We have a Single Forest, with a Domain as the Forest Root and a number of other Domains which are created as New Domain Tree’s (not Child Domains)
Each Domain has a DC which is a GC with the Domain FSMO roles
OS is Server 2003 SP2
Each DC has its own DNS Zone and using a Forwarder to the Forest root for any DNS queries outside of its zone
I have got quite a few issues with AD replication:
Errors in the EVENT logs are 1865, 1311, 1566 – these are relating to KCC unable to form spanning tree of network and insufficient site connectivity
I have two copies of this infrastrucuture – both in a Physical and Virtual environment. In both cases they are currently in the same room and so therefore there are no Physical connectivity problems
The Virtual environment has been converted using VMWare converter and brought into ESX
I can Ping the GUID from each Domain Controller successfully
There are times when Replication becomes “explicilty disabled” – an event shown in DCDIAG – I re-enable via:
REPADMIN /OPTIONS <SERVERNAME> -DISABLE_OUTBOUND_REPL (and INBOUND)
This will then disable itself again sometimes – also the NTELOGON Service seems to pause
In Sites and Services I have let KCC work out the topology but I get some errors about security when doing a “check replication topology”
I cant post the DCDIAG so I will try to sumerise:
LDAP Bind erros 8341
KCC detected problems with the following directory partition: Directory Partition
Failed Test: KCCEVENT
Skipping Tests because the server *** is not responding to directory service requests
Checking for Down Bridgeheads: Warning remote bridgeheads *** is not elidgable as a bridgehead due to too many failures
The current ISTG is down in site ***
Has any body seen this before or got any ideas what is causing this?
Thanks