Event ID 1083 Source NTDS Replication
| Event ID | 1083 |
| Source | NTDS Replication |
| Type | Warning |
| Description | Replication warning: The directory is busy. It couldn't update object CN=GUP1428,CN=Users,DC=gen,DC=mydom,DC=com with changes made by directory 610dc995-6f03-4a6d-bf33-9cfeaf09a682._msdcs.mydom.com. Will try again later. |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Concepts to understand |
What is an object? What is the Active Directory? What is NTDS and what are the roles of its components? |
| Comments |
Adrian Grigorof
According to a newsgroup post: "Unless these turn into errors message 1083 events are to be expected. There is always going to be instances in which REPL or the AD is going to be busy and the request is going to be queued. If you start to see the same transaction refused time and again, it, then would be considered an issue as that *one* transaction is never getting committed." Robert Premuz I have received this warning on a Windows Server 2003 server with a slightly different description: “Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information”. This warning started to appear after the Administrator's password was changed, and repeated approximately once an hour. It was accompanied by EventID 861 from source Security in the Security Log mentioning the following parameters: Path: C:\WINDOWS\system32\tcpsvcs.exe User account: SYSTEM User domain: NT AUTHORITY. The problem was caused by the Microsoft DHCP Server (running on that server) that used the Administrator's credentials for DNS dynamic updates registration. The DNS dynamic updates registration should use another dedicated domain account whose password does not need to be changed for security reasons. Mihai Andrei This behavior is symptomatic of a duplicate object in Active Directory of the replication partner. See "JSI Tip 7926" for some steps you should take in order to fix this problem. Ionut Marin As per Microsoft: "This problem may occur if a child domain is not completely removed. As a result, some domain controllers in your organization may have conflicting information about the child domain". See M825952 for a hotfix applicable to Microsoft Windows 2000. See M834926 for a hotfix applicable to Microsoft Windows Server 2003. Mark Geschke The cause for the repeated occurrence of this event on our network was quite difficult to track down and was in the end attributed to a service trying to logon with an invalid password and thereby locking the account mentioned in the Event description. In our specific scenario, the account mentioned in the Event description was used to install the Trend TVCS Agent service. Due to our company security policy, however, passwords have to be changed every few weeks. Since the Trend TVCS Agents stores an encrypted version of the password in the registry, the next time this service tries to activate, it cannot and ultimately locks out the account (as can be verified in the Security Event Log on the server the TVCS Agent service is running on). As a conclusion, do not install services with accounts that have a password policy applied to them. The Trend TVCS Agent service had to be reinstalled using another, service specific account. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Anonymous Windows 2000 Advanced Server with SP3 installed (German version). Event 1083 was logged like described at M296714. The cause of this was that we had some orphan DCs in the Domain Controler OU and the event mentioned above was logged after switching the AD to native mode. We removed the orphan entries but the event was still logged every three hours. We checked M285858, M306091 but they did not help. We also tried M296714. At this stage we could not see any duplicated entry. We then asked the customer to run the Microsoft Product Support's Customer Configuration Capture Tool report for the directory services. We reviewed the log file and we created this action plan for then customer: There is a problem with the "Admin" user account. Please find this account in your Domain and reset the password. Find out if some services are using this account and make sure they get changed to the new passsword. Check to see if you still have the issue. If the above does not work, the continue with: Move the account to another OU and run repadmin synall from command prompt. For example: c:\>repadmin /syncall <name of the DC partner> If it corrected the problem then move the user back to the original OU. If it doesn't correct the problem continue with: 1. Start the LDP from a Run command on the DC that generated the event ID. 2. From the connection menu select "Connect" then click ok to accept default setting. 3. Again from the connection menu select "Bind" then click ok on the bind screen to accept default setting. 4. From the View menu select "Tree" option to expand the view. 5. From the left hand pane highlight the domain DN name. For example you will see dc=domainname, dc=com. Highlight dc=domainname, dc=com by clicking on it. 6. From the Browse menu select Search option. In the search Base DN enter your domain dn name. For example: Base Dn: DC=domainname, DC=common the Filter option enter the object name to search. For example I am searching for an object name McVaugh that might be duplicate and as seen in the decription of the event log. Make sure to put the ( ) as seen below. Filter: (CN=McVaugh) 7. On the Scope select "Subtree" option and click Run to start the search. 8. Once the objects found and if there are duplicate objects with the same name decide on a good object then delete the other. An example of an object found: ***Searching...ldap_search_s(ld, "DC=domainname, DC=com", 2, "(CN=something)", attrList, 0, &msg)Result <0>: (null)Matched DNs: Getting 1 entries:>> Dn: CN=McVaugh, CN=Users, DC=domainname, DC=com1> canonicalName: domainname.com/Users/Something; 1> cn: McVaugh; 1> distinguishedName: CN=McVaugh, CN=Users, DC=domainame, DC=com; 4> objectClass: top; person; organizationalPerson; user; 1> name: something; 9. To delete the bad object do the following: From the main menu click on Browse then select "Delete". Enter the DN name of the object to be deleted. For example I am deleting object name something. DN: CN=something, CN=Users, DC=domainname, DC=com An example of object deleted message:ldap_delete_s(ld, "CN=something, CN=Users, DC=domainname, DC=com");Deleted "CN=something, CN=Users, DC=domainname, DC=com"----------- 10. Close the LDP session. 11. From the CMD prompt sync the active directory database with all the other domain controllers by runing the following command and make sure you are getting a message indicating that was successful. For example: c:\>repadmin /syncall <name of the DC partner>. You might want to check M244344. David Davis This error generally occurs when a duplicate connection object exists in Active Directory of the destination replication partner. Because this connection object is used to facilitate replication with the local domain controller, updates are impossible when replication does occur. The description of event ID 1083 contains: The distinguished name of the object causing the problem. The GUID-based DNS name of the replication partner. This name is composed of the GUID of the NTDS Settings object of the replication partner, followed by _msdcs.corp.hay-buv.com. To resolve the problem, perform the following actions: Ping the GUID-based DNS name to get the IP address of the replication partner. Run Ldp.exe from Windows 2000 Support Tools, and then connect to this IP address by using the connect option from the Connection menu. Select the Bind option from the Connection menu, and then enter the credentials of an administrator account. Select the Search option from the Browse menu. In the Search dialog box, select the Subtree option. In the Base Dn option, enter the following information: The distinguished name of the domain to search for a user or a computer: dc=branches, dc=company, dc=com or the distinguished name of the configuration container to search for connection objects. Click Run. The right pane of the widow displays the different locations in which the object was found. Select the appropriate result from the list. Delete the other returned options by using the Delete option of the Browse menu. Enter the distinguished name of the object to delete: CN=DC2, CN=Servers, CN=Bad-Site, CN=Sites, CN=Configuration, DC=corp, DC=hay-buv, DC=com Ensure that the object has been properly deleted in the right pane of the Ldp.exe window. If no duplicate exists, move the object to a different site or organizational unit. Document this for future reference in case the object needs to be moved again at a later date. Synchronize the configuration and domain naming contexts by typing the following commands at the command prompt: repadmin /sync CN=Configuration, DC=corp, DC=hay-buv, DC=com %computername% <rep_partner_GUID> repadmin /sync DC=branches, DC=corp, DC=hay-buv, DC=com %computername% <rep_partner_GUID> If replication completes successfully, the event log should not show any new instances of event ID 1083. If necessary, move the object back to its original location, and then resynchronize the configuration and domain naming contexts by using the commands above. Kmex This issue may occur if a duplicate object is present in Active Directory for the replication partner of the local domain controller. When the local domain controller receives the replication updates that contain duplicate objects from its replication partner, the local domain controller cannot perform the updates on those objects, and therefore it logs a warning in the Directory Service event log. See M285858 and M296714. Jason S. Rundle See Microsoft Knowledge Base Article - M306091. Anonymous This error was being written a few times in my Event Log until I noticed the user was locked out. Unlocking the account solved the replication problem and caused the errors to go away. |
| Links | M244344, M285858, M296714, M306091, M825952, M834926, Customer Configuration Capture Tools, JSI Tip 7926, EventID 861 from source Security |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |