Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Process MAD.EXE (PID=1808). DSAccess has discovered the following servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
domaincontroller1.company.com CDG 7 7 1 0 0 1 7 1
domaincontroller2.company.com CDG 7 7 1 0 1 1 7 1
domaincontroller3.company.com CDG 7 7 1 0 1 1 7 1
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Microsoft Exchange Directory service?
What is the role of the Netlogon share?
What is MAD.EXE?
In my case, I was getting events 2080, 2601, 2604 and 2501 from the same source on a clustered Exchange 2007 server approximately every 15 minutes. It was a permissions error. The names of both the pieces of the cluster were in the Exchange Servers group but the virtual name of the cluster itself was not. Adding it to the group and rebooting both servers corrected the issue.
As per Microsoft: "Event 2080 reports certain characteristics of your Active Directory servers, including the roles a server is capable of fulfilling, whether the server is reachable, and so forth". See Understanding and Troubleshooting Directory Access Whitepaper to analyze event 2080. Information about the 2080 event starts on page 53.
See MSEX2K3DB for additional information on this event.
From Microsoft:"In Exchange 2000 Service Pack 2 (SP2) and Exchange 2003, DSAccess (a Directory Service Access component) generates a topology detection event in the Exchange 2000 or the Exchange 2003 server application log." For more information about this event see ME316300.
|Private comment: Subscribers only. See example of private comment|
|Links: ME316300, Understanding and Troubleshooting Directory Access Whitepaper, MSEX2K3DB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated