in file if.txt, starting on 2nd line of file, data formatted follows: ah10551,a10551,cn=a10551,a10551@qts.com ah10600,a10600,cn=a10600,a10600@qts.com ah10608,a10608,cn=a10608,a10608@qts.com in file sf.txt, data formatted follows: 2011-02-16 17:26:44 sid acme\ah10551 added sid history of qts\a10551 2011-02-16 17:26:44 sid acme\ah10244 added sid history of qts\a10244 2011-02-16 17:26:45 sid acme\ah10425 added sid history of qts\a10425 please provide suggestions on how following: 1. in if.txt file, read first field first ',' , store in variable called $if1 2. in sf.txt file, search for the value stored in $if1 , if found, ignore.  if not found, write custom message in another file such as: $if1 sidhistory not migrated. these files wont large.  im trying build 'exception file' of items in if.txt file not occurring in sf.txt file. thanks in advance ideas. mtv99 many ways that... here's one... (using example data) [array]$if1=@() gc d:\if.txt...
Read more