Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1865 Source: NTDSKCC

The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result the following list of sites cannot be reached from the local site.

<site list>.
In my case, this error was being reported because someone else configured Routing and Remote access on one of the DCs but instead of only choosing remote access and PPTP as protocol, they left routing on. As a result, DNS registered a second IP address for my server and this was why the error was submitted in the logs.
In my case, the problem was caused by hotfix ME893066. Uninstalling the hotfix fixed the problem for me.
As per Microsoft: "The Knowledge Consistency Checker (KCC) could not find domain controllers in any other site. This event is logged after an NTDS KCC 1311 event and should be used to help troubleshoot that event". See MSW2KDB for more details.
In our case, every weekend a domain controller in a branch office had to be shut down (for maintenance on a temporary electricity generator). As soon as it went down the event logs on other DCs started filling up with these events. Once the DC was back online, everything went back to normal.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.