W2K Svr - replication problem - NTDS KCC 1311

[Rod]

Help - I'm really puzzled!

We have a 3 site network.

Site 1: 2 x W2K Svrs - 1st is the main DC
Site 2: 1 x W2K Svr
Site 3: 1 x W2L Svr

All in one domain, links between sites T1 lines.

It was all setup and working fine, replication sites links
etc all fine. BUT the two servers on sites 2 and 3 were
shutdown for a few weeks, and now they are back on line we
are getting:-

Event Source: NTDS KCC
Event ID: 1311
The directory service consistency checker has determined
that.......

errors in the event log at regualr times on both of these
servers and also on S2 on site one. I'm also getting
errors when trying to access S1 in site 1 from S1 in site
2 or 3 - account invalid/access denied errors. Also I can
see that the users/groups on servers in sites 2/3 are out
of date compared to site 1. I guess that somehow the
replication has been broken, and have found info.
regarding orphaned servers etc. - but can't make head nor
tail of how to go about fixing this problem!

As all servers are still in a test environment, only just
about to go live - is there a quick way to fix this
problem??

 

[Chriss3]

Hello!

This error occurs when the replication configuration information in Active
Directory Sites and Services does not accurately reflect the physical
topology of the network.

//Christoffer Andersson, 17 Years old, Sweden, FLEN

 

[Jack]

That is an ugly issue. You could mess around with DNS,
and with some crazy command line utils, but it could take
a while, depending on your comfort level with AD. If
those DCs aren't in use yet, I would just start anew.

One thing to check first though is that you have the
proper DNS setup and that you have physical connectivity
(ping) with the other DCs.

Here's the gist. You will either have to reformat those
machines, or you can do a dcpromo /foreceremoval on the
site1 and 2 DCs. That will return them to member
servers. Then you will have to use the dreaded ntdsutil
to remove the old servers from the Directory.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;216498

After your metadata is squeaky clean you should be able to
re-dcpromo those machines.

Good luck!

-Jack

 

[Rod]

Thanks Jack

So if I understand you're suggestion correctly;

DCpromo down all the servers (2 off in Site 1, and one
each in Site 2 and 3).

Tidy up AD and the dcpromo them all up again?

Cheers

Rod

 

[Jim Y]

I'm also getting the 1311 adn 1566 errors on DCs and
can't nail em down. Anyone work these out? What's a
good tool for checking validity of AD site topology?
I've got 19 DCs in some 14 remote sites all connected
with T1s.