Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS KCC|
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result the following list of sites cannot be reached from the local site.
|English: Request a translation of the event description in plain English.|
In my case, this error was being reported because someone else configured Routing and Remote access on one of the DCs but instead of only choosing remote access and PPTP as protocol, they left routing on. As a result, DNS registered a second IP address for my server and this was why the error was submitted in the logs.
In my case, the problem was caused by hotfix ME893066. Uninstalling the hotfix fixed the problem for me.
As per Microsoft: "The Knowledge Consistency Checker (KCC) could not find domain controllers in any other site. This event is logged after an NTDS KCC 1311 event and should be used to help troubleshoot that event". See MSW2KDB for more details.
Peter Van Gils
In our case, every weekend a domain controller in a branch office had to be shut down (for maintenance on a temporary electricity generator). As soon as it went down the event logs on other DCs started filling up with these events. Once the DC was back online, everything went back to normal.
|Private comment: Subscribers only. See example of private comment|
|Links: ME893066, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated