Thursday, May 21, 2009

Event ID 1311NTDS KCC : The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

Event ID 1311NTDS KCC : The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 
Event Type:Error
Event Source:NTDS KCC
Event Category:Knowledge Consistency Checker
Event ID:1311
Date:3/9/2005
Time:6:39:58 PM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
The Knowledge Consistency Checker (KCC) has detected problems with
the following directory partition.
 
Directory partition:
CN=Configuration,DC=contoso,DC=com
 
There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory
partition are unable to replicate the directory partition information.
This is probably due to inaccessible domain controllers.
 
User Action :

Use Active Directory Sites and Services to perform one of the
following actions:
- Publish sufficient site connectivity information so that the
KCC can determine a route by which this directory partition can
reach this site. This is the preferred option.
- Add a Connection object to a domain controller that contains
the directory partition in this site from a domain controller
that contains the same directory partition in another site.
 
If neither of the Active Directory Sites and Services tasks correct
this condition, see previous events logged by the KCC that identify
the inaccessible domain controllers.
 
Cause :

This problem can have the following causes:
 
Site link bridging is enabled on a network that does not support physical network connectivity between two domain controllers in different sites that are connected by a site link.
 
Bridge all site links is enabled in Active Directory Sites and Services, but the network does not allow network connectivity between any two domain controllers in the forest.
 
One or more sites are not contained in a site link.
 
Site links contain all sites, but the site links are not interconnected. This condition is known as disjointed site links.
 
One or more domain controllers are offline.
 
Bridgehead domain controllers are online, but errors occur when they try to replicate a required directory partition between Active Directory sites.
 
Administrator-defined preferred bridgehead servers are online, but they do not host the required directory partition. The most common misconfiguration is to define non–global catalog servers as bridgehead servers.
 
Preferred bridgeheads are defined correctly by the administrator, but they are currently offline.
 
The bridgehead server is overloaded because the server is undersized, too many branch sites are trying to replicate changes from the same hub domain controller, or the replication schedules on site links or connection objects are too frequent.
 
The Knowledge Consistency Checker (KCC) has built an alternate path around an intersite connection failure, but it continues to retry the failing connection every 15 minutes.
 
Solution:
 
Identify the scope of the problem.
 
Check site link bridging.
 
Determine whether the network is fully routed.
 
Verify that all sites are connected.
 
Check preferred bridgehead servers.
 
To locate the ISTG role holders for all sites
Click Start, click Run, type Ldp, and then click OK.
 
On the Connection menu, click Connect.
 
In the Connect dialog box, leave the Server box empty.
 
In Port, type 389, and then click OK.
 
On the Connection menu, click Bind.
 
In the Bind dialog box, provide Enterprise Admins credentials. Click Domain if it is not already selected.
 
In Domain, type the name of the forest root domain, and then click OK.
 
On the Browse menu, click Search.
 
In Base dn, type:
 
CN=Sites,CN=Configuration,DC=Forest_Root_Domain
 
In Filter, type:
 
(CN=NTDS Site Settings)
 
For Scope, click Subtree.
 
Click Options, and in the Attributes box, scroll to the end of the list, type:
 
interSiteTopologyGenerator
 
and then click OK.
 
In the Search dialog box, click Run.
 
Review the interSiteTopologyGenerator entries in the output, and make a note of the domain controller names.

This event sometimes may be logged along with event id 1988 which identifies "lingering objects" on one or more DCs. In our case, replication wasn''t occurring as a result of the lingering object and after removing the lingering object the replication problems were gone.
 
I was receiving this event followed by EventID 1312 from source NTDS KCC. The Intersite Messaging service was disabled on one of my domain controllers. Enabling and starting this service cleared up the issue.

Our environment was a mixed one, with 2k and 2k3 DCs. We installed 913446 on the Win2k3 DCs and 893066 on the Win2k DCs. Then, we added the following DWORD values under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters:
Value name:  EnablePMTUBHDetect
Value:  1
 
Value name:  MTU
Value:  1360
 
After a reboot, the problem was solved.

In my case, I had to modify the ISTG (Inter-Site Topology Generator) role in Active Directory. The ISTG role was not hold by the bridge-head server. After assigning it to the bridge-head server, the problem was gone. In the Microsoft knowledgebase there is an article concerning ISTG (224815).

This problem can have multiple causes. See the link to "Fixing replication topology problems" for troubleshooting.
 
Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here!

In my case, the problem was caused by hotfix 893066. Uninstalling the hotfix fixed the problem for me.

This event sometime occurs in an environment with large number of sites and domain controllers when connectivity to one or more sites is lost. ISTG tries to reach that site through alternate routes available and creates new connections for this purpose. By design in Windows 2003, these connections should be deleted automatically when original connectivity is restored, but in Windows 2000 these links are not deleted. You have to go to NTDS Settings of all the servers in affected site and delete all connections, and initiate "Check Replication Topology". ISTG will create all the links from scratch for all of these servers and problem will disappear.
 
In our case, this error came up after we deleted a server from Active Directory. When you open up Active Directory Sites and Services, look for the server that may have been deleted. If it is still in the site, and you are SURE it was taken out of AD via DCPROMO, go ahead and delete it. The errors will clear up shortly thereafter.

See the link to "Upgrading Windows NT 4.0 Domains to Windows Server 2003" for information on this problem.

In our case, every weekend a domain controller in a branch office had to be shut down (for maintenance on a temporary electricity generator). As soon as it went down the event logs on other DCs started filling up with these events. Once the DC was back online, everything went back to normal.
 
From a newsgroup post: "In certain rare conditions, the error will appear erroneously. This is more typical in environments with large numbers of sites, domain controllers, and domains. The steps from 214745 will very likely resolve the issue. If all steps from the article have been exhausted but the error still appears, you can open a free MS support case to obtain the fix referenced in 819249".
 
See the link to "EventID 1311 from source Active Directory" for additional information on this event.
 
I have also found that if the time on the servers has become out of sync (by 5 minutes either way) this error will appear. I had this issue and found that my domain controllers were out of sync. Changed the times and the errors went away.
 
307593 provides an approach in troubleshooting Event ID 1311 Messages on a Windows 2000 Domain.
 
There is also now a hotfix available for one instance of this problem. See 819249.

This behavior can occur if the Knowledge Consistency Checker (KCC) has determined that a site has been orphaned from the replication topology. See 214745, 244368 and 271997 for troubleshooting.
 
 

No comments:

Post a Comment

LinkWithin

Popular Posts