Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1473 Source: NTDSInter-siteMessaging

The Intersite Messaging Service failed to read the configuration of the Intersite Transports out of the Directory. The error message is as follows:
The specified server cannot perform the requested operation.

The service has stopped. It will be necessary to correct the problem and restart the service in order for intersite communication to occur. The KCC will be unable to calculate intersite topology without this service. There may be a problem retrieving data from the LDAP server. Please verify that LDAP queries are succeeding on this machine. You may also wish to try restarting the Intersite Messaging Service manually.
The record data is the status code.
0000: 3a 00 00 00
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode.
This problem can occur after a windows sockets program installs the "Windows Socket 2.0 Non-IFS Service Provider Support Environment" component and prevents the local LDAP server from starting. See ME315182 for information on how to solve this problem.

If the Intersite Messaging Service is installed after promotion on the only DC in the domain, it will fail to run after a restart, and this event will be logged. See ME266657 for details on this situation.
See ME834317 for a hotfix applicable to Microsoft Windows Server 2003. Also, check ME305837 for information about this event.
If you install an application on a Domain Controller (DC) that binds to port 389 with a listener, multiple failures are seen on the DCs. These include failures running dcpromo, startup failures with Inter-Site Messaging service, as well as NTFRS preventing a machine from becoming a DC.

This can usually be detected by using Ldp.exe from the Support Tools to confirm that you are succeeding in connecting to the Active Directory on each DC.

This problem occurs because the NT Directory Service Agent (NTDSA) fails to maintain exclusive control of port 389. Therefore, any other application that attempts to setup a listener on port 389 succeeds and gains control of the port from the NTDSA.

To resolve this problem, install Windows 2000 Service Pack 2.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.