Active Directory Errors

leporej092170 used Ask the Experts™
Need assistance please with the following errors that keep logging on a Domain Controller running Windows Server 2003, Standard Edition (no service packs installed). There is 2 Gig of RAM on the server and at present, only 460 Meg of Ram is in use. There is 28 Gig of Free Space on the Hard Drive. Thank you.

1st Error:

Active Directory could not allocate the needed amount of memory.
Memory (bytes):
Active Directory will continue to operate, but may not function correctly.
User Action
Restart this domain controller. If this condition continues, increase the available physical or virtual memory.
Additional Data
Internal ID:

For more information, see Help and Support Center at

2nd Error:

Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information.
Network address:
This operation will be tried again later.

For more information, see Help and Support Center at

3rd Error:

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
Domain controller:
CN=NTDS Settings,CN=POSDC2,CN=Servers,CN=POS-network,CN=Sites,CN=Configuration,DC=msgpos,DC=com
Period of time (minutes):
The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.

For more information, see Help and Support Center at
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

try increasing size of paging file, demote the dc, and repromote it using dcpromo

Don't demote it if this is the only DC ;-]
You have this listed in the VPN category, is there another DC connect via VPN?

er, connected that is, DOH.

Please tell us more about your network setup and why you put this in the VPN category.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!


What do you mean by the phrase "why you put this in the VPN category?"

The server is a Windows 2003 Server running as a Domian Controller.

Thank you.

Zones for this question: AD and VPN

Are there other DC's?


Yes, the DC with the errors is one of two DC's in the Forest. It's actually DC1, there is also a DC2.

OK try setting each DC to use the other as primary DNS and themself as secondary.  Then restart the NTFRS service and see what errors you may see in the FRS log.

If that doesn't work please run NETDIAG (from the 2K3 support tools) on both machines and post output here.
Still working on this, thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial