Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS General|
A thread in the directory is waiting in a remote procedure call (RPC) to directory <directory> performing a(n) <operation name> operation. The directory has attempted to cancel the call and recover thread id <thread id>. If this condition persists, stop and restart that Windows Domain Controller.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is NTDS and what are the roles of its components?
See ME313167 for a situation in which this event may occur.
See ME830746 and the link to "EventID 1188 from source Active Directory" to resolve this problem.
Operation: bind - This command initiates a protocol session to the Directory Services. So a failure to perform this operation may indicate a communication problem (or service degradation).
Operation: unbind - This command terminates an LDAP session between the client and the Directory Services.
Operation: synchronize replica - no info
Operation: get down-level replication change log - no info
Operation name: "get memberships" - A reboot seemed to fix the problem.
|Private comment: Subscribers only. See example of private comment|
|Links: ME313167, ME830746, EventID 1188 from source Active Directory|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated