Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2008 Source: NTDSSDPROP

Internal error: The security descriptor propagation task encountered an error while processing the following object. The propagation of security descriptors may not be possible until the problem is corrected.

CN=Calendar,CN=Microsoft Exchange System Objects,DC=domain,DC=local

Additional Data
Error value:
-1112 []
Internal ID:
Support forums recommend running a semantic database analysis for the Active Directory database by using Ntdsutil.exe as described in ME315136.
This event might occur if the value of a non-linked attribute is larger than 800 on a Windows Server 2003-based computer. See ME914036 for additional information about this issue.

You may experience this problem after you install Microsoft Exchange Server 2003 Service Pack 2 (SP2), if you have the Microsoft Exchange Server 2003 Connector for Lotus Notes installed in the organization, because the Exchange 2003 SP2 Setup program does not automatically update the Lotus Notes proxy address generator file. This file is named Ntspxgen.dll. See ME913676 to resolve this problem.
From a newsgroup: "This issue is mostly caused by the large number of proxy addresses under the objects referenced in the event. Actually, there is a number limit on the multiple-value attribute. The limit is about 750~800.

1. Open Exchange System Manager.
2. Expand Recipients -> Recipient Update Services.
3. In the right pane, double-click Recipient Update Service (Enterprise configuration).
4. Choose "Never Run" in "Update interval" and then click OK.
5. Open ADSIEdit.
6. Expand Domain NC->DC=xxx, DC=com->CN=Microsoft Exchange System Objects.
7. In the right pane, double-click each object that was included in the event.
8. Choose "proxyaddresses" in "Select a property to view".
9. Delete all values.
10. Click OK.
11. Repeat the steps 1 trough 4 to configure RUS Enterprise as "always run".
12. Right-click RUS enterprise and then click “Update Now”.
13. Rebuild Now".
In my environment, this event was created due to an incorrectly configured Exchange Recipient Update Service, which caused hundreds of improper SMTP addresses to be stamped onto mailboxes and groups without first and last names. Microsoft article ME318774 contains the fix for this issue. Cleanup the objects and the errors should go away.
From a newsgroup post: "You are getting JET_errRecordTooBigForBackwardCompatibility. Your object has
too many values on it. SDP needs to stamp another one, and is unable to do it, because the object is full. You can only have ~850 values (non-linked) on an object in W2K mode, and ~1300 in w2k3 mode. Just go to this object and remove some values. Most likely, you have too many certs on this object. I have also seen too many IM contacts. Use adsiedit or ldp. LDP is the easiest, it shows all attributes when you double-click on the object."

From a newsgroup post: "-1112 is JET_errRecordTooBigForBackwardCompatibility. The object is too big (too many values). SDP needs to stamp another value on it, and it does not fit. In w2k, the limit is about 850 non-linked values. When you upgrade your forest to 2003 mode, the limit will become ~1300. Go clean up the object, remove some values (certificates usually?). You will keep recieving this error every 30 minutes or more frequenty, until you clean up the object."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.