KCC Errors

  • Thread starter Thread starter Vip
  • Start date Start date
V

Vip

Hi,

I have been asked to help sort out problems on our AD.
The setup is as follows:

At the moment we have 1 parent DC and 32 child domains.
We are looking into adding another DC in the parent domain.
All child domains consist of 1 DC all over the country. Which services
around 5 users each. All child domains are connected with a 64k line.

There where major problems with DNS I'm hoping that i've sorted out
most of the DNS issues. I've also made all the child domains GC's.
which hasn't taken affect due to replication.

Running dcdiag gives me all these errors.

Testing server: Default-First-Site-Name\SPID
Starting test: Replications
[Replications Check,SPID] A recent replication attempt failed:
From BEDSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from BEDSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From CANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
659e8912-b968-48a6-8153-471c4bd9cdd8._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from CANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From WITSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
480eb612-1f8f-4ce5-bffc-98d8fe2112a6._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from WITSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From RANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
01434350-5657-47ac-aed4-a4fd80a72ab0._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPIDY: A full synchronization is in progress
from RANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From HATSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
a405a978-c7f9-44d3-9c0d-6b4df47bda08._msdcs.Jep.co.ma
is not registered on one or more DNS servers.

Any other ideas would help.

Thanks
Trevor
 
Your DNS Servers are still misconfigured. Since you made each child domain
a GC, every Child Domain will now have to replicate in the Partial Attribute
Set of EACH AND EVERY other child domain. I assume that you have each child
domain also configured to be its own DNS server am I correct? Please refer
to the DNS white paper:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/nameadrmgmt/w2kdns.asp

Your hitting the DNS Islanding Problem... You'll need to ensure that the
child domains have forwards and root hints configured correctly in order to
find the dns records... a simple test would be to log onto one of the child
domains and execute the following list of commands:
nslookup
set q=srv
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
exit

if you can't get that record back then DNS is still broken, you may also
need to execute "nltest.exe /dsgregdns" to get the child domains to
re-register their records once you fix DNS. nltest.exe is a reskit tool

tx and hope this helps out some


--
Jeromy Statia [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.




Vip said:
Hi,

I have been asked to help sort out problems on our AD.
The setup is as follows:

At the moment we have 1 parent DC and 32 child domains.
We are looking into adding another DC in the parent domain.
All child domains consist of 1 DC all over the country. Which services
around 5 users each. All child domains are connected with a 64k line.

There where major problems with DNS I'm hoping that i've sorted out
most of the DNS issues. I've also made all the child domains GC's.
which hasn't taken affect due to replication.

Running dcdiag gives me all these errors.

Testing server: Default-First-Site-Name\SPID
Starting test: Replications
[Replications Check,SPID] A recent replication attempt failed:
From BEDSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from BEDSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From CANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
659e8912-b968-48a6-8153-471c4bd9cdd8._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from CANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From WITSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
480eb612-1f8f-4ce5-bffc-98d8fe2112a6._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from WITSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From RANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
01434350-5657-47ac-aed4-a4fd80a72ab0._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPIDY: A full synchronization is in progress
from RANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From HATSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
a405a978-c7f9-44d3-9c0d-6b4df47bda08._msdcs.Jep.co.ma
is not registered on one or more DNS servers.

Any other ideas would help.

Thanks
Trevor
Click to expand...
 
Hi Jeromy,

Thanks for getting back to me.

Was it a bad idea to make all the child domains GC's? Just to service 4
users
and only having 1 DC per child domain.

Yes all child domains are DNS Servers and are configured to point to itself.
I have created a standard secondary zone file of the parent domain on all
child domains
aswell as adding the parent as a forwarder. Surley with having a standard
secondary zone
of the parent domain, the server can query that zone to find it's route to
the other child domains
using the delegation zones.

I'll test the nslookup, and try the nltest commad. Should the child domains
be pointing to
themselves when running the ntltest /dsgregdns or should I change it to use
the parent domain's
DNS Server?

Thanks
Trevor




Jeromy Statia said:
Your DNS Servers are still misconfigured. Since you made each child domain
a GC, every Child Domain will now have to replicate in the Partial Attribute
Set of EACH AND EVERY other child domain. I assume that you have each child
domain also configured to be its own DNS server am I correct? Please refer
to the DNS white paper:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/name
adrmgmt/w2kdns.asp

Your hitting the DNS Islanding Problem... You'll need to ensure that the
child domains have forwards and root hints configured correctly in order to
find the dns records... a simple test would be to log onto one of the child
domains and execute the following list of commands:
nslookup
set q=srv
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
exit

if you can't get that record back then DNS is still broken, you may also
need to execute "nltest.exe /dsgregdns" to get the child domains to
re-register their records once you fix DNS. nltest.exe is a reskit tool

tx and hope this helps out some


--
Jeromy Statia [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.




Vip said:
Hi,

I have been asked to help sort out problems on our AD.
The setup is as follows:

At the moment we have 1 parent DC and 32 child domains.
We are looking into adding another DC in the parent domain.
All child domains consist of 1 DC all over the country. Which services
around 5 users each. All child domains are connected with a 64k line.

There where major problems with DNS I'm hoping that i've sorted out
most of the DNS issues. I've also made all the child domains GC's.
which hasn't taken affect due to replication.

Running dcdiag gives me all these errors.

Testing server: Default-First-Site-Name\SPID
Starting test: Replications
[Replications Check,SPID] A recent replication attempt failed:
From BEDSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from BEDSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From CANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
659e8912-b968-48a6-8153-471c4bd9cdd8._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from CANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From WITSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
480eb612-1f8f-4ce5-bffc-98d8fe2112a6._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from WITSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From RANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
01434350-5657-47ac-aed4-a4fd80a72ab0._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPIDY: A full synchronization is in progress
from RANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From HATSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
a405a978-c7f9-44d3-9c0d-6b4df47bda08._msdcs.Jep.co.ma
is not registered on one or more DNS servers.

Any other ideas would help.

Thanks
Trevor
Click to expand...
Click to expand...
 
yep... that will work just fine. SOrry about the mistype of the command

tx

--
Jeromy Statia [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Vip said:
Hi,

I tested the nltest command I don't have the dsgregdns option
but I do have the dsderegdns which I ran, which removed a few
entries except for the _msdcs folder. I stoped and started the
netlogon service to re-create the other folders.
Is this what you wanted me to do?

Thanks

Jeromy Statia said:
Your DNS Servers are still misconfigured. Since you made each child domain
a GC, every Child Domain will now have to replicate in the Partial Attribute
Set of EACH AND EVERY other child domain. I assume that you have each child
domain also configured to be its own DNS server am I correct? Please refer
to the DNS white paper:
Click to expand...
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/name
adrmgmt/w2kdns.asp

Your hitting the DNS Islanding Problem... You'll need to ensure that the
child domains have forwards and root hints configured correctly in order to
find the dns records... a simple test would be to log onto one of the child
domains and execute the following list of commands:
nslookup
set q=srv
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
exit

if you can't get that record back then DNS is still broken, you may also
need to execute "nltest.exe /dsgregdns" to get the child domains to
re-register their records once you fix DNS. nltest.exe is a reskit tool

tx and hope this helps out some


--
Jeromy Statia [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.




Vip said:
Hi,

I have been asked to help sort out problems on our AD.
The setup is as follows:

At the moment we have 1 parent DC and 32 child domains.
We are looking into adding another DC in the parent domain.
All child domains consist of 1 DC all over the country. Which services
around 5 users each. All child domains are connected with a 64k line.

There where major problems with DNS I'm hoping that i've sorted out
most of the DNS issues. I've also made all the child domains GC's.
which hasn't taken affect due to replication.

Running dcdiag gives me all these errors.

Testing server: Default-First-Site-Name\SPID
Starting test: Replications
[Replications Check,SPID] A recent replication attempt failed:
From BEDSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
926213e1-9982-4c3d-b6ca-aa6a898f0a2d._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from BEDSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From CANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
659e8912-b968-48a6-8153-471c4bd9cdd8._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from CANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From WITSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
480eb612-1f8f-4ce5-bffc-98d8fe2112a6._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPID: A full synchronization is in progress
from WITSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From RANSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
01434350-5657-47ac-aed4-a4fd80a72ab0._msdcs.Jep.co.ma
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
SPIDY: A full synchronization is in progress
from RANSER to SPID
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
[Replications Check,SPID] A recent replication attempt failed:
From HATSER to SPID
Naming Context: CN=Schema,CN=Configuration,DC=Jep,DC=co,DC=ma
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failure.
The failure occurred at 2003-06-28 21:52.06.
The last success occurred at (never).
8 failures have occurred since the last success.
The guid-based DNS name
a405a978-c7f9-44d3-9c0d-6b4df47bda08._msdcs.Jep.co.ma
is not registered on one or more DNS servers.

Any other ideas would help.

Thanks
Trevor
Click to expand...
Click to expand...
Click to expand...
 
Back
Top