Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1079 Source: NTDSGeneral

Replication warning: Couldn't allocate memory. Replication may be affected until more memory is available. Increase the amount of Virtual memory available. Stop and restart this Windows Domain Controller and try again.
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode. Otherwise, investigate further.

In one case, on Windows 2000 Server SP4 this occurred on a domain that was created by restoring an image of a domain controller and then promoting two other domain controllers with DCPROMO. It was found that AD replication was not working. It is believed that the original image may have contained Active Directory objects that were older than the tombstone lifetime interval or some other corruption. This event appeared every few seconds after Event ID 1411, Source NTDS Replication. It was fixed by using DCPROMO to demote/re-promote one domain controller at a time and seizing the FSMO roles.
I saw this error on a server that used to be a DC. Apparently, the demotion didn't run correctly. This event was mentioned about 5 times, after EventID 1014 from source NTDS KCC. The errors only occurred once, right after or during the demotion. They don't seem to cause any problems through, so I guess it's safe to ignore them in this case. The Event Viewer will still display the Directory Service logs, although this isn't a DC anymore.
The Win2000 DC was unable to replicate with other DCs. The event was recorded after Netlogon service failure on the specific DC. The problem is unlikely to be caused by memory shortage, check for other problems.
Verify the size and use of the Paging File. The rule of thumb for it size is the amount of RAM + 11 MB.
In my case, this is occured when a Win2k DC Bridghead server had many replication partners and one of these had been down for a long period of time. Replication transactions got backed up (increasing the Virtual memory provided a temp storage area for these transactions) and allowed other replication events/transactions to continue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.