Re: Active directory problem

From: Zuhaib (anonymous_at_discussions.microsoft.com)
Date: 03/05/04 

Date: Fri, 5 Mar 2004 00:09:24 -0800

The root domain controller is taking much longer time to
reboot. The event log on root domain controller is showing
messages as shown at the last of this message. The
additional domain controller is working fine... means the
event log is clear (no error messages). Since Active
directory on root Domain controller is curropt as shown by
the messages below, so there is no replication going on to
the additional domain controller.

There are no power outages.

Only AD is becoming corrupt, all other parts of OS and
file system are fine.

Service pack 4 is installed on the server.

I am using Quick Heal Antivirus software on both root and
additional domain controller.

To recover from corrupt DC, I restore system state. After
restoring system state the DC works fine for one to three
days and then AD become corrupt again.

>-----Original Message-----
>During the 3-6 days, what is happening with the servers?
Are they being
>rebooted? Unexpected power outages? Are other parts of
the OS also
>becomming corrupt or just AD?
>
>What SP and patch level are you at?
>
>What antivirus software are you using?
>
>How are you recovering them? Is it possible that one
corrupt DC is
>replication to the others, and thereby spreading the
problem?
>
>Zuhaib wrote:
>>
>> Please.......
>> I will highly appreciate if someone can give expert
>> opinion on below.
>>
>> I will be gratefull.
>>
>> ----------------
>>
>> Hi,
>> I have installed active directory on many servers and on
>> each server, about after 3 to 6 days, active directory
>> becomes curropt. Below are the messages that are
displayed
>> in event log. Please advise.
>> Note: I have not integrated DNS with active directory,
>> also it is significant to note that the additional
domain
>> controller is working fine and the above problem is
>> occurring on root domain controllers.
>>
>> Thanx
>>
>> ---------------------------------------------------
>>
>> vent Type: Error
>> Event Source: NTDS ISAM
>> Event Category: Database Page Cache
>> Event ID: 404
>> Date: 3/3/2004
>> Time: 8:07:27 AM
>> User: N/A
>> Computer: APPSRV07
>> Description:
>> NTDS (264) Synchronous read page checksum error -1018
>> ((1:483 1:483) (0-145738) (0-209745)) occurred. Please
>> restore the databases from a previous backup.
>>
>> -------------------------------------------------------- 

---
>> 
>> Event Type:     Error
>> Event Source:   NTDS ISAM
>> Event Category: Online Defragmentation
>> Event ID:       705
>> Date:           3/3/2004
>> Time:           8:07:27 AM
>> User:           N/A
>> Computer:       APPSRV07
>> Description:
>> NTDS (264) Online defragmentation of
>> database 'C:\WINNT\NTDS\ntds.dit' terminated prematurely
>> after encountering unexpected error -1018. The next time
>> online defragmentation is started on this database, it
>> will resume from the point of interruption.
>> 
>> --------------------------------------------------------
---
>> 
>> Event Type:     Error
>> Event Source:   NTDS General
>> Event Category: (18)
>> Event ID:       1126
>> Date:           3/3/2004
>> Time:           8:07:42 AM
>> User:           Everyone
>> Computer:       APPSRV07
>> Description:
>> Unable to establish connection with global catalog.
>> 
>> --------------------------------------------------------
---
>> 
>> Event Type:     Information
>> Event Source:   NTDS KCC
>> Event Category: (1)
>> Event ID:       1308
>> Date:           3/3/2004
>> Time:           9:42:40 AM
>> User:           N/A
>> Computer:       APPSRV07
>> Description:
>> The Directory Service consistency checker has noticed 
that
>> 2 successive replication attempts with CN=NTDS
>> Settings,CN=APPSRV04,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=pndy,DC=mil have 
failed
>> over a period of 63269 minutes.  The connection object 
for
>> this server will be kept in place, and new temporary
>> connections will established to ensure that replication
>> continues. The Directory Service will continue to retry
>> replication with CN=NTDS
>> Settings,CN=APPSRV04,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=pndy,DC=mil; once
>> successful the temporary connection will be removed.
>> 
>> --------------------------------------------------------
---
>> 
>> File replicaiton service Log
>> 
>> Event Type:     Warning
>> Event Source:   NtFrs
>> Event Category: None
>> Event ID:       13508
>> Date:           3/3/2004
>> Time:           9:41:13 AM
>> User:           N/A
>> Computer:       APPSRV07
>> Description:
>> The File Replication Service is having trouble enabling
>> replication from APPSRV04 to APPSRV07 for
>> c:\winnt\sysvol\domain using the DNS name
>> appsrv04.pndy.mil. FRS will keep retrying.
>>  Following are some of the reasons you would see this
>> warning.
>> 
>>  [1] FRS can not correctly resolve the DNS name
>> appsrv04.pndy.mil from this computer.
>>  [2] FRS is not running on appsrv04.pndy.mil.
>>  [3] The topology information in the Active Directory 
for
>> this replica has not yet replicated to all the Domain
>> Controllers.
>> 
>>  This event log message will appear once per connection,
>> After the problem is fixed you will see another event 
log
>> message indicating that the connection has been
>> established.
>> Data:
>> 0000: 00 00 00 00               ....
>> 
>> --------------------------------------------------------
---
>> 
>> System Log
>> 
>> Event Type:     Error
>> Event Source:   SAM
>> Event Category: None
>> Event ID:       16650
>> Date:           3/3/2004
>> Time:           9:46:39 AM
>> User:           N/A
>> Computer:       APPSRV07
>> Description:
>> The account-identifier allocator failed to initialize
>> properly.  The record data contains the NT error code 
that
>> caused the failure.  Windows 2000 will retry the
>> initialization until it succeeds; until that time, 
account
>> creation will be denied on this Domain Controller.  
Please
>> look for other SAM event logs that may indicate the 
exact
>> reason for the failure.
>> Data:
>> 0000: a7 02 00 c0               §..À
>.
>

Relevant Pages

  • Re: multiple errors in Active Directory
    ... The File Replication Service is having trouble enabling replication from ... FRS will keep retrying. ... This event log message will appear once per connection, ... Source domain controller address: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Two accounts getting locked out
    ... I am seeing some event ID 1083's in the event log which says the foillowing. ... During Active Directory replication, you may receive the following warning ... 214678 How to modify the default intra-site domain controller replication ... >>> Accelerated MCSE ...
    (microsoft.public.win2000.networking)
  • Re: Active directory problem
    ... running on both Aditional domain controller server and the ... that 2 successive replication attempts with CN=NTDS ... successful the temporary connection will be removed. ... The event log on root domain controller is ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication of password resets/unlocks
    ... First off, I know it isn't your fault, but the name urgent replication implies something that it isn't guaranteed to be. ... So if you hit a bridgehead that is backed up with inbound replication requests, even though the request was urgently queued, it can take awhile for that information to get into the bridgehead and then replicated back out. ... Urgent replication is implemented immediately by using RPC/IP to notify replication partners that changes have occurred on a source domain controller. ... In Active Directory domains, a single domain controller in each domain holds the role of PDC emulator, which simulates the behavior of a Windows NT version 3.x-based or Windows NT 4.0-based PDC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Thoroughly confused SBS 2003 Server
    ... fact I first had SBS running on the box that now has the Server Enterprise ... A year ago or moe I put up the second server and made it a domain controller ... The replication generated an error: ...
    (microsoft.public.windows.server.sbs)