Thursday, March 20, 2008

ACTIVE DIRECTORY DIAGNOSTIG LOG IN



We are familiar with diagnostic login in exchange. What happens if we need same type of capability for Active Directory? As you may know there is no place in the event log where diagnostic login can be turned on for AD related troubleshooting scenarios, such as troubleshooting KCC issues. The KCC (Knowledge consistency Checker) is a Microsoft Windows 2000 and Microsoft Windows Server 2003 component that automatically generates and maintains the intra-site and inter-site replication topology.

The KCC runs at regular intervals to adjust the replication topology for changes that occur in Active Directory, such as adding new domain controllers and new sites that are created. At the same time, the KCC reviews the replication status of existing connections to determine if any connections are not working. If a connection is not working, after a threshold is reached, KCC automatically builds temporary connections to other replication partners (if available) to insure that replication is not blocked.

On each domain controller, the KCC creates replication routes by creating one-way inbound connection objects that define connections from other domain controllers. For domain controllers in the same site, the KCC creates connection objects automatically without administrative intervention. When you have more than one site, you configure site links between sites and a single KCC in each site automatically creates connections between sites as well.if we want to make sure the KCC is completing successfully this would be one of the ways of doing it

Dcdiag /v /test: kccevent /s: nhqdtcdc4

(note: Nhqdtcdc4 is the name of my domain controller)

Testing server: JPK\NHQDTCDC4

Starting test: Connectivity

* Active Directory LDAP Services Check

* Active Directory RPC Services Check

......................... NHQDTCDC4 passed test Connectivity

oing primary tests

Testing server: JPK\NHQDTCDC4

Test omitted by user request: Replications

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: Advertising

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: RidManager

Test omitted by user request: MachineAccount

Test omitted by user request: Services

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: ObjectsReplicated

Test omitted by user request: frssysvol

Test omitted by user request: frsevent

Starting test: kccevent

* The KCC Event log test

Found no KCC errors in Directory Service Event log in the last 15 minutes.

......................... NHQDTCDC4 passed test kccevent

Test omitted by user request: systemlog

Test omitted by user request: VerifyReplicas

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: CheckSecurityError

Running partition tests on : DomainDnsZones


If you are still having trouble with KCC what to do next? The next step is going to be turn on the diagnostic login for KCC. If you are thinking you have never seen this in event log, yes you are right, it would be nice if Microsoft included this into even log MMC, but we are not there yet (-:

Open regedit

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\ Diagnostics

  • double-click on the diagnostics logging entry
  • enter a number (05) based on how much you want logged

KKC should run every 15 minutes by default. The numbers are from 1 to 5 , 1 being minimum 3 being medium and 5 being maximum diagnostic login.

Here are the diagnostic logging settings for windows 2003

  • Knowledge Consistency Checker
  • Security Events
  • ExDS Interface Events
  • MAPI Interface Events
  • Garbage Collection
  • Internal Configuration
  • Directory Access
  • Internal Processing
  • Performance Counters
  • Initialization/Termination
  • Service Control
  • Name Resolution
  • Backup
  • Field Engineering
  • LDAP Interface Events
  • Setup
  • Global Catalog
  • Inter-site Messaging
  • Group Caching
  • Linked-Value Replication
  • DS RPC Client
  • DS RPC Server
  • DS Schema
  • Replication Events

Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+

oz@SMTp25.org
http://smtp25.blogspot.com


1 comment:

Frank Danley said...

Try not to utilize a registry editorial manager to alter the registry specifically unless you have no option. The registry editors sidestep the standard shields gave by managerial apparatuses. These protections keep you from entering clashing settings or settings that are liable to debase execution or harm your PC. Altering the registry specifically can have genuine with thesis writing service, unforeseen results that can keep the PC from beginning and require that you reinstall Windows 2000. To design or modify Windows 2000, utilize the projects in Control Panel or MMC at whatever point conceivable.