Event code confusions

[Louis Walker]

I am getting two event codes between our home office and
one of our satellite offices. They are 1265 and 1311.
Both point to a lack of a SRV record or DNS lookup failure
when replication is tried. Looking within our DNS records
both DCs are listed in both a forward and reverse lookup
zone. I have eight other sites that are not experiencing
any issues. Just this one. Both zones are setup for
dynamic updates, the forward is AD integrated while the
reverse is primary only. Any ideas?

I have gone as far and demoting and promting the satellite
DC thinking something got hosed during that process but
the errors still occur.

 

[Kevin D. Goodknecht [MVP]]

In

I am getting two event codes between our home office and
one of our satellite offices. They are 1265 and 1311.
Both point to a lack of a SRV record or DNS lookup failure
when replication is tried. Looking within our DNS records
both DCs are listed in both a forward and reverse lookup
zone. I have eight other sites that are not experiencing
any issues. Just this one. Both zones are setup for
dynamic updates, the forward is AD integrated while the
reverse is primary only. Any ideas?

I have gone as far and demoting and promting the satellite
DC thinking something got hosed during that process but
the errors still occur.

This is one of these cases when it would help to see the entire event info.
Open the event in the event viewer and click the copy button and paste them
in the text of your reply.
Also post the ipconfig /all from the DC,

 

[Guest]

Event Type: Error
Event Source: NTDS KCC
Event Category: (1)
Event ID: 1311
Date: 3/19/2004
Time: 10:35:22 AM
User: N/A
Computer: DCLRAR1
Description:
The Directory Service consistency checker has determined
that either (a) there is not enough physical connectivity
published via the Active Directory Sites and Services
Manager to create a spanning tree connecting all the sites
containing the Partition
CN=Configuration,DC=vestcom,DC=net, or (b) replication
cannot be performed with one or more critical servers in
order for changes to propagate across all sites (most
often due to the servers being unreachable).

For (a), please use the Active Directory Sites and
Services Manager to do one of the following:
1. Publish sufficient site connectivity information such
that the system can infer a route by which this Partition
can reach this site. This option is preferred.
2. Add an ntdsConnection object to a Domain Controller
that contains the Partition
CN=Configuration,DC=vestcom,DC=net in this site from a
Domain Controller that contains the same Partition in
another site.

For (b), please see previous events logged by the NTDS KCC
source that identify the servers that could not be
contacted.

Are you just needing the addresses?

 

[Ace Fekay [MVP]]

In

Event Type: Error
Event Source: NTDS KCC
Event Category: (1)
Event ID: 1311
Date: 3/19/2004
Time: 10:35:22 AM
User: N/A
Computer: DCLRAR1
Description:
The Directory Service consistency checker has determined
that either (a) there is not enough physical connectivity
published via the Active Directory Sites and Services
Manager to create a spanning tree connecting all the sites
containing the Partition
CN=Configuration,DC=vestcom,DC=net, or (b) replication
cannot be performed with one or more critical servers in
order for changes to propagate across all sites (most
often due to the servers being unreachable).

For (a), please use the Active Directory Sites and
Services Manager to do one of the following:
1. Publish sufficient site connectivity information such
that the system can infer a route by which this Partition
can reach this site. This option is preferred.
2. Add an ntdsConnection object to a Domain Controller
that contains the Partition
CN=Configuration,DC=vestcom,DC=net in this site from a
Domain Controller that contains the same Partition in
another site.

For (b), please see previous events logged by the NTDS KCC
source that identify the servers that could not be
contacted.

Are you just needing the addresses?

Things I would suggest to look for when these type of errors occur:

1. No MTU alterations in the router configs.

2. Firewalls without the proper rules.

3. Clock are not synched. Clocks must be synched within 5 minutes Zulu-
time.

4. If all the DCs are in one domain (vestcom.net), then I would make sure
that all the DNS servers have the same exact information on them. If you are
using an ISP's DNS address in any of the machines, that will definitely
cause this error as well. If so, eliminate them and only use your internal
servers.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory