Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1567 Source: NTDSKCC

Explicit bridgeheads to support inter-site replication to and from site CN=<cn name>,CN=Sites,CN=Configuration,DC=<dc name>,DC=<dc name>,DC=<dc name>, over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=<dc name>,DC=<dc name>,DC=<dc name>, have been selected, but none of these servers can replicate the partition DC=<dc name>,DC=<dc name>,DC=<dc name>.

Please use the Active Directory Sites and Services snap-in to do the following:

1. Configure servers that can support replication of the given partition as preferred bridgeheads for this transport. You can do this by modifying the corresponding server objects.

2. Ensure the server objects have an address for this transport. For example, servers performing replication over the SMTP transport must have a mailAddress attribute. This attribute is normally configured automatically after the IIS/SMTP service is installed.

In the meantime the KCC will consider all servers in this site as possible bridgeheads for this partition.
See "EventID 1567 from source Active Directory" for more information on this problem.
I found out that it is not enough just to configure one of the DCs as a bridgehead server, you must also evaluate what kind of transport the DCs are using for the site links. In my specific scenario SMTP was not in use. After leaving only TCPIP as the protocol for the bridgehead to use, the errors were gone.

Another possible solution is to apply the ME898060 hotfix on all the DCs. Just make sure you download the latest version of this patch (currently v2).
As per Microsoft: "To resolve this issue, configure a Windows Server 2003-based domain controller as the preferred bridgehead server. The Windows Server 2003-based domain controller can successfully replicate this new partition information". See ME813484 for more details.
The issue is mentioned in ME271997. One possible solution appears to make sure your bridgeheads are also Global Catalog servers.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.