BMI-IT
asked on
Domain controllers messages
I have 2 Domain controllers (main and backup) the servers are only tasked with DNS, DHCP and AD. Started seeing the following messages in the applications log.
lsass (544) A database location change was detected from 'C:\Windows\NTDS\ntds.dit' to '\\?\GLOBALROOT\Device\Har ddiskVolum eShadowCop y97\Window s\NTDS\ntd s.dit'.
lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\Hard diskVolume ShadowCopy 97\Windows \NTDS\edb0 00EF.log.
lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\Hard diskVolume ShadowCopy 97\Windows \NTDS\edb. log.
lsass (544) The database engine has successfully completed recovery steps.
these are not reported as errors but as information events.. I'm just concerned why I'm seeing this?
Can someone explain why this is happening?
lsass (544) A database location change was detected from 'C:\Windows\NTDS\ntds.dit'
lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\Hard
lsass (544) The database engine has begun replaying logfile \\?\GLOBALROOT\Device\Hard
lsass (544) The database engine has successfully completed recovery steps.
these are not reported as errors but as information events.. I'm just concerned why I'm seeing this?
Can someone explain why this is happening?
Did you just recently add a domain controller? Has anything else changed in the environment such as adding printers, expanding to a new site, adding new VLANs or new network segments for which Active Directory is aware?
ASKER
nope nothing new, we do have printers added for the main DC for shared access but that's it.
and have you examined those logs it references?
edb are transaction logs
see
http://www.informit.com/articles/article.aspx?p=101405&seqNum=10
edb are transaction logs
see
http://www.informit.com/articles/article.aspx?p=101405&seqNum=10
ASKER
No i was first checking to see if its a matter for concern or the possible cause for the log rewrites I will look the logs
Do you see any replication errors or other anomolies in the Directory Services logs?
ASKER
In the Directory Services log i see this warning once a day
Event ID 2887
During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection
This directory server is not currently configured to reject such binds. The security of this directory server can be significantly enhanced by configuring the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
Summary information on the number of these binds received within the past 24 hours is below.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Number of simple binds performed without SSL/TLS: 0
Number of Negotiate/Kerberos/NTLM/Di gest binds performed without signing: 529
Event ID 2887
During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection
This directory server is not currently configured to reject such binds. The security of this directory server can be significantly enhanced by configuring the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
Summary information on the number of these binds received within the past 24 hours is below.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Number of simple binds performed without SSL/TLS: 0
Number of Negotiate/Kerberos/NTLM/Di
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thats ok.. then, but im still left wondering about these log replay mesages