Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS General|
Replication warning: Couldn't allocate memory. Replication may be affected until more memory is available. Increase the amount of Virtual memory available. Stop and restart this Windows Domain Controller and try again.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is NTDS and what are the roles of its components?
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode. Otherwise, investigate further.
In one case, on Windows 2000 Server SP4 this occurred on a domain that was created by restoring an image of a domain controller and then promoting two other domain controllers with DCPROMO. It was found that AD replication was not working. It is believed that the original image may have contained Active Directory objects that were older than the tombstone lifetime interval or some other corruption. This event appeared every few seconds after Event ID 1411, Source NTDS Replication. It was fixed by using DCPROMO to demote/re-promote one domain controller at a time and seizing the FSMO roles.
Peter Van Gils
I saw this error on a server that used to be a DC. Apparently, the demotion didn't run correctly. This event was mentioned about 5 times, after EventID 1014 from source NTDS KCC. The errors only occurred once, right after or during the demotion. They don't seem to cause any problems through, so I guess it's safe to ignore them in this case. The Event Viewer will still display the Directory Service logs, although this isn't a DC anymore.
The Win2000 DC was unable to replicate with other DCs. The event was recorded after Netlogon service failure on the specific DC. The problem is unlikely to be caused by memory shortage, check for other problems.
Verify the size and use of the Paging File. The rule of thumb for it size is the amount of RAM + 11 MB.
In my case, this is occured when a Win2k DC Bridghead server had many replication partners and one of these had been down for a long period of time. Replication transactions got backed up (increasing the Virtual memory provided a temp storage area for these transactions) and allowed other replication events/transactions to continue.
|Private comment: Subscribers only. See example of private comment|
|Links: EventID 1014 from source NTDS KCC, EventID 1411 from source NTDS Replication|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated