?
Solved

Replication errors EventID 2089 and failed kcc event after running DCDiag

Posted on 2008-11-17
4
Medium Priority
?
5,748 Views
Last Modified: 2012-05-05
I ran DcDiag after rebooting a Domain Controller i could not logon to. Here is the output


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Lucan-Campus\BENDC1
      Starting test: Connectivity
         ......................... BENDC1 passed test Connectivity

Doing primary tests
   
   Testing server: Lucan-Campus\BENDC1
      Starting test: Replications
         ......................... BENDC1 passed test Replications
      Starting test: NCSecDesc
         ......................... BENDC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... BENDC1 passed test NetLogons
      Starting test: Advertising
         ......................... BENDC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... BENDC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... BENDC1 passed test RidManager
      Starting test: MachineAccount
         ......................... BENDC1 passed test MachineAccount
      Starting test: Services
         ......................... BENDC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... BENDC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... BENDC1 passed test frssysvol
      Starting test: frsevent
         ......................... BENDC1 passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   11:52:44
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   11:52:44
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   11:52:44
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   11:52:44
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   11:52:44
            (Event String could not be retrieved)
         ......................... BENDC1 failed test kccevent
      Starting test: systemlog
         ......................... BENDC1 passed test systemlog
      Starting test: VerifyReferences
         ......................... BENDC1 passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : benrad
      Starting test: CrossRefValidation
         ......................... benrad passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... benrad passed test CheckSDRefDom
   
   Running enterprise tests on : benrad.local
      Starting test: Intersite
         ......................... benrad.local passed test Intersite
      Starting test: FsmoCheck
         ......................... benrad.local passed test FsmoCheck


Everything passes Ok except kccevent

in event vwr i get the following
-------------------------------------------------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Backup
Event ID:      2089
Date:            18/11/2008
Time:            11:52:44 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      BENDC1
Description:
This directory partition has not been backed up since at least the following number of days.
 
Directory partition:
CN=Configuration,DC=benrad,DC=local
 
'Backup latency interval' (days):
30
 
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
 
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
 
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------------------------------------------------------------------------------------------------------

there are 5 of these errors corresponding with the output of DCDiag.


Can anyone provide any troubleshooting ideas to locate and fix the cause of this issue.

The logon issue was caused by a VM Backup of the domain controllers, i have not found out what happened but i had multiple errors on the DC relating to KDC and DNS etc until it was rebooted.

0
Comment
Question by:PACSAdmin
  • 2
3 Comments
 
LVL 6

Author Comment

by:PACSAdmin
ID: 22981309
Extra information that may be related

Errors in eventvwr at time backups started
----------------------------------------------------------------------------
Event Type:      Error
Event Source:      NTDS ISAM
Event Category:      General
Event ID:      482
Date:            18/11/2008
Time:            12:02:17 AM
User:            N/A
Computer:      BENDC1
Description:
NTDS (560) NTDSA: An attempt to write to the file "C:\WINDOWS\NTDS\edb.log" at offset 4812288 (0x0000000000496e00) for 512 (0x00000200) bytes failed after 0 seconds with system error 1784 (0x000006f8): "The supplied user buffer is not valid for the requested operation. ".  The write operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------------------------------------------------------
Event Type:      Error
Event Source:      NTDS ISAM
Event Category:      Logging/Recovery
Event ID:      417
Date:            18/11/2008
Time:            12:02:17 AM
User:            N/A
Computer:      BENDC1
Description:
NTDS (560) NTDSA: Unable to write to section 3 while flushing logfile C:\WINDOWS\NTDS\edb.log. Error -1011 (0xfffffc0d).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Event Type:      Error
Event Source:      NTDS ISAM
Event Category:      Logging/Recovery
Event ID:      492
Date:            18/11/2008
Time:            12:02:17 AM
User:            N/A
Computer:      BENDC1
Description:
NTDS (560) NTDSA: The logfile sequence in "C:\WINDOWS\NTDS\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
Event Type:      Error
Event Source:      NTDS ISAM
Event Category:      Logging/Recovery
Event ID:      471
Date:            18/11/2008
Time:            12:02:17 AM
User:            N/A
Computer:      BENDC1
Description:
NTDS (560) NTDSA: Unable to rollback operation #29937 on database C:\WINDOWS\NTDS\ntds.dit. Error: -510. All future database updates will be rejected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------------------------------------------------------------------------------------------------------

0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 22988431
Is there a space problem on the system partition of this server? It looks as though the log files for the NTDS database have been lost or corrupted in some way.

What else is running on this server? Do you have other DCs locally at this site? Is the server operating normally at this point, or is it unable to replicate with the other DCs?

I might be tempted at this point to wipe AD off this computer through dcpromo and then re-promote it after replication has completed to your other DCs.  If it can demote gracefully, that might be a quicker and better solution than trying to figure out how this server's database got corrupted and how to fix it.
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 22989267
Things seemed to have settled down now. What seems to have happened is during a VCB Backup something went haywire and as a result DC1 which is the global catalog stopped authenticating, replicating etc. I was unable to logon to this server (even locally) so i had to do an ungracefull reboot. It took about 4 hours for everything to settle down after the reboot. I am no longer getting any errors in eventvwr and DCDIAG passes all tests. I have tested replication is working so i am a bit perplexed as to why the VM Backup killed this server when all it does is snapshot the DC's, mounts the snapshots to a network share that is backed up and then the snapshot is deleted.

As a side note what is the best way to confirm that the ntds.dit file is not corrupted.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question