none
KCC event failed on Domain Controller which holds schema and domain naming master role

    Question

  • Hi Team,

    I have a issue where out of my 17 DC, one of them shows KCC failure. When I ran dcdiag I got below information.

    C:\Users\syoung\Desktop>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = sasw-dc1
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: UCF\sasw-dc1
          Starting test: Connectivity
             ......................... sasw-dc1 passed test Connectivity

    Doing primary tests

       Testing server: UCF\sasw-dc1
          Starting test: Advertising
             ......................... sasw-dc1 passed test Advertising
          Starting test: FrsEvent
             ......................... sasw-dc1 passed test FrsEvent
          Starting test: DFSREvent
             ......................... sasw-dc1 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... sasw-dc1 passed test SysVolCheck
          Starting test: KccEvent
             A warning event occurred.  EventID: 0x8000061E
                Time Generated: 02/16/2017   21:56:57
                Event String:
                All directory servers in the following site that can replicate the d
    irectory partition over this transport are currently unavailable.
             An error event occurred.  EventID: 0xC000051F
                Time Generated: 02/16/2017   21:56:57
                Event String:
                The Knowledge Consistency Checker (KCC) has detected problems with t
    he following directory partition.
             A warning event occurred.  EventID: 0x80000749
                Time Generated: 02/16/2017   21:56:57
                Event String:
                The Knowledge Consistency Checker (KCC) was unable to form a complet
    e spanning tree network topology. As a result, the following list of sites canno
    t be reached from the local site.
             A warning event occurred.  EventID: 0x8000061E
                Time Generated: 02/16/2017   21:56:57
                Event String:
                All directory servers in the following site that can replicate the d
    irectory partition over this transport are currently unavailable.
             An error event occurred.  EventID: 0xC000051F
                Time Generated: 02/16/2017   21:56:57
                Event String:
                The Knowledge Consistency Checker (KCC) has detected problems with t
    he following directory partition.
             A warning event occurred.  EventID: 0x80000749
                Time Generated: 02/16/2017   21:56:57
                Event String:
                The Knowledge Consistency Checker (KCC) was unable to form a complet
    e spanning tree network topology. As a result, the following list of sites canno
    t be reached from the local site.
             ......................... sasw-dc1 failed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... sasw-dc1 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... sasw-dc1 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... sasw-dc1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... sasw-dc1 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... sasw-dc1 passed test ObjectsReplicated
          Starting test: Replications
             ......................... sasw-dc1 passed test Replications
          Starting test: RidManager
             ......................... sasw-dc1 passed test RidManager
          Starting test: Services
             ......................... sasw-dc1 passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:05:51
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:06:33
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:07:01
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:10:05
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:10:35
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:14:57
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:15:09
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:17:51
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:19:25
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:21:59
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:22:17
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:24:19
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:25:21
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:27:09
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:29:57
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:31:15
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:31:17
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:32:17
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:34:19
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:34:41
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:37:45
                Event String: A corrected hardware error has occurred.
             An error event occurred.  EventID: 0x0000168E
                Time Generated: 02/16/2017   21:39:09
                Event String:
                The dynamic registration of the DNS record '_kerberos._tcp.dc._msdcs
    .oim.oimcorp.com. 600 IN SRV 0 100 88 sasw-dc1.oim.oimcorp.com.' fail
    ed on the following DNS server:
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:46:27
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:49:19
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:50:39
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:51:36
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:52:34
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:53:09
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:53:14
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:54:09
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:54:52
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:55:06
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:58:00
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   21:58:54
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   22:00:40
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   22:01:56
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   22:02:42
                Event String: A corrected hardware error has occurred.
             A warning event occurred.  EventID: 0x00000011
                Time Generated: 02/16/2017   22:04:58
                Event String: A corrected hardware error has occurred.
             ......................... sasw-dc1 failed test SystemLog
          Starting test: VerifyReferences
             ......................... sasw-dc1 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : oim
          Starting test: CheckSDRefDom
             ......................... oim passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... oim passed test CrossRefValidation

       Running enterprise tests on : oim.oimcorp.com
          Starting test: LocatorCheck
             ......................... oim.oimcorp.com passed test
             LocatorCheck
          Starting test: Intersite
             ......................... oim.oimcorp.com passed test Intersite

    C:\Users\syoung\Desktop>
    can anyone help me fixing the issue?

    can anyone help me fixing the issue?


    • Edited by Mcteer Friday, February 17, 2017 4:45 AM
    Friday, February 17, 2017 4:11 AM

All replies

  • First, I suggest editing your post to remove information like domain names and DCs :)

    Next, verify that the actual domain controller having the issue is available.

    Then I'd check Sites and Services - is there a site link from the site with the bad domain in it to another domain controller?

    Have you decommissioned any domain controllers in the site before? Are any domain controllers configured to be the bridgehead server in the site as if there is problems with that DC the entire site is unable to replicate.

    Friday, February 17, 2017 4:21 AM
  • There is multiple site link configured from issue DC to other DC's and other DC's to this DC too.

    I haven't decommed any DC from this site , only one thing I have done is build a new DC in this site and moved the new DC to a temporary site as DNS registration is not dynamic in my environment. The DNS will register manaually in Linux based corporate DNS. Once that done and we need some test to be made from storage side for new DC.

    I can also see an eventid : 1311 

    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          2/16/2017 10:11:57 PM
    Event ID:      1311
    Task Category: Knowledge Consistency Checker
    Level:         Error
    Keywords:      Classic
    User:          ANONYMOUS LOGON
    Computer:      sasw-dc1.oim.oimcorp.com
    Description:
    The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 
     
    Directory partition:
    CN=Configuration,DC=oim,DC=oimcorp,DC=com 
     
    There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers. 
     
    User Action 
    Perform one of the following actions: 
    - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. 
    - Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site. 
     
    If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.


    Friday, February 17, 2017 4:53 AM
  • You need to sync your DC time with the PDC only.By default time skew of 5 min is fine but anything more or less creates problem in authentication with the DC.Also You can try repadmin/replsum and then repadmin/syncall.

    If the above do not work then your better try to reset the secure channel password.  Try the following:


    1.  Stop KDC service and change startup from automatic to manual
    2.  Run the following:  resetpwd /server:server IP /userD:user /passwordD:xxxxx  (i.e. netdom resetpwd /server:a.b.c.d /userD:administrator /passwordD:administratorpassword) and note that the IP address should be one of the working DCs IP, preferably the PDC
    3.  Start KDC service and change startup to automatic
    4.  Perform the tests which failed earlier again and see if it works

    Note: As suggested by Gareth it is advisable to edit your post to remove information like domain names and DCs.


    Friday, February 17, 2017 8:07 AM