Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS Inter-site Messaging|
The Intersite Messaging Service failed to read the configuration of the Intersite Transports out of the Directory. The error message is as follows:
The specified server cannot perform the requested operation.
The service has stopped. It will be necessary to correct the problem and restart the service in order for intersite communication to occur. The KCC will be unable to calculate intersite topology without this service. There may be a problem retrieving data from the LDAP server. Please verify that LDAP queries are succeeding on this machine. You may also wish to try restarting the Intersite Messaging Service manually.
The record data is the status code.
0000: 3a 00 00 00
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is NTDS and what are the roles of its components?
What is KCC?
What is LDAP?
What is the Intersite Messaging?
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode.
This problem can occur after a windows sockets program installs the "Windows Socket 2.0 Non-IFS Service Provider Support Environment" component and prevents the local LDAP server from starting. See ME315182 for information on how to solve this problem.
If the Intersite Messaging Service is installed after promotion on the only DC in the domain, it will fail to run after a restart, and this event will be logged. See ME266657 for details on this situation.
See ME834317 for a hotfix applicable to Microsoft Windows Server 2003. Also, check ME305837 for information about this event.
If you install an application on a Domain Controller (DC) that binds to port 389 with a listener, multiple failures are seen on the DCs. These include failures running dcpromo, startup failures with Inter-Site Messaging service, as well as NTFRS preventing a machine from becoming a DC.
This can usually be detected by using Ldp.exe from the Support Tools to confirm that you are succeeding in connecting to the Active Directory on each DC.
This problem occurs because the NT Directory Service Agent (NTDSA) fails to maintain exclusive control of port 389. Therefore, any other application that attempts to setup a listener on port 389 succeeds and gains control of the port from the NTDSA.
To resolve this problem, install Windows 2000 Service Pack 2.
|Private comment: Subscribers only. See example of private comment|
|Links: ME266657, ME305837, ME315182, ME834317|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated