EVENT ID 1311

[Guest]

We are on a mixed mode (Windows 2003 DCs and 2000 DCs) and I am getting the
following error on some of my Windows 2000 domain controllers:

Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 10/4/2005
Time: 8:46:45 AM
User: N/A
Computer: LMW2KDC
Description:
The Directory Service consistency checker has determined that either (a)
there is not enough physical connectivity published via the Active Directory
Sites and Services Manager to create a spanning tree connecting all the sites
containing the Partition CN=Configuration,DC=mydomain,DC=org, or (b)
replication cannot be performed with one or more critical servers in order
for changes to propagate across all sites (most often due to the servers
being unreachable).

For (a), please use the Active Directory Sites and Services Manager to do
one of the following:
1. Publish sufficient site connectivity information such that the system can
infer a route by which this Partition can reach this site. This option is
preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the
Partition CN=Configuration,DC=mydomain,DC=org in this site from a Domain
Controller that contains the same Partition in another site.

For (b), please see previous events logged by the NTDS KCC source that
identify the servers that could not be contacted.
nning tree connecting all the sites containing the Naming context

It recommended to do no. 1- Publish sufficient site connectivity information
but not sure what this means.. We have added SITE LINKS for those domain
controllers with this error but we continue to receive the same error every
15 minutes.

This problem started when we created additional Sites and Subnets using
Active Directory Sites and Services. Each site was assigned a subnet and
domain controllers were moved from the Default-First-Site-Name to the new
site based on their subnet.

Appreciate any help. Thanks.

 

[Paul Bergson]

Start off with some diagnostics to see if there are any dns issues or
something similar to this.


Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /sC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt


See for more details

http://www.microsoft.com/technet/pr...Ref/1d4ce93c-54f2-4069-a708-251509c38837.mspx

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Pawel Mylka]

I hade similiar problems in past. The problem was with firewalls beetwen
sites. Be sure that every dc have full connection with each other

regards
Pawel Mylka

 

[Guest]

Paul,

I ran the dcdiag and found the following error on the domain controllers
that are getting event id 1311 error:
Starting test: Services
IsmServ Service is stopped on [LMW2KDC]
......................... LMW2KDC failed test Services

So I what I did was started this (ISMSERV) service and the error went away.

But I also found the following errors:
*Warning: Remote bridgehead IrvineSite\IRVNIFCUADS2 has some
replication syncs failing. It will be 0 hours 23 minutes
before the bridgehead is considered ineligible to be a bridgehead.
Doing in depth site analysis ...
***Error: The remote site Default-First-Site-Name, has no
servers that can act as bridgeheads between the Default-First-Site-Name and
the local site ImperialBeachSite for
the writeable NC ForestDnsZones. Replication will not
continue until this is resolved.

***Error: The remote site Default-First-Site-Name, has no servers that can
act as bridgeheads between the Default-First-Site-Name and the local site
ImperialBeachSite for
the writeable NC DomainDnsZones. Replication will not continue until this
is resolved.
Remote site Default-First-Site-Name is replicating to the local site
ImperialBeachSite the writeable NC Schema correctly. Remote site
Default-First-Site-Name is replicating to the local
site ImperialBeachSite the writeable NC Configuration correctly. Remote site
Default-First-Site-Name is replicating to the local site ImperialBeachSite
the writeable NC nifcu correctly.

***Error: The remote site IrvineSite, has no servers that can act as
bridgeheads between the IrvineSite and the local site ImperialBeachSite for
the writeable NC ForestDnsZones.
Replication will not continue until this is resolved.


Not sure how to fix this. Appreciate your response. Thanks.

Patrick

 

[Paul Bergson]

I believe this error is meaningless. There are bugs in dcdiag.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

Paul,

I ran the dcdiag and found the following error on the domain controllers
that are getting event id 1311 error:
Starting test: Services
IsmServ Service is stopped on [LMW2KDC]
......................... LMW2KDC failed test Services

So I what I did was started this (ISMSERV) service and the error went
away.

But I also found the following errors:
*Warning: Remote bridgehead IrvineSite\IRVNIFCUADS2 has some
replication syncs failing. It will be 0 hours 23 minutes
before the bridgehead is considered ineligible to be a bridgehead.
Doing in depth site analysis ...
***Error: The remote site Default-First-Site-Name, has no
servers that can act as bridgeheads between the Default-First-Site-Name
and
the local site ImperialBeachSite for
the writeable NC ForestDnsZones. Replication will not
continue until this is resolved.

***Error: The remote site Default-First-Site-Name, has no servers that can
act as bridgeheads between the Default-First-Site-Name and the local site
ImperialBeachSite for
the writeable NC DomainDnsZones. Replication will not continue until this
is resolved.
Remote site Default-First-Site-Name is replicating to the local site
ImperialBeachSite the writeable NC Schema correctly. Remote site
Default-First-Site-Name is replicating to the local
site ImperialBeachSite the writeable NC Configuration correctly. Remote
site
Default-First-Site-Name is replicating to the local site ImperialBeachSite
the writeable NC nifcu correctly.

***Error: The remote site IrvineSite, has no servers that can act as
bridgeheads between the IrvineSite and the local site ImperialBeachSite
for
the writeable NC ForestDnsZones.
Replication will not continue until this is resolved.


Not sure how to fix this. Appreciate your response. Thanks.

Patrick

Start off with some diagnostics to see if there are any dns issues or
something similar to this.


Try running netdiag, repadmin and dcdiag. Look for fail, error and
warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /sC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt


See for more details

http://www.microsoft.com/technet/pr...Ref/1d4ce93c-54f2-4069-a708-251509c38837.mspx

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Cary Shultz [A.D. MVP]]

Patrick,

Did you install the Support Tools from the Service Pack 4 CD-Media or from
the WIN2000 Server CD-Media? I would not use the Support Tools found on the
WIN2000 Server CD-Media and use the Service Pack 4 CD-Media or download the
Support Tools from the MS web site ( naturally the SP4 version ).

--
Cary W. Shultz
Roanoke, VA 24012

WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)