Event ID 509 NTDS ISAM
Posted on 2014-12-01
I have a server 2012r2 box which runs as a VM on Dell PowerEdge hardware. Most days I get at least one entry saying the following in the logs:
Critical Errors in Event Logs in Last 24 Hours
NTDS ISAM Event ID: 509
NTDS (668) NTDSA: A request to read from the file "C:\Windows\NTDS\ntds.dit" at offset 15065088 (0x0000000000e5e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (21 seconds) to be serviced by the OS. In addition, 4 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 14920 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Last occurrence: 30 November 2014 10:55:11 Total occurrences: 1
Obviously this is quite alarming as you think that you may have disk faults developing. The first time this came up I ran a disk check on the physical host server that this VM runs in and it found no faults on the server's hard disks?
I have looked into other reports of this on the web and can't see that any of the issues of this type relate to my hardware configuration (most seem to have occurred on Server 2008 and relate to hardware issues).
Is this one of those errors that just gets reported randomly and can be ignored or is there something else more serious going on?
I did wonder if it was only occurring when the server backup was going on, but that is not the case as some times the errors occur before or after the backup window?
Any help appreciated.