Announcement

Collapse
No announcement yet.

NTDS Replication issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTDS Replication issue

    Hi, we got these errors and warning messages logged in our DCs (both):

    Event Type: Error
    Event Source: SAM
    Event Category: None
    Event ID: 12294
    Date: 3/5/2008
    Time: 4:14:59 PM
    User: GMSI\Administrator
    Computer: GMSI-DC02
    Description:
    The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: a5 02 00 c0 ..


    And found NTDS Replication warning messages logged in the system as well (frequently):

    Event Type: Warning
    Event Source: NTDS Replication
    Event Category: Replication
    Event ID: 1083
    Date: 3/5/2008
    Time: 4:45:00 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: GMSI-DC02
    Description:
    Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information.

    Object:
    CN=Administrator,CN=Users,DC=globalmediasvc,DC=fam
    Network address:
    10236a1d-95c4-4e33-9c5c-fd2534e12760._msdcs.globalmediasvc.fam

    This operation will be tried again later.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Followed by:

    Event Type: Information
    Event Source: NTDS Replication
    Event Category: Replication
    Event ID: 1955
    Date: 3/5/2008
    Time: 4:45:00 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: GMSI-DC02
    Description:
    Active Directory encountered a write conflict when applying replicated changes to the following object.

    Object:
    CN=Administrator,CN=Users,DC=globalmediasvc,DC=fam
    Time in seconds:
    0

    Event log entries preceding this entry will indicate whether or not the update was accepted.

    A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring.

    User Action
    Use smaller groups for this operation or raise the functional level to Windows Server 2003.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    We've 2 DCs, single domain, no child domain and both of them are DNS Server and GC running Windows 2003 R2 Standard Server SP2, Forest Functionality Level is 2003.
    I've trying to follows this article: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7926 but the issue still not resolved yet.
    No duplicate object has been found (LDP tool returned 1 object when searching for the computer name of the GUID base DNS name mentioned in the warning message.

    ***Searching...
    ldap_search_s(ld, "CN=Configuration,DC=globalmediasvc,DC=fam", 2, "CN=GMSI-DC01", attrList, 0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=GMSI-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=globalmediasvc,D C=fam
    2> objectClass: top; server;
    1> cn: GMSI-DC01;
    1> distinguishedName: CN=GMSI-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=globalmediasvc,D C=fam;
    1> name: GMSI-DC01;
    1> canonicalName: globalmediasvc.fam/Configuration/Sites/Default-First-Site-Name/Servers/GMSI-DC01;
    -----------

    and then continue the next step (following the article), when I moved the replication partner from Default-First-Site-Name to a new created site the issue seems to be resolved but when moved it back then those errors starting again.
    Please advice.


    Regards,


    Acung
    Last edited by lzd212; 12th March 2008, 04:12.

  • #2
    Re: NTDS Replication issue

    This is not a replication issue. The Administrator account cannot be locked out. You need to find the source of the failed login attemps on your Administrator account.

    Comment


    • #3
      Re: NTDS Replication issue

      Hi,

      This event is usually logged when any attibute is changed on two sites and local changes wins against the remote one.........

      http://support.microsoft.com/kb/306091

      But if this event is very frequent then there are possiblities of any attack also.

      Regards,
      Kapil Sharma
      ~~~~~~~~~~~~~
      Life is too short, Enjoy It.

      Comment


      • #4
        Re: NTDS Replication issue

        Hi, it's resolved by rename domain Administrator account. It's been 4 days since I've renamed it and those warning/error message stopped already. Thank you everyone....

        Best regards,

        Acung

        Comment

        Working...
        X