Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1655 Source: NTDSGeneral

Source
Level
Description
The attempt to communicate with global catalog \\<server name> failed with the following status: <status message> The operation in progress might be unable to continue. The directory service will use the locator to try find an available global catalog server for the next operation that requires one. The record data is the status code.
Comments
 
In one case, this Event ID appeared when an attempt to transfer a FSMO role (the PDC role) by running NTDSUTIL on another domain controller failed. This was fixed by using DCPROMO to demote/promote the domain controller.
See ME838400 for a hotfix applicable to Microsoft Windows 2000.

As per Microsoft: "This problem may occur if you have a damaged object. You may be able to see this object by dumping the “Ntds.dit” file by using LDP". See ME318170, ME297716 and ME257623 for details on fixing the problem.
I had this problem on a DC that was not a GC. I found that the adapter that was listed first for accessing (Multiple NICS, load Balanced) was not the virtual adapter. And on another DC that only had one NIC enabled, the disabled NIC was listed first for accessing. Right click My Network Places -> Properties -> Advanced tab -> Advanced settings. If the card with TCP/IP bound is not listed first, change the listing order.
The DNS configuration in use is setup incorrectly. Most likely, the DNS server configured as the primary in the local TCP/IP stack is not configured properly or is missing the appropriate SRV records such as _gc.
I accidentally and incorrectly left the primary DNS suffix setting on an NT4 PDC prior to upgrading to W2K with AD. All hell broke loose but I managed to fix it by trawling the registry for the incorrect DNS name and either removing or replacing with the correct one.


Status message: The RPC server is unavailable. Usually, "The RPC server is unavailable." means that the IP of the server could not be determined so check the DNS (availability, entries, etc..). It could also mean lack of connectivity with the server. So I would verify all these.
Status message: The RPC server is unavailable. From a newsgroup post: First check the following entries in the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols]
"ncacn_np"="rpcrt4.dll"
"ncacn_ip_tcp"="rpcrt4.dll"
"ncadg_ip_udp"="rpcrt4.dll"
"ncacn_nb_tcp"="rpcrt4.dll"
"ncacn_http"="rpcrt4.dll"
If these entries could not be found just add them, reboot and the problem is solved.

Status message: There are no more endpoints available from the endpoint mapper. The Microsoft article ME189007 may help. According to a newsgroup post other possible cause (if replication doesn't work) is that the Kerberos tickets from a Domain Controller may not be valid on other Domain controllers in the domain. In this case the following actions can solve the problem:

1. Set the Startup type for the Kerberos Key Distribution Center service on
the affected DC to Disabled.
2. Restart the affected DC.
3. Log on and force replication with its replication partners through the
Active Directory Sites and Services snap-in.
4. Check the replication status with "repadmin /showreps" (without the quotation marks). Repadmin is available in the Windows 2000 Support Tools. If
replication is now successful, set the Startup type for the Kerberos Key Distribution Center service on the affected DC back to Automatic.
5. Restart the Kerberos Key Distribution Center service.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...