No announcement yet.

NTDS Replication logged 1083 and 1955 events

  • Filter
  • Time
  • Show
Clear All
new posts

  • NTDS Replication logged 1083 and 1955 events

    Hi, we've 2 DCs (Windows 2003 Standard R2) in our domain. PDC is Primary DNS
    Server, Additional DC (hereafter ADC) is Secondary DNS Server (both:AD
    Integrated - replicated to all DNS Server in the AD domain). PDC pointed to
    it self for Primary DNS and ADC as Secondary DNS and ADC pointed to itself as
    Primary DNS and PDC as Secondary DNS.
    Domain and Forest function level is Windows 2003, both DCs are Global Catalog Server and no child domain/other domain in the forest.

    I'm continuously get these error (1083 followed by 1955):

    Event Type: Warning
    Event Source: NTDS Replication
    Event Category: Replication
    Event ID: 1083
    Date: 4/27/2007
    Time: 3:13:00 PM
    Computer: GMSI-DC01
    Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information.

    Network address:

    This operation will be tried again later.

    For more information, see Help and Support Center at

    Followed by :

    Event Type: Information
    Event Source: NTDS Replication
    Event Category: Replication
    Event ID: 1955
    Date: 4/27/2007
    Time: 3:13:00 PM
    Computer: GMSI-DC01
    Active Directory encountered a write conflict when applying replicated changes to the following object.

    Time in seconds:

    Event log entries preceding this entry will indicate whether or not the update was accepted.

    A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring.

    User Action
    Use smaller groups for this operation or raise the functional level to Windows Server 2003.

    For more information, see Help and Support Center at

    AD seems working well (no problems occured) and has no other issues in the server and client's system (except with the Exchange Server, when PDC offline it's stop functioning as well).

    Replication monitoring/test using repadmin tool and dcdiag test shown if the replication is working well.

    Please advice,


    Last edited by lzd212; 28th April 2007, 09:38. Reason: Additional information

  • #2
    Re: NTDS Replication logged 1083 and 1955 events

    From (and oh look who's name is in blold):
    Adrian Grigorof
    According to a newsgroup post: "Unless these turn into errors message 1083 events are to be expected. There is always going to be instances in which REPL or the AD is going to be busy and the request is going to be queued. If you start to see the same transaction refused time and again, it, then would be considered an issue as that *one* transaction is never getting committed."

    Mihai Andrei (Last update 1/4/2006):
    This behavior is symptomatic of a duplicate object in Active Directory of the replication partner. See "JSI Tip 7926" for some steps you should take in order to fix this problem.

    Ionut Marin (Last update 4/20/2004):
    As per Microsoft: "This problem may occur if a child domain is not completely removed. As a result, some domain controllers in your organization may have conflicting information about the child domain". See M825952 for a hotfix applicable to Microsoft Windows 2000.

    See M834926 for a hotfix applicable to Microsoft Windows Server 2003.

    Mark Geschke (Last update 6/30/2003):
    The cause for the repeated occurrence of this event on our network was quite difficult to track down and was in the end attributed to a service trying to logon with an invalid password and thereby locking the account mentioned in the Event description.
    In our specific scenario, the account mentioned in the Event description was used to install the Trend TVCS Agent service. Due to our company security policy, however, passwords have to be changed every few weeks. Since the Trend TVCS Agents stores an encrypted version of the password in the registry, the next time this service tries to activate, it cannot and ultimately locks out the account (as can be verified in the Security Event Log on the server the TVCS Agent service is running on).
    As a conclusion, do not install services with accounts that have a password policy applied to them. The Trend TVCS Agent service had to be reinstalled using another, service specific account.

    Anonymous (Last update 6/30/2003):
    Windows 2000 Advanced Server with SP3 installed (German version). Event 1083 was logged like described at M296714. The cause of this was that we had some orphan DCs in the Domain Controler OU and the event mentioned above was logged after switching the AD to native mode.
    We removed the orphan entries but the event was still logged every three hours. We checked M285858, M306091 but they did not help. We also tried M296714. At this stage we could not see any duplicated entry.

    We then asked the customer to run the Microsoft Product Support's Customer Configuration Capture Tool report for the directory services. We reviewed the log file and we created this action plan for then customer:

    There is a problem with the "Admin" user account. Please find this account in your Domain and reset the password. Find out if some services are using this account and make sure they get changed to the new passsword. Check to see if you still have the issue. If the above does not work, the continue with:

    Move the account to another OU and run repadmin synall from command prompt. For example:

    c:\>repadmin /syncall <name of the DC partner>

    If it corrected the problem then move the user back to the original OU. If it doesn't correct the problem continue with:
    1. Start the LDP from a Run command on the DC that generated the event ID.
    2. From the connection menu select "Connect" then click ok to accept default setting.
    3. Again from the connection menu select "Bind" then click ok on the bind screen to accept default setting.
    4. From the View menu select "Tree" option to expand the view.
    5. From the left hand pane highlight the domain DN name. For example you will see dc=domainname, dc=com. Highlight dc=domainname, dc=com by clicking on it.
    6. From the Browse menu select Search option. In the search Base DN enter your domain dn name. For example: Base Dn: DC=domainname, DC=common the Filter option enter the object name to search. For example I am searching for an object name McVaugh that might be duplicate and as seen in the decription of
    the event log.
    Make sure to put the ( ) as seen below. Filter: (CN=McVaugh)
    7. On the Scope select "Subtree" option and click Run to start the search.
    8. Once the objects found and if there are duplicate objects with the same name decide on a good object then delete the other. An example of an object found: ***Searching...ldap_search_s(ld, "DC=domainname, DC=com", 2, "(CN=something)", attrList, 0, &msg)Result <0>: (null)Matched DNs: Getting 1 entries:>> Dn: CN=McVaugh, CN=Users, DC=domainname, DC=com1> canonicalName:; 1> cn: McVaugh; 1> distinguishedName: CN=McVaugh, CN=Users, DC=domainame, DC=com; 4> objectClass: top; person; organizationalPerson; user; 1> name: something;
    9. To delete the bad object do the following:
    From the main menu click on Browse then select "Delete".
    Enter the DN name of the object to be deleted.
    For example I am deleting object name something. DN: CN=something, CN=Users, DC=domainname, DC=com

    An example of object deleted message:ldap_delete_s(ld, "CN=something, CN=Users, DC=domainname, DC=com");Deleted "CN=something, CN=Users, DC=domainname, DC=com"-----------
    10. Close the LDP session.
    11. From the CMD prompt sync the active directory database with all the other domain controllers by runing the following command and make sure you are
    getting a message indicating that was successful.
    For example: c:\>repadmin /syncall <name of the DC partner>. You might want to check M244344.

    David Davis (Last update 6/30/2003):
    This error generally occurs when a duplicate connection object exists in Active Directory of the destination replication partner. Because this connection object is used to facilitate replication with the local domain controller, updates are impossible when replication does occur.

    The description of event ID 1083 contains:

    The distinguished name of the object causing the problem.
    The GUID-based DNS name of the replication partner. This name is composed of the GUID of the NTDS Settings object of the replication partner, followed by
    To resolve the problem, perform the following actions:

    Ping the GUID-based DNS name to get the IP address of the replication partner.
    Run Ldp.exe from Windows 2000 Support Tools, and then connect to this IP address by using the connect option from the Connection menu. Select the Bind option from the Connection menu, and then enter the credentials of an administrator account. Select the Search option from the Browse menu. In the Search dialog box, select the Subtree option. In the Base Dn option, enter the following information:
    The distinguished name of the domain to search for a user or a computer: dc=branches, dc=company, dc=com or the distinguished name of the configuration container to search for connection objects.

    Click Run. The right pane of the widow displays the different locations in which the object was found. Select the appropriate result from the list. Delete the other returned options by using the Delete option of the Browse menu. Enter the distinguished name of the object to delete:
    CN=DC2, CN=Servers, CN=Bad-Site, CN=Sites, CN=Configuration, DC=corp, DC=hay-buv, DC=com

    Ensure that the object has been properly deleted in the right pane of the Ldp.exe window.
    If no duplicate exists, move the object to a different site or organizational unit. Document this for future reference in case the object needs to be moved again at a later date. Synchronize the configuration and domain naming contexts by typing the following commands at the command prompt:

    repadmin /sync CN=Configuration, DC=corp, DC=hay-buv, DC=com
    %computername% <rep_partner_GUID>
    repadmin /sync DC=branches, DC=corp, DC=hay-buv, DC=com
    %computername% <rep_partner_GUID>
    If replication completes successfully, the event log should not show any new instances of event ID 1083.

    If necessary, move the object back to its original location, and then resynchronize the configuration and domain naming contexts by using the commands above.

    Kmex (Last update 6/5/2003):
    This issue may occur if a duplicate object is present in Active Directory for the replication partner of the local domain controller. When the local domain controller receives the replication updates that contain duplicate objects from its replication partner, the local domain controller cannot perform the updates on those objects, and therefore it logs a warning in the Directory Service event log. See M285858 and M296714.

    Jason S. Rundle (Last update 5/16/2003):
    See Microsoft Knowledge Base Article - M306091.

    Anonymous (Last update 4/15/2003):
    This error was being written a few times in my Event Log until I noticed the user was locked out. Unlocking the account solved the replication problem and caused the errors to go away.
    Last edited by jasonboche; 28th April 2007, 12:54.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.


    • #3
      Re: NTDS Replication logged 1083 and 1955 events

      Here is the ldpsearch result:

      ldap_search_s(ld, "DC=abc,DC=fam", 2, "CN=GMSI-DC02", attrList, 0, &msg)
      Result <0>: (null)
      Matched DNs:
      Getting 2 entries:
      >> Dn: CN=GMSI-DC02,OU=Domain Controllers,DC=abc,DC=fam
      5> objectClass: top; person; organizationalPerson; user; computer;
      1> cn: GMSI-DC02;
      1> distinguishedName: CN=GMSI-DC02,OU=Domain Controllers,DC=abc,DC=fam;
      1> name: GMSI-DC02;
      1> canonicalName: abc.fam/Domain Controllers/GMSI-DC02;
      >> Dn: CN=GMSI-DC02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=abc,DC=fam
      2> objectClass: top; nTFRSMember;
      1> cn: GMSI-DC02;
      1> distinguishedName: CN=GMSI-DC02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=abc,DC=fam;
      1> name: GMSI-DC02;
      1> canonicalName: abc.fam/System/File Replication Service/Domain System Volume (SYSVOL share)/GMSI-DC02;

      It's not a duplicate object right? Then the next steps is to move the replication partner to other site/OU before execute repadmin, means move GMSI-DC02 from Domain Controller OU to other OU right? If yes, then there is any issue with it?Especially with the GPO settting in the destination OU.

      Please advice.