Link to home
Start Free TrialLog in
Avatar of BMI-IT
BMI-IT

asked on

Domain controllers messages

I have 2 Domain controllers (main and backup) the servers are only tasked with DNS, DHCP and AD. Started seeing the following messages in the applications log.

lsass (544) A database location change was detected from 'C:\Windows\NTDS\ntds.dit' to '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy97\Windows\NTDS\ntds.dit'.

lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy97\Windows\NTDS\edb000EF.log.

lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy97\Windows\NTDS\edb.log.

lsass (544) The database engine has successfully completed recovery steps.

these are not reported as errors but as information events.. I'm just concerned why I'm seeing this?

Can someone explain why this is happening?

Avatar of Darrell Porter
Darrell Porter
Flag of United States of America image

Did you just recently add a domain controller?  Has anything else changed in the environment such as adding printers, expanding to a new site, adding new VLANs or new network segments for which Active Directory is aware?
Avatar of BMI-IT
BMI-IT

ASKER

nope nothing new, we do have printers added for the main DC for shared access but that's it.
and have you examined those logs it references?

edb are transaction logs

see
http://www.informit.com/articles/article.aspx?p=101405&seqNum=10
Avatar of BMI-IT

ASKER

No i was first checking to see if its a matter for concern or the possible cause for the log rewrites I will look the logs
Do you see any replication errors or other anomolies in the Directory Services logs?
Avatar of BMI-IT

ASKER

In the Directory Services log i see this warning once a day

Event ID 2887

During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection
 
This directory server is not currently configured to reject such binds.  The security of this directory server can be significantly enhanced by configuring the server to reject such binds.  For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
 
Summary information on the number of these binds received within the past 24 hours is below.
 
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
 
Number of simple binds performed without SSL/TLS: 0
Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 529
ASKER CERTIFIED SOLUTION
Avatar of DarinTCH
DarinTCH
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BMI-IT

ASKER

Ok thats ok.. then, but im still left wondering about these log replay mesages