Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 site DNS replication problems

Status
Not open for further replies.
PaulGillespie

PaulGillespie

Technical User
Jul 2, 2002
516
GB
Hello, This is the first time i've set up a single domain split between 2 sites connected by a VPN. Every thing went well except that DNS is not working properly in site 2. On the site 1 server i can see all PCs in the domain in the DNS MMC. I can also ping host names in site 2 from site 1.

On the site 2 server, i can only see and ping host names of that site and not site 1.

The event logs on server 1 are fine but on server 2 the directory service log gives constant errors. I have tried the Microsoft site to find out what it means but i found nothing. Here iscopy of the event:

Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1865
Date: 06/02/2004
Time: 10:09:07
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER02
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology.
As a result, the following list of sites cannot be reached from the local site.

Sites:
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=finlayson,DC=local


For more information, see Help and Support Center at


This warning is also accompanied by this error:

Event Type: Error
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1311
Date: 06/02/2004
Time: 13:54:07
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER02
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

Directory partition:
CN=Configuration,DC=finlayson,DC=local

There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to
create a spanning tree replication topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.

User Action
Use Active Directory Sites and Services to perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory
partition can reach this site. This is the preferred option.
- Add a Connection object to a domain controller that contains the directory partition in this site from a domain
controller that contains the same directory partition in another site.

If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by
the KCC that identify the inaccessible domain controllers.

For more information, see Help and Support Center at






Any help would be greatfully appreciated.

Cheers

Paul
 
Sort by date Sort by votes
Sounds like the VPN device might be preventing Site2 from initiating communications to Site1. You can try to telnet from you DC in Site2 to the DC in Site1 one and see if you can talk to the DNS service.

telnet site1dcip 53

If it fails to connect then there is something blocking your communications.
 
Upvote 0 Downvote
Thanks for replying.

The VPN is fine, users are accessing data on both sides and AD is replicating.

Thanks
 
Upvote 0 Downvote
So it's just DNS then that's having the issue? If so try that telnet command, that will tell you if DC2 can talk to DC1 on port 53.

Other than that, what types of zones do you have setup on DC1 and DC2?
 
Upvote 0 Downvote
have just tried "telnet 192.168.1.2 53"

It opened a session but did not give me a response.

What does this mean?

Thanks
 
Upvote 0 Downvote
That means DC2's DNS can talk to DC1's DNS. Most likely something in the way you setup DNS on DC2 is not correct. What types of zones do you have setup?
 
Upvote 0 Downvote
Just forward look up zones in site 1 and site 2.

Should i reinstall DNS on site 2?
 
Upvote 0 Downvote
Right but what type of zones are they. Are they a standard primary and secondary or AD integrated? It just sounds like they are not setup to replicate from DC1 to DC.

Yu've got AD, why not have AD interated zones on each domain controller. Then setup each server to forward out to your isp's servers.

 
Upvote 0 Downvote
I'm not sure.

I think i'm going to but a book on this and do some more research first.

Thanks for all your help

Paul
 
Upvote 0 Downvote
It was an AD integrate primary zone.

I think i've fixed it now. I reinstalled DNS in site B and i can now ping host names from clients on Lan B, and i've not had any more errors in eventvwr, although it's only been 30 minutes.

Thanks for all your help.

Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
977
suncit
suncit
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
893
fredmartinmaine
fredmartinmaine
Theo2k
  • Locked
  • Question
RDS 2016
Replies
0
Views
528
Theo2k
Theo2k
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
581
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
851
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top