Announcement

Collapse
No announcement yet.

NTDS Replication problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTDS Replication problem

    Hi, folks

    This morning both our domain controllers (win2k3 and win2k logged events 1083 and 1955 in the Directory Service log (580 events logged on each):

    Code:
    Win2k3:
    Event Type:	Information
    Event Source:	NTDS Replication
    Event Category:	Replication 
    Event ID:	1955
    Date:		27/10/2010
    Time:		12:28:46
    User:		NT AUTHORITY\ANONYMOUS LOGON
    Computer:	TITAN
    Description:
    Active Directory encountered a write conflict when applying replicated changes to the following object. 
     
    Object: 
    CN=Administrator,CN=Users,DC=htlincs,DC=local 
    Time in seconds: 
    0  
     
    Event log entries preceding this entry will indicate whether or not the update was accepted. 
     
    A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring. 
     
    User Action 
    Use smaller groups for this operation or raise the functional level to Windows Server 2003.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    
    =============================
    
    Event Type:	Warning
    Event Source:	NTDS Replication
    Event Category:	Replication 
    Event ID:	1083
    Date:		27/10/2010
    Time:		12:28:46
    User:		NT AUTHORITY\ANONYMOUS LOGON
    Computer:	TITAN
    Description:
    Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information. 
     
    Object:
    CN=Administrator,CN=Users,DC=htlincs,DC=local 
    Network address:
    038232b3-e982-4fe4-8e1e-a48be74457b7._msdcs.htlincs.local 
     
    This operation will be tried again later.
    
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    
    
    +++++++++++++++++++++++++++++++++++
    
    Win2k8:
    
    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          27/10/2010 09:20:04
    Event ID:      1083
    Task Category: Replication
    Level:         Warning
    Keywords:      Classic
    User:          ANONYMOUS LOGON
    Computer:      Phobos.htlincs.local
    Description:
    Active Directory Domain Services could not update the following object with changes received from the directory service at the following network address because Active Directory Domain Services was busy processing information. 
     
    Object:
    CN=Administrator,CN=Users,DC=htlincs,DC=local 
    Network address:
    813eae71-dfe2-47ea-a885-fe877389f869._msdcs.htlincs.local 
     
    This operation will be tried again later.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
        <EventID Qualifiers="32768">1083</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>5</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2010-10-27T08:20:04.226Z" />
        <EventRecordID>2805</EventRecordID>
        <Correlation />
        <Execution ProcessID="584" ThreadID="2040" />
        <Channel>Directory Service</Channel>
        <Computer>Phobos.htlincs.local</Computer>
        <Security UserID="S-1-5-7" />
      </System>
      <EventData>
        <Data>CN=Administrator,CN=Users,DC=htlincs,DC=local</Data>
        <Data>813eae71-dfe2-47ea-a885-fe877389f869._msdcs.htlincs.local</Data>
      </EventData>
    </Event>
    
    =================================
    
    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          27/10/2010 09:19:34
    Event ID:      1955
    Task Category: Replication
    Level:         Information
    Keywords:      Classic
    User:          ANONYMOUS LOGON
    Computer:      Phobos.htlincs.local
    Description:
    Active Directory Domain Services encountered a write conflict when applying replicated changes to the following object. 
     
    Object: 
    CN=Administrator,CN=Users,DC=htlincs,DC=local 
    Time in seconds: 
    0 
     
    Event log entries preceding this entry will indicate whether or not the update was accepted. 
     
    A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring. 
     
    User Action 
    Use smaller groups for this operation or raise the functional level to Windows Server 2003.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
        <EventID Qualifiers="16384">1955</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>5</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2010-10-27T08:19:34.311Z" />
        <EventRecordID>2804</EventRecordID>
        <Correlation />
        <Execution ProcessID="584" ThreadID="2040" />
        <Channel>Directory Service</Channel>
        <Computer>Phobos.htlincs.local</Computer>
        <Security UserID="S-1-5-7" />
      </System>
      <EventData>
        <Data>CN=Administrator,CN=Users,DC=htlincs,DC=local</Data>
        <Data>0</Data>
      </EventData>
    </Event>
    I've searched online for an explanation of what may cause this and have discovered that a child domain that has not been properly removed can be responsible (we've never had a child domain), or that a duplicate object exists. The object referenced is the administrator account for the domain. I have run LDP on both servers and searched for (CN=administrator) and only one instance of the account was found during each search. Another cause seems to be an incorrect password (the administrator account password is never changed), or a locked-out account, which cannot happen with the administrator account (AFAIK).

    As far as I can see, there are no warning/error events in any of the other logs that precede this.

    Does anyone have an idea what may have caused this, please?

    Our network:
    Two DC's Win2k8 holds all FSMO roles, DNS and WINS. Win2k3 holds DNS, DHCP and WINS. Domain and forest functional level is Win2003. Single AD site, single 192.168.0.xx subnet.

    Thanks!
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: NTDS Replication problem

    Hi,

    is there any operational funtional issues due to this error or you
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: NTDS Replication problem

      Hi, v-2nas

      Thanks for replying.

      No, everything works fine. AD works fine. The administrator account is used to authenticate several independent backup tasks (that all run outside of office hours), that all run fine.

      I cannot find anything wrong. The events were logged yesterday morning over a three hour period. The interval between events ranged from two to fifteen minutes. They began 1.5 hours after staff arrived for work.

      I have seen these errors before but only one or two at a time so I thought I could safely ignore them.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: NTDS Replication problem

        Hi,

        You can ignore these messages if the reports are clean. Based on the events it appears simulatenous update to the object was made.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: NTDS Replication problem

          Thanks again for replying.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Re: NTDS Replication problem

            This could be just a "normal" conflict generated when an AD object is changed simultaneously on two domain controllers, however, what are the odds of that object being the administrator account? As far as you know, was the administrator account changed in any way in that time period?

            Comment


            • #7
              Re: NTDS Replication problem

              Hi, AdiGri

              Thanks for your response.

              The last change that occurred to the administrator account was about three weeks ago when I added it to a security group.

              No changes since then.
              A recent poll suggests that 6 out of 7 dwarfs are not happy

              Comment

              Working...
              X