Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2092 Source: NTDSReplication

This server is the owner of the following FSMO role but does not consider it valid. For the partition which contains the FSMO this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.

Operations which require contacting a FSMO operation master will fail until this condition is corrected.

FSMO Role: CN=SchemaCN=ConfigurationDC=DomainDC=Extension

User Action:

1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity DNS name resolution or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance perhaps because of maintenance or a disaster recovery you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on

The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts computer accounts or security groups.
Infrastructure: Cross-domain name references such as universal group memberships will not be updated properly if their target object is moved or renamed.
Several tools can assist in troubleshooting this event:
- Repadmin - See T770963.
- Ntdsutil - See T753343, ME255504 and ME324801
- Dcdiag - See T731968.
- Netdiag - See T731434.

EV100565 (Initial Synchronizations of Domain Controllers) provides details about how the initial synchronization of various partitions take place (initial synchronization of FSMO Owners, the exact issue here).
In my case (somehow) inbound/outbound replication was disabled. I enabled it and the problem was solved.
Commands to run:

The following conditions may cause this event to occur:
1.Operations master role holder is not set or is not readable
2.Operations master role is set to a domain controller that is deleted
3.Operations master self-ownership is not valid
4.The operations master role owner does not respond
See ME914032 for more information on this issue.
In one case, this event appeared together with EventID 4004 and 4015 from source DNS. When these EventIDs were corrected and the computer restarted, this problem disappeared.
As description box of this event states KB ME305476 give valuable information. In my case, the event was caused by a FRS problem (EventID 13562 from source NtFrs).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.