Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS Inter-site Messaging|
The query for messages for service NTDS Replication via transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=esidestin,DC=int failed with the following status: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. The record data is the status code. Data: 0000: 22 04 07 80
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is NTDS and what are the roles of its components?
See the link to "EventID 1373 from source Active Directory" for information on this event.
On one case, this problem was due to the IIS Admin Service being disabled.
I had a DC with SMTP installed but disabled. Removing SMTP eliminated the errors.
I noticed that when I installed a second NIC in my server, the IP address of the server (SMTP) which is needed for this type of replication was mixed up. Checked the properties and it worked fine after that.
|Private comment: Subscribers only. See example of private comment|
|Links: EventID 1373 from source Active Directory|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated