Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2091 Source: NTDSReplication

Level
Description
Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=RID Manager$,CN=System,DC=r2,DC=sp1,DC=ws03,DC=com
FSMO Server DN: CN=NTDS Settings\0ADEL:1ee76061-8332-4a5d-9255-2d17eb1c8cdd,CN=JIMSIM-WS01,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=r2,DC=sp1,DC=ws03,DC=com
User Action:
1. Determine which server s hould hold the role in question.
2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately.
3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully.

The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Comments
 
The following conditions may cause this event to occur:
1.Operations master role holder is not set or is not readable
2.Operations master role is set to a domain controller that is deleted
3.Operations master self-ownership is not valid
4.The operations master role owner does not respond
See ME914032 for more information on this issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...