Announcement

Collapse
No announcement yet.

Active Directory Errors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Errors

    In the office in the US I have 2 Domain Controllers on Server 2003 and we also have 1 in an office in Israel and 1 in Tampa. They decided in Israel to get rid of their domain and create a new domain but they failed to tell me.
    I have been having one of my domain controllers reboot it self at random times and hang on reboot telling me there is a directory services error and I can only log in with directory services restore mode. If I manually power it off and back on it boots up normally.
    Af first I looked in the system log and found WINS errors prior to the crash as it was trying to replicate with the WINs server in Israel that no longer existed. I went into WINS and told it to stop replicating with that server. Today the same thing happened again so I looked at the directory service log in the event viewer and I found a lot of errors there with my server trying to contact the old domain controller in Israel.

    This is an example of one error from the Knowledge Consistincy checker:

    Event Type: Warning
    Event Source: NTDS KCC
    Event Category: Knowledge Consistency Checker
    Event ID: 1865
    Date: 5/16/2012
    Time: 8:15:11 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: VNETFS1
    Description:
    The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

    Sites:
    CN=Tampa,CN=Sites,CN=Configuration,DC=southboro,DC =viryanet,DC=com
    CN=Israel,CN=Sites,CN=Configuration,DC=southboro,D C=viryanet,DC=com






    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    How to I tell my DC to stop trying to replicate with these other two servers that no longer exist?

  • #2
    Re: Active Directory Errors

    Do a metadata cleanup and remove the failed DCs, as well as the site if necessary
    Full instructions on the main site:
    http://www.petri.com/delete_failed_dcs_from_ad.htm
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Active Directory Errors

      I have gone to properties on each server and set the replication schedule to None for both. So is it the failed attempts to replicate that cause the server to re-boot?

      I just printed out the link thanks for the instructions!

      Comment


      • #4
        Re: Active Directory Errors

        Unknown if replication is causing the crashes, but it will be causing problems (e.g. users trying to logon to a non-existent DC) and a metadata cleanup is the best solution
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Active Directory Errors

          I used the cleanup tool to remove the Domain conroller in the Tampa Site. When I went into Active Directory Sites and services I still found the server there listed under the Tampa site, but this time it let me right click and delete it.

          I went to the server in Israel and noticed the replication was schedules for four times an hour. I changed this to None for now. They still have the DC there but they do not keep it up all the time. I'm not sure if I want to completely remove it or not. Thanks for the help!

          Comment

          Working...
          X