Announcement

Collapse
No announcement yet.

NTDS KCC Errors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTDS KCC Errors

    Hello,Can someone please help me with the NTDS KCC errors below. It seems the error is repeatedly every 5 minutes. The site is implemented thru IPSec VPN. The attempt to establish a replication link for the following writable directory partition failed. Directory partition: DC=example,DC=com Source domain controller: CN=NTDS Settings,CN=PDC-DC001,CN=Servers,CN=PDCCANADA,CN=Sites,CN=Configur ation,DC=example,DC=com Source domain controller address: f538ef26-19a6-4869-aa40-ce493cbf1050._msdcs.example.com Intersite transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=example,DC =com This domain controller will be unable to replicate with the source domain controller until this problem is corrected. User Action Verify if the source domain controller is accessible or network connectivity is available. Additional Data Error value: 8524 The DSA operation is unable to proceed because of a DNS lookup failure.For more information, see Help and Support Center at

  • #2
    Re: NTDS KCC Errors

    Can you ping the servers by name and by IP both ways?
    I would set the primary DNS on each server at each end to be the other server.

    i.e. DC01 using DC02 as primary DNS and DC02 using DC01 as primary DNS (with their own IP as secondary) then run netdiag /fix on both.
    I would also run DCDiag /fix on both and then repadmin /syncall /PAS on both.

    You may need to download the support tools for these. (Link in Misc Forum Sticky)
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: NTDS KCC Errors

      Hi Andy,
      Thank you for your help. Actually I have total of 4 sites. There are 2 DC at each sites, total of 8 DCs altogether. For example, Site 1 = DCA1 & DCA2, Site 2= DCB1 & DCB2, Site 3=DCC1 & DCC2, Site 4= DCD1 & DCD2. Which is a properly site replication topology? Please advise...

      What i'm doing now...

      I configured selected Intersite Transport to all site as IP, not SMTP. FYI, I do have one Exchange Server which is a member server at one site which hosting email to all 4 sites, and not a DC integrated. So I didn't bother using SMTP because I'm not sure; anything i'm not sure I won't change.

      The way I create site replication topology is below:

      I selected one location to be a primary site which is Site 1 = IP: 192.168.20.10. Then I have 3 sites left, which site 2, 3, 4: total 6 DCs left. All 3 sites I configured its first DCs Primary DNS pointing to Site 1 first DC = 192.168.20.10. and I used the second DC of each sites to point its Primary DNS to the first DC of its own site Yes, I am able to ping all site by DNS name and IP.

      Therefore, total 3 primary DCs for all 3 sites, its Primary DNS I configured to pointing to a Site 1 Domain controller DCA2 = IP: 192.168.20.10. and 3 more secondary DCs for 3 sites I had it pointing to the primary DC of its own site.

      Originally posted by AndyJG247 View Post
      Can you ping the servers by name and by IP both ways?
      I would set the primary DNS on each server at each end to be the other server.

      i.e. DC01 using DC02 as primary DNS and DC02 using DC01 as primary DNS (with their own IP as secondary) then run netdiag /fix on both.
      I would also run DCDiag /fix on both and then repadmin /syncall /PAS on both.

      You may need to download the support tools for these. (Link in Misc Forum Sticky)
      Last edited by dykirin; 24th November 2008, 14:09. Reason: Modified

      Comment


      • #4
        Re: NTDS KCC Errors

        That sounds ok to me.
        Can you ping
        f538ef26-19a6-4869-aa40-ce493cbf1050._msdcs.example.com
        when you have changed it to the correct info? What server does that respond from?

        What do you mean by not DC integrated for Exchange?

        It just looks like a DNS issue. Do you have any firewalls between the sites at all?

        Download DNSLint from Microsoft and run that

        from the top of my head:
        "dnslint /ad /s localhost"
        and see what that tells you about missing records.

        I would still run the netdiag /fix dcdiag /fix on all of the DCs to ensure they are ok.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: NTDS KCC Errors

          hi andy,
          I just reconfigure the replication topology, waiting for it to change. I will let you know by tomorrow see if any KCC errors repeat again.

          thanks,
          dykirin

          Comment

          Working...
          X