Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1084 Source: NTDSReplication

Level
Description
Replication error: The directory replication agent (DRA) couldn't update object CN="8f03823f-410c-4483-86cc-8820b4f2103f
DEL:66aab46a-2693-4825-928f-05f6cd12c4e6",CN=Deleted Objects,CN=Configuration,DC=company,DC=com (GUID 66aab46a-2693-4825-928f-05f6cd12c4e6) on this system with changes which have been received from source server 62d85225-76bf-4b46-b929-25a1bb295f51._msdcs.company.com. An error occurred during the application of the changes to the directory database on this system.

The error message is:

The replication operation encountered a database error. The directory will try to update the object later on the next replication cycle. Synchronization of this server with the source is effectively blocked until the update problem is corrected. If this condition appears to be related to a resource shortage, please stop and restart this Windows Domain Controller. If this condition is an internal error, a database error, or an object relationship or constraint error, manual intervention will be required to correct the database and allow the update to proceed.  It is valuable to note that the problem is caused by the fact that the change on the
remote system cannot be applied locally. Manually updating the objects on the local system in not recommended. Instead, on the source system (which has the changes already), try to reverse or back out the change.  Then, on the next replication cycle, observe whether the change can now be applied locally. The record data is the status code.
Comments
 
In my case, a reboot of the DC in question fixed this for me.
This error occurred on our Main AD Server. The root cause was a faulty network card that had buffer problems. The card would not allow any IP configuration to be done. We re-booted the box and the network card worked again, as well as the AD replication. We also upgraded the NIC, since the box handles a lot of network traffic.
As per Microsoft: "This problem occurs when an Active Directory object that is currently being used is deleted from the Active Directory directory service. In this situation, the replication engine will try to delete the object later". See ME911015 for additional information about this event.
See ME253644 and ME326855 to fix this problem.
See ME837932 for information on how to fix this error.


As per Microsoft: "This problem can occur when an orphan object is present in the Active Directory. Objects can become orphaned after their parents are deleted and then removed from the Active Directory by the garbage collector.". A fix is available from Microsoft.
An attempt to force replication using the Replicate Now option in Active Directory Sites and Services leads to the error: The following error occurred during the attempt to synchronize the domain controllers: The replication operation encountered a database error. furthermore, an Active Directory database integrity check using the NTDSUtil.exe utility yields the following error message: The operation terminated with the following error: -528 (JET_errMissingLogFile, current log file missing) after 4.66 secs. additionally, an Active Directory database integrity check using the ESENTUtl.exe utility yields the following error message: The operation terminated with the following error: -1206 (JET_errDatabaseCorrupted, non database file or corrupted db) after 4.66 secs.

CAUSE: The domain controller's partition of the active Directory database is corrupt.
RESOLUTION:
1. Boot into Safe Mode and select Directory Services Restore Mode (Windows 2000 domain controllers only)
2. Run NTDSUTIL.EXe
3. Select Files
4. At the File Maintenance prompt type Info to find out where the domain controller's Active Directory database partition is stored. The information would be similar to the following: Database: g:\winnt\ntds - 50MB
5. Type Integrity to run an integrity check. If the database if corrupt, the integrity check would fail with an error message. Make a not of the error message.
6. Type Repair to repair the NTDS.DIT database
7. Using Windows Explorer, delete or move the following NTDS log files from their \NTDS folder to another folder. - edb.log - edb0000#.log - res2.log - res1.log - edb.chk - temp.edb
8. Type Integrity to run the integrity check. make sure it completes successfully.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...