AD Sites and Services wrong replication server

[justsimplequestions]

We have 4 different sites setup within AD Sites and Services. One of
those sites is only able to communicate with the default-first-site
servers through a vpn. It does not have a vpn or any other form of
communication with any of the other dc's in the other sites.

We have manually added the default-first-site dc's as the replication
partners but for some unknown reason it keeps adding (automatically
generating) dc's from other sites that it can not communicate with
resulting in warning and error codes - 1925 (The attempt to establish
a replication link for the following writable directory partition
failed) and 1311 (The Knowledge Consistency Checker (KCC) has detected
problems with the following directory partition. )

We have deleted the servers from the list only for them to appear
again after 15 minutes. How can we force this site only to replicate
with the default-first-site servers?

Thanks.

 

[Herb Martin]

We have 4 different sites setup within AD Sites and Services. One of
those sites is only able to communicate with the default-first-site
servers through a vpn. It does not have a vpn or any other form of
communication with any of the other dc's in the other sites.

Even indirectly by routing through the VPN and then to the other sites?

We have manually added the default-first-site dc's as the replication
partners

That isn't likely necessary if you setup your Sites/Services definitions
correctly.

but for some unknown reason it keeps adding (automatically
generating) dc's from other sites that it can not communicate with
resulting in warning and error codes

Then you have almost certainly left an error in the definitions.

- 1925 (The attempt to establish
a replication link for the following writable directory partition
failed) and 1311 (The Knowledge Consistency Checker (KCC) has detected
problems with the following directory partition. )

We have deleted the servers from the list only for them to appear

Yes, if the KCC decides they are needed due to insufficient or incorrect
info then it will keep adding them.

again after 15 minutes. How can we force this site only to replicate
with the default-first-site servers?

Check replication with "DCDiag /c" and search for WARN and FAIL
messages.


Check: Create a site for each location
Check: Correct subnet(s) for all the IP subnets at each location and
use these to define each site
Check: SiteLINK that represents each physical WAN/VPN from
location to DEFAULT or between locations -- I am assuming here that
these are only DEFAUL<->BranchX but that is not a restriction if you
have additional physical lines...
Put the Default Site and each BranchX in the apppropriate SiteLINK

* Remove the BranchX site from the Default-IP-SiteLink *

Replicatte everything.

Then: Right click on each DC in Sites and Services and MOVE it to the
CORRECT site.

Check replication with "DCDiag /c" and search for WARN and FAIL
messages.

You can likely remove the manual "connection" objects you created.

You may optionally DISABLE the "bridge (group) all sites" to remove
the automatic transitivity of the SiteLinks but I recommend that you
first get your definitions correct.

Likely the step of removing the Sites from the Default-Ip-SiteLink OR
putting all DCs in the correct SiteLink is your problem.

 

[justsimplequestions]

Even indirectly by routing through the VPN and then to the other sites?


That isn't likely necessary if you setup your Sites/Services definitions
correctly.


Then you have almost certainly left an error in the definitions.



Yes, if the KCC decides they are needed due to insufficient or incorrect
info then it will keep adding them.


Check replication with "DCDiag /c" and search for WARN and FAIL
messages.

Check: Create a site for each location
Check: Correct subnet(s) for all the IP subnets at each location and
use these to define each site
Check: SiteLINK that represents each physical WAN/VPN from
location to DEFAULT or between locations -- I am assuming here that
these are only DEFAUL<->BranchX but that is not a restriction if you
have additional physical lines...
Put the Default Site and each BranchX in the apppropriate SiteLINK

* Remove the BranchX site from the Default-IP-SiteLink *

Replicatte everything.

Then: Right click on each DC in Sites and Services and MOVE it to the
CORRECT site.

Check replication with "DCDiag /c" and search for WARN and FAIL
messages.

You can likely remove the manual "connection" objects you created.

You may optionally DISABLE the "bridge (group) all sites" to remove
the automatic transitivity of the SiteLinks but I recommend that you
first get your definitions correct.

Likely the step of removing the Sites from the Default-Ip-SiteLink OR
putting all DCs in the correct SiteLink is your problem.

Thanks Herb - I think you are spot on (again!)

Had a look at the Default-Ip-SiteLink and all the servers from all
sites are listed. This is not something that has been created and
presume is their by default. Is this associated with the Default-First-
Site servers and can the other servers be safely deleted (we have
other links with the appropriate servers listed in them)

Many thanks again.

 

[Herb Martin]

Thanks Herb - I think you are spot on (again!)

Had a look at the Default-Ip-SiteLink and all the servers from all
sites are listed. This is not something that has been created and
presume is their by default.

Yes, and technically it is all of the SITES which are in this SiteLink,
but due to that the KCC is creating CONNECTION objects for
some or all of the servers to replicate.

Effect is what you say but the technical detail is just different enough
it might help you to understand how it happens.

Is this associated with the Default-First-
Site servers and can the other servers be safely deleted (we have
other links with the appropriate servers listed in them)

No, don't delete "servers" from the Default-IP-SiteLink, but rather
delete the SITES there -- the sites must first have their own custom
site link before this is allowed.

Also, MOVE all Servers that are in the "wrong" site to the correct SITE.

Many thanks again.

Sure.