Event ID 1311: Replication configuration does not reflect the physical network

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Event ID 1311 is logged in the Directory Service log when configuration errors or unavailable domain controllers prevent replication of a directory partition between domain controllers in different sites.

An example of the event text is as follows:

Event Type:Error
Event Source:NTDS KCC
Event Category:Knowledge Consistency Checker 
Event ID:1311
Date:3/9/2005
Time:6:39:58 PM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
The Knowledge Consistency Checker (KCC) has detected problems with 
the following directory partition. 

Directory partition:
CN=Configuration,DC=contoso,DC=com 

There is insufficient site connectivity information in Active Directory 
Sites and Services for the KCC to create a spanning tree replication 
topology. Or, one or more domain controllers with this directory 
partition are unable to replicate the directory partition information. 
This is probably due to inaccessible domain controllers. 

User Action 
Use Active Directory Sites and Services to perform one of the 
following actions: 
- Publish sufficient site connectivity information so that the 
KCC can determine a route by which this directory partition can 
reach this site. This is the preferred option. 
- Add a Connection object to a domain controller that contains 
the directory partition in this site from a domain controller 
that contains the same directory partition in another site. 

If neither of the Active Directory Sites and Services tasks correct 
this condition, see previous events logged by the KCC that identify 
the inaccessible domain controllers.

Cause

This problem can have the following causes:

  • Site link bridging is enabled on a network that does not support physical network connectivity between two domain controllers in different sites that are connected by a site link.

  • Bridge all site links is enabled in Active Directory Sites and Services, but the network does not allow network connectivity between any two domain controllers in the forest.

  • One or more sites are not contained in a site link.

  • Site links contain all sites, but the site links are not interconnected. This condition is known as disjointed site links.

  • One or more domain controllers are offline.

  • Bridgehead domain controllers are online, but errors occur when they try to replicate a required directory partition between Active Directory sites.

  • Administrator-defined preferred bridgehead servers are online, but they do not host the required directory partition. The most common misconfiguration is to define non–global catalog servers as bridgehead servers.

  • Preferred bridgeheads are defined correctly by the administrator, but they are currently offline.

  • The bridgehead server is overloaded because the server is undersized, too many branch sites are trying to replicate changes from the same hub domain controller, or the replication schedules on site links or connection objects are too frequent.

  • The Knowledge Consistency Checker (KCC) has built an alternate path around an intersite connection failure, but it continues to retry the failing connection every 15 minutes.

Solution

Use the following procedures for troubleshooting event ID 1311:

  • Identify the scope of the problem.

  • Check site link bridging.

  • Determine whether the network is fully routed.

  • Verify that all sites are connected.

  • Check preferred bridgehead servers.

Identify the Scope of the Problem

Identify the scope of the problem by determining whether event ID 1311 is being logged on all domain controllers in the forest that hold the intersite topology generator (ISTG) role or just on site-specific domain controllers.

First, use the following procedure to locate the ISTG role holders for all sites.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in a domain in the forest.

  • Tool: Ldp (Windows Support Tools)

To locate the ISTG role holders for all sites

  1. Click Start, click Run, type Ldp, and then click OK.

  2. On the Connection menu, click Connect.

  3. In the Connect dialog box, leave the Server box empty.

  4. In Port, type 389, and then click OK.

  5. On the Connection menu, click Bind.

  6. In the Bind dialog box, provide Enterprise Admins credentials. Click Domain if it is not already selected.

  7. In Domain, type the name of the forest root domain, and then click OK.

  8. On the Browse menu, click Search.

  9. In Base dn, type:

    **CN=Sites,CN=Configuration,DC=**Forest_Root_Domain

  10. In Filter, type:

    (CN=NTDS Site Settings)

  11. For Scope, click Subtree.

  12. Click Options, and in the Attributes box, scroll to the end of the list, type:

    ;interSiteTopologyGenerator

    and then click OK.

  13. In the Search dialog box, click Run.

  14. Review the interSiteTopologyGenerator entries in the output, and make a note of the domain controller names.

Determine the scope of the event by checking the Directory Service event logs of all ISTG role holders in the forest, or check at least a significant number of ISTG role holders.

If event ID 1311 continues to be logged on ISTG role holders, continue with the next step.

Use the following procedure to determine if site link bridging is enabled.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in a domain in the forest.

  • Tool: Active Directory Sites and Services (Administrative Tools)

  1. Open Active Directory Sites and Services.

  2. In the console tree, double-click the Sites container, and then double-click the Inter-Site Transports container.

  3. Right-click the IP container. If Bridge all site links is selected, site link bridging is enabled.

The Bridge all site links setting requires a fully routed network. If the network is not fully routed, you must create site link bridges manually.

Determine Whether the Network Is Fully Routed

Determine whether a fully routed network connection exists between two sites.

If the network is fully routed, continue by verifying that the sites are connected.

If the network is not fully routed and site link bridging is enabled, either make the network fully routed, or disable site link bridging and then create the necessary site links and site link bridges. For information about creating site links, see Linking Sites for Replication.

Note

Site link bridging is enabled by default. As a best practice, leave site link bridging enabled for fully routed networks.

If the network is not fully routed and site link bridging is enabled, use the following procedure to disable site link bridging.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in the forest root domain or a member of the Enterprise Admins group.

  • Tool: Active Directory Sites and Services (Administrative Tools)

  1. Open Active Directory Sites and Services.

  2. In the console tree, double-click the Sites container, and then double-click the Inter-Site Transports container.

  3. Right-click the IP container. If Bridge all site links is selected, click it to disable it.

If the network is not fully routed, be sure that you have created site links to connect all sites. When all site links are created, use the following procedure to create a site link bridge.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in the forest root domain or a member of the Enterprise Admins group.

  • Tool: Active Directory Sites and Services (Administrative Tools)

  1. Open Active Directory Sites and Services.

  2. In the console tree, double-click the Sites container, and then expand the Inter-Site Transports container.

  3. Right-click the IP container, and then click New Site Link Bridge.

  4. In Name, type a name for the site link bridge.

  5. Click two or more site links to be bridged, and then click Add.

Wait for a period of time that is twice as long as the longest replication interval in the forest. If event ID 1311 continues to be logged on ISTG role holders, continue with the next step.

Verify That All Sites Are Connected

If the network is fully routed, use the Repadmin command-line tool to view site links to ensure that intersite replication can occur between domain controllers in different sites.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group or the Domain Admins group in the forest root domain.

  • Tool: Repadmin.exe (Windows Support Tools)

  1. At a command prompt, type the following command, and then press ENTER:

    repadmin /showism "CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=Forest_Root_Domain"

    where Forest_Root_Domain is the name of the forest root domain.

  2. In the output, review the information for the sites that are listed. For each site, the output of the command shows a string of three numbers separated by colons. The numbers represent <cost>:<replication interval>:<options>. Strings with a value of “-1:0:0” indicate a possible missing site link.

Check Preferred Bridgehead Servers

If you have designated preferred bridgehead servers, the ISTG selects bridgehead servers only from that list of servers. If no servers in the list for the site can replicate a domain directory partition that has domain controllers in other sites, the ISTG selects a bridgehead server that can replicate the domain, if one is available in the site. However, if at least one server in the list can replicate a domain but the server is unavailable, the ISTG does not select an alternate bridgehead server and replication of updates to that domain does not occur in the site. In this case, you might have domain controllers that are capable of replicating the domain, but replication does not occur because preferred bridgehead servers have been selected and none is available for the domain.

Check the list of preferred bridgehead servers in the site, and ensure that preferred bridgehead servers for the domain in question are available. Use the following procedure to check the list of preferred bridgehead servers.

To see all servers that have been selected as preferred bridgehead servers in a forest, you can use ADSI Edit to view the bridgeheadServerListBL attribute on the IP container object.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in a domain in the forest.

  • Tool: Adsiedit.msc (Windows Support Tools)

To view the list of preferred bridgehead servers

  1. Click Start, click Run, type adsiedit.msc, and then click OK.

  2. In the console tree, double-click Configuration Container, and then double-click CN=Configuration,DC=ForestRootDomainName, CN=Sites, and CN=Inter-Site Transports.

  3. Right-click CN=IP, and then click Properties.

  4. In Attributes, double-click bridgeheadServerListBL.

  5. If any preferred bridgehead servers are selected in any site in the forest, the Values box displays the distinguished name for each server object that is currently selected as a preferred bridgehead server.

Verify that all domain controllers in the list are online and functioning as domain controllers.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.

  • Tool: Net view

To determine whether a domain controller is functioning

  • To confirm that a domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:

    **net view \\**DomainControllerName

    where DomainControllerName is the network basic input/output system (NetBIOS) name of the domain controller.

This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered.

If a domain controller that is selected as a preferred bridgehead server is not available, use the following procedure to select another preferred bridgehead server in the site that can replicate the domain.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Admins group in the domain of the selected domain controller or a member of the Enterprise Admins group.

  • Tool: Active Directory Sites and Services (Administrative Tools)

To designate a preferred bridgehead server

  1. Open Active Directory Sites and Services.

  2. In the console tree, double-click the Sites container, and then expand the Servers container.

  3. Right-click the server object for the domain controller that you want to make a preferred bridgehead server, and then click Properties.

  4. On the General tab, click the intersite transport or transports for which this server will be a preferred bridgehead server, and then click Add.