Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1801 Source: NTDSKCC

The partition DC=DomainDnsZonesDC=xDC=yDC=com should be hosted at site CN=zCN=SitesCN=ConfigurationDC=xDC=yDC=com but has not been instantiated yet. However the KCC could not find any hosts from which to replicate this partition.
Several posts in support forums suggest that the first steps in troubleshooting this would be to verify that there are no network connectivity issues that are affecting the AD (including DNS configuration, typically the trickiest to identify). If network connectivity is fine, one can increase the AD logging level (see T961809) and hope that the logs will provide enough details to pinpoint the source of the problem.
I tried the steps listed in the previous comment on how to recreate the DomainDnsZones and ForestDnsZones, but I kept getting "Server Fault" messages or sometimes unable to connect to RPC. I was finally able to do it by using the "netdiag /fix" command. Everything was created successfully and the entries look right now.
To delete an application directory partition (as John VanDyke described below) use the following method:
1. Click Start, and then click Run.
2. In the Open box, type ntdsutil.
3. At the ntdsutil command prompt, type domain management.
4. At the domain management command prompt, type connection.
5. At the connection command prompt, type connect to server <server name> (The DNS name of the domain controller on which you want to delete the application directory partition).
6. At the connection command prompt, type quit.
7. At the domain management command prompt, type the following command: delete nc <application directory partition> (The distinguished name of the application directory partition that you want to create or delete. For example, the distinguished name of the application directory partition is dc=test, dc=Microsoft, dc=com).
WARNING: If you remove the last replica of an application directory partition, you may permanently lose all of the data that is contained in the partition. You must decide when it is safe to delete the last copy of a particular partition.
This event can occur when promoting a domain controller to a global catalog server. See ME910204 for additional information about this issue.
This message was appearing every 15 minutes on Win2k3 server DCs. The ForestDnsZones and DomainDnsZones were corrupt. Use Ntdsutil to remove the Application Partition. The name can be found using Adsiedit. Go to the Configuration Container and look under CN=Partitions to get the correct name. Once the Application Partition has been removed, use Adsiedit to verify that it has been removed on all DCs. You can then recreate the partition in DNS, go to DNS, right-click on the server and select Create Default Application Directory Partitions. You should see ForestDnsZones and DomainDnsZones in the Forward Lookup Zone of the domain. Allow it to replicate.

See ME889711 for information on this event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.