?
Solved

Windows 2003 PDC NTDS SDPROP id 2008 errors

Posted on 2005-03-29
9
Medium Priority
?
1,012 Views
Last Modified: 2010-07-07
Hi,
I am getting these two event log errors below.  I had two windows 2000 domain controllers and a windows 2000 member server running windows 2003.
I upgraded the PDC to Windows 2003 first.  Event log errors were ok.  Then I installed a new member server with windows 2003 and exchange 2003, migrated all email and public folders over to the new exchange server.  I turned off the old exchange server (haven't removed it from the site yet, though it is not getting public folders replicated to it).

I am getting these errors every 30 minutes.  Any idea how to get rid of them?  I looked at q318774 but don't see how it applies.

Any ideas?
I was having a w32 time error, but fixed it by synching NTP to an external time source (opening the firewall on UDP 123).

I'm also having a problem emailing to AOL, but that may be a reverse DNS issue as we are an SBC DSL account.  I'm not quite sure of that yet.

This post is for the NTDS replication problem though.  Any help would rock!

____________________________________________
Directory Service Event Log: Event ID: 2008  Source:NTDS SDPROP Category: (9)

Internal error: The security descriptor propagation task encountered an error while processing the following object. The propagation of security descriptors may not be possible until the problem is corrected.
 
Object:
CN=Schema 14989520,CN=Microsoft Exchange System Objects,DC=domain,DC=local
 
Additional Data
Error value:
-1112 []
Internal ID:
2080495

___________________________________________
Event ID: 2008  Source:NTDS SDPROP Category: (9)

Internal error: The security descriptor propagation task encountered an error while processing the following object. The propagation of security descriptors may not be possible until the problem is corrected.
 
Object:
CN=microsoft 14285877,CN=Microsoft Exchange System Objects,DC=vanguardsf,DC=local
 
Additional Data
Error value:
-1112 []
Internal ID:
2080495

0
Comment
Question by:fitzpab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13651568
Did you run forest prep and domain prep for both Windows 2003 and Exchange 2003? If not, then do so, waiting at least 30 minutes between each stage.

Simon.
0
 
LVL 1

Author Comment

by:fitzpab
ID: 13654386
Running forest prep and domain prep were the first things I did....that was over a month ago too (didn't put that in the original post).   These are production servers, so I don't think I should run these again.... or is that a normal troubleshooting step?

I did have to rebuild the exchange server a few weeks ago after a HD crash...the errors started happening then (also forgot to put in original post).
0
 
LVL 1

Author Comment

by:fitzpab
ID: 13654391
Also, email and file access is working (OWA over SSL, OUTLOOK over RPC) is all working ok.  I have a 10GB message store.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 104

Expert Comment

by:Sembee
ID: 13654842
Forest prep and domain prep can be run again in production hours on production servers. It doesn't change anything, but can correct various errors. I use it as a good first step.

The reason I suggested that was this is a security propagation error. If the Exchange servers aren't members of the correct groups then this error can be generated.

Simon.
0
 
LVL 1

Author Comment

by:fitzpab
ID: 13657134
OK, I'll give it a try and let you know
0
 
LVL 1

Author Comment

by:fitzpab
ID: 14358671
I ended up using ADSI Edit and deleting some bad entries.  Fixed problem.  Also time server fixes.
0
 

Accepted Solution

by:
PAQ_Man earned 0 total points
ID: 14392372
Question Closed, 500 points refunded.
PAQ_Man
Community Support Moderator
0
 

Expert Comment

by:bittyjos
ID: 33151434
I ran Forest Prep and Domain Prep in Exchange server but still error is coming.....


And please advice what to be done in ADSI edit????
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question