I am running a Windows 2003 Server in a single domain enviroment. We
have two main DCs in our home office and 7 remote DCs in our branch
plants. One of our branch plant DC is triggering errors in our main DC
Directory Service event log.
Type: Warning
Source: NTDS KCC
Event ID: 1566
All domain controllers in the following site that can replicate the
directory partition
over this transport are currently unavailable.
Site:
CN=***,CN=***,CN=***,DC=***,DC=***
Directory partition:
DC=***,DC=***
Transport:
CN=***,CN=***,CN=***,CN=***,DC=***,DC=***
Type: Error
Source: NTDS KCC
Event ID: 1311
The Knowledge Consistency Checker (KCC) has detected problems with the
following
directory partition.
Directory partition:
DC=***,DC***
There is insufficient site connectivity information in Active Directory
Sites and
Services for the KCC to create a spanning tree replication topology. Or, one
or more
domain controllers with this directory partition are unable to replicate the
directory
partition information. This is probably due to inaccessible domain
controllers.
User Action
Use Active Directory Sites and Services to perform one of the following
actions:
- Publish sufficient site connectivity information so that the KCC can
determine a
route by which this directory partition can reach this site. This is the
preferred
option.
- Add a Connection object to a domain controller that contains the directory
partition
in this site from a domain controller that contains the same directory
partition in
another site.
If neither of the Active Directory Sites and Services tasks correct this
condition, see
previous events logged by the KCC that identify the inaccessible domain
controllers
Type: Warning
Source: NTDS KCC
Event ID: 1865
The Knowledge Consistency Checker (KCC) was unable to form a complete
spanning tree
network topology. As a result, the following list of sites cannot be reached
from the
local site.
Sites:
CN=***,CN=***,CN=***,DC=***,DC=***
On top of these errors, the branch plant DC is logging this Kerberos
error over and over in the System event log:
Type; Error
Source: Kerberos
Event ID: 4
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/***. The
target name used was ldap/***. This indicates that the password used to
encrypt the
kerberos service ticket is different than that on the target server.
Commonly, this is
due to identically named machine accounts in the target realm (***), and the
client
realm. Please contact your system administrator.
And it's logging this error in the Application event log over and over:
Type: Error
Source: Userenv
Event ID: 1053
Windows cannot determine the user or computer name. (The target principal
name is incorrect.
). Group Policy processing aborted.
Some of the recent changes done to this machine that may be causing
these issues are system board replacement, and an upgrade to the hard
drives. I have tried reseting the machine account password using
netdom.exe, though i am not 100% sure I am perfoming this task
correctly. The main tasks that seem to be broke are File Replication,
directory replication, and when logged into the branch plant DC you get
a logon Failure error message when trying to access network shares. Any
help on this issue would be greatly appreciated.
Bookmarks