AD Replication Errors sensor

Modified on 2025-06-10 14:29:09 +0200

We have 9 domains within our network. All of these domains have trust relationsships in place, except 1. The AD Replication Errors sensor works perfectly for all DCs in domains that are trusted, regardless of whether they are in the same forest or not.

Why is it that this sensor does not work in the domain that is not trusted. Due to policies, we cannot put a PRTG probe into the domain that is not trusted. I know that according to https://www.paessler.com/manuals/prtg9/active_directory_replication_errors_sensor.htm it says that the probes need to be in the same domain as the target DC, but from our experience this is not the case. (A lack of knowledge of the documented limitations helps in finding real limitations ;-) ) Why therefore can we not use this to check the DCs in the domains that are not trusted?

Article Comments

Hi,

The way this sensor works is that it first gets the nearest domain controller in the given domain and invokes the Knowledge Consistency Checker (KCC). This first DC is queried for replication errors and next all DC's known by the first one are queried for replication errors using the DomainController.CheckReplicationConsistency method.

Unfortunately this does not work for untrusted domain objects. Googeling for "Knowledge Consistency Checker Fail without Trusted Domain Object" will provide some more detail.

Regards,

May, 2012 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

AD Replication Errors sensor

Article Comments

Search

Attention

Related Articles