1311 & 1566 errors in Event Log - Active Directory will not replicate + FIX

  • Thread starter Thread starter cdc_1977
  • Start date Start date
C

cdc_1977

I started to see error cropping up regarding the following in our
Directory Service event log:

Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 10/6/2003
Time: 7:08:23 AM
User: N/A
Computer: DCPOP
Description:
The Directory Service consistency checker has determined that either
(a) there is not enough physical connectivity published via the Active
Directory Sites and Services Manager to create a spanning tree
connecting all the sites containing the Partition
CN=Configuration,DC=terrior,DC=com, or (b) replication cannot be
performed with one or more critical servers in order for changes to
propagate across all sites (most often due to the servers being
unreachable).

For (a), please use the Active Directory Sites and Services Manager to
do one of the following:
1. Publish sufficient site connectivity information such that the
system can infer a route by which this Partition can reach this site.
This option is preferred.
2. Add an ntdsConnection object to a Domain Controller that contains
the Partition CN=Configuration,DC=terrior,DC=com in this site from a
Domain Controller that contains the same Partition in another site.

For (b), please see previous events logged by the NTDS KCC source that
identify the servers that could not be contacted.

Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1566
Date: 10/6/2003
Time: 7:08:23 AM
User: N/A
Computer: DCPOP
Description:
All servers in site CN=HURST,CN=Sites,CN=Configuration,DC=terrior,DC=com
that can replicate partition CN=Configuration,DC=terrior,DC=com over
transport CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=terrior,DC=com are currently
unavailable.

I noticed in Active Directory Replication Monitor when I would try to
replicate from DCPOP to DCTOP at another site it would give me the
error:
The DSA operation is unable to proceed because of a DNS lookup
failure.

Although DCTOP could replicate to DCPOP.

I applied hotfix Q819249 with no luck. Same errors.....

Finally I noticed on DCTOP's DNS terrior.com|_msdcs had a CNAME entry
for DCPOP but DCPOP did not have a CNAME entry for DCTOP. So I copied
the CNAME entry to DCPOP's DNS and it fixed the problem.

Errors went away and replication now works!!!
 
Back
Top