KCC Errors

G

Guest

I have warnings appearing every minute or so in my
Directory Services log of my domain controllers. We are
part of a larger forest, and we trust the forest root.
The source is NTDS KCC, the category is Knowledge
Consistency, Event ID is 1265.

The AD information is being replicated, however we
receive these warning from all the other domains including
the forest root although we have an explict trust to it.

I looked at articles 328701 and 249256. The repadmin /showreps come back sucessful.

When I used the dcdiag I recieve a number of warnings when the kccevent is run.

EventID 0x0800004F1
Event String: The attempt to establish a replication link with

EventID 0x8000061E
Event String: All servers in site

EventID 0xC000051F
Event String: The Directory Service consistancy checker has

All the domain controllers fail the kccevent test.

Any advise would be appreciated as we would like to
discover the cause of these warnings.

Thank you for your help.
 
T

Tim Hines [MSFT]

Post the entire error message. There are several reasons for the 1265
event. The reason will be listed at the end of the event. A common reason
is "DNS lookup failure". In that case you would need to troubleshoot your
DNS configuration and verify that the correct records are in the zone. Post
the error and you may be able to get a few more responses


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
S

Scott

The entire error message recorded in the Directory
Services log is:

Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 11/13/2003
Time: 10:17:40 AM
User: N/A
Computer: GHADS1
Description:
The attempt to establish a replication link with
parameters

Partition: DC=counterpoint,DC=com
Source DSA DN: CN=NTDS
Settings,CN=FGDC,CN=Servers,CN=izzySite,CN=Sites,CN=Config
uration,DC=jsjcorp,DC=com
Source DSA Address: 2e1befbb-fda5-4a53-8f3c-
9fbb0d8ff37f._msdcs.jsjcorp.com
Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=jsjcorp,DC=com

failed with the following status:

The RPC server is unavailable.

The record data is the status code. This operation will
be retried.
Data:
0000: 000006ba

Any advise would be greatly appreciated.

Thanks,

Scott
 
T

Tim Hines [MSFT]

RPC errors indicate that you may have DNS resolution problems or RPC
communication is blocked by a firewall. It could also mean that the service
is not running that is rarely the case.
If you have a firewall then you need to verify that the ports needed for
replication are available. The following article will list the ports
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp

In addition to that you need to verify that the DCs have registered their
SRV, host and GUID records in the DNS zone.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
S

Scott

That is what I thought the articles in the Microsoft
Knowlegde Center indicated. The traffic is not being
blocked by a firewall, because we do not have a firewall
between our location and our parent company's location.
We have direct fiber strands. As far as DNS the svr
records exist, the all the server names resolve and
respond.

There are a couple other errors that occur in the log
that seem to be related.

Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 11/14/2003
Time: 9:37:25 AM
User: N/A
Computer: GHADS1
Description:
The Directory Service consistency checker has determined
that either (a) there is not enough physical connectivity
published via the Active Directory Sites and Services
Manager to create a spanning tree connecting all the
sites containing the Partition
CN=Configuration,DC=jsjcorp,DC=com, or (b) replication
cannot be performed with one or more critical servers in
order for changes to propagate across all sites (most
often due to the servers being unreachable).

For (a), please use the Active Directory Sites and
Services Manager to do one of the following:
1. Publish sufficient site connectivity information such
that the system can infer a route by which this Partition
can reach this site. This option is preferred.
2. Add an ntdsConnection object to a Domain Controller
that contains the Partition
CN=Configuration,DC=jsjcorp,DC=com in this site from a
Domain Controller that contains the same Partition in
another site.

and


Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1566
Date: 11/14/2003
Time: 9:37:25 AM
User: N/A
Computer: GHADS1
Description:
All servers in site
CN=JSJTJSite,CN=Sites,CN=Configuration,DC=jsjcorp,DC=com
that can replicate partition
CN=Configuration,DC=jsjcorp,DC=com over transport
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=jsjcorp,DC=com
are currently unavailable.


For (b), please see previous events logged by the NTDS
KCC source that identify the servers that could not be
contacted.

Could this be related to a permission or security issue?
Although the information seems to be replicated.

Thanks,

Scott
 
T

Tim Hines [MSFT]

The additional errors that you posted also could also indicate that there is
a communication problem on the network. Check your network hardware
configuration. Sometimes routers and switch configuration can cause RPC
failures. You could try using netmon to trace the network traffic when you
try to force replication or force the KCC to run. That will provide more
useful information.

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
S

Scott

Checked the network traffic while forcing site to site
replication. Every request was acknoleged by the other
server, and its requests where acknowlleged by the local
server. Another domain created a new user and that user
replicated accross without a problem. However, we are
still recieving the KCC Errors. Is there a way to find
out exaclty what is causing the KCC error and trace is
from there? There appears to no problem with
communication either physically or logically. There are
no access-lists or firewalls blocking any network traffic
between the sites. The errors occur a regular intervals
and the warnings occur about once per minute.
 
S

Scott

Figured it out. There was an error from NTDS General
1126 that was being cut out of the logs due to the
frequent messages. I moved the Infastructure master role
to another domain controller and the site links were
readded by the new infastructure master. It has been
almost 30 minutes and the warnings and errors are gone.

Thank you for your help,

Scott
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NTDS KCC Error 2
DsBind() failed with error 1722,The RPC server is unavailable 0
event 1265 ntds kcc - access denied 3
AD Replication issues 2
Replication - NetDiag Error 2
dcpromo still not fixing netlogon errors 16
NTDS KCC Event ID 1265, Repadmin failure 1722 (0x6ba) 3
Active Directory and DNS errors 11

Top