Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1085 Source: NTDSReplication

Level
Description
Replication warning: The directory replication agent (DRA) couldn't synchronize partition CN=Schema,CN=Configuration,DC=,DC=com with partition on directory server ._msdcs..com The error was: The DSA operation is unable to proceed because of a DNS lookup failure. Please verify that the address can be resolved with DNS, and that it is reachable via the transport. If this error persists, the KCC will reconfigure the links around this server.
Comments
 
According to Microsoft, this issue may occur when destination domain controllers that are performing remote procedure call (RPC)-based replication do not receive replication changes from a source domain controller within the time that the RPC Replication Timeout (mins) registry setting specifies. See ME830746 for information on what causes this problem and how to fix it.
This error is displayed because two domain controllers tried to replicate but cant because the machine that is initiating the request cannot find the computer it is trying to replicate with in DNS.  KCC (Knowledge Consistency Checker) will then try and find another route to the detsination machine.  KCC does not always work.  The manual version is to load AD Sites and Services, and display the NTDS settings for the server that is starting the request, and then manaully add a connection for each server that it should be able to replicate with.  If you then right click on each of those connections that you have created, and choose replicate now.  If it works ok - problem solved.  If it fails, then you need to make sure you can ping the FQDN of the machine you are connecting to, and ensure you get a response.  If not - update the DNS server, and all should then start working...

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...