Question

Locked

event error every second

By bartkendel ·
windows 2003 sam 12294

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

sam 12294 Error..

Description of NTDS replication warning IDs 1083 and 1061, and SAM error ID 12294 because of an Active Directory collision

SUMMARY
Simultaneous changes against Active Directory object attributes on different domain controllers may cause an Active Directory collision for the update. When this occurs, NTDS replication warnings 1083 or 1061, or SAM error ID 12294 may be logged.
MORE INFORMATION
The following events may be logged if immediate replication is triggered (for example, by an urgent replication for a user lockout condition) and collides with the local Active Directory update:

Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event I 1083
Description:
Replication warning: The directory is busy. It couldn't update object CN=... with changes made by directory GUID._msdcs.domain. Will try again later.
This indicates that the unsuccessful attempt of the remotely triggered update that will be retried later:

Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event I 1061
Description:
Internal error: The directory replication agent (DRA) call returned error 8438.
(decimal 8438 / hex 0x20f6 : ERROR_DS_DRA_BUSY, winerror.h)
If advanced NTDS logging is enabled, the following error ID may also be logged:

Event Type: Warning
Event Source: NTDS General
Event Category: Internal Processing
Event I 1173
Description:
Internal event: Exception e0010004 has occurred with parameters -1102 and 0 (Internal ID 2030537).
(JetDataBase ID -1102: JET_errWriteConflict -1102, Write lock failed due to outstanding write lock)
If NTDS logging is set to 4 (Verbose) or higher in the Replication Events entry of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Diagnostics\ subkey, the following error ID may also be logged:

Event Type: Warning
Event Source: NTDS Replication Event
Event Category: Replication
Event I 1413
Description:
The following object changes were not applied to the local Active Directory database because the local metadata for the object indicates that the change is redundant.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
285858 (http://support.microsoft.com/kb/285858/) Error message: The replication system encountered an internal error
If the remotely triggered update wins against the local update, the following system event may be logged for a user account lockout:

Event Type: Error
Event Source: SAM
Event Category: None
Event I 12294
User: user-SID
Description:
The SAM database was unable to lockout the account of user due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
Data: 0000: c00002a5
You must analyze the error data to receive the correct error condition. DWord data hexadecimal 0xc00002a5 = decimal -1073741147: STATUS_DS_BUSY, ntstatus.h).

After the warnings, an NTDS information event is logged that reports that the queued update has already been made (with the same version ID) and is be ignored as redundant:

Event Type: Information
Event Source: NTDS Replication
Event Category: Replication
Event I 1413
Description:
Property 90296 (lockoutTime) of object CN=username,OU=... is not being applied to the local database because its local metadata implies the change is redundant. The local version is (version-ID).
When this condition exists, no replication error has occurred. Active Directory is consistent and you can safely ignore the resulting event logs.

On a computer that is running Microsoft Windows Server 2003, you can also determine whether a replication error has occurred by exporting the replication meta-data of the object. To do this, run the following command at a command prompt:
repadmin /showobjmeta domainController objectDN
Note In this command, make the following replacements for the placeholders:
? Replace the domainController placeholder with the host name of a domain controller.
? Replace the objectDN placeholder with the distinguished name of the affected object.

In the output that this command generates, match the last update times of the attribute to the times that the events were logged. From this information, you can determine which attribute caused the replication error.

Generally, you experience this problem with the lockoutTime attribute or with one of the password attributes. In these cases, you can safely ignore the events. The events occur because the change that occurs on the primary domain controller (PDC) is also written to the local domain controller. At the same time, the change is replicated among the domain controllers. For lockoutTime, the change is replicated urgently in the site of the PDC.

A list of changes for which you may experience a replication collision is found in the following Knowledge Base article:
232690 (http://support.microsoft.com/kb/232690/) Urgent replication triggers in Windows 2000
Because of the short replication notification intervals that you can have in Microsoft Windows Server 2003, you may experience a replication collision in the same site of the PDC. Password changes are one example of a scenario in which you may experience a replication collision. This behavior occurs because a domain controller forwards new passwords to the PDC. Both the PDC and the local domain controller then replicate the changed password information. Therefore, a replication collision may occur on another domain controller in the same site. For more information about replication notification, click the following article number to view the article in the Microsoft Knowledge Base:
214678 (http://support.microsoft.com/kb/214678/) How to modify the default intra-site domain controller replication interval
To help reduce the generation of replication collision events, configure the PDC in a site that does not have other domain controllers or client computers. In this scenario, the PDC does not urgently replicate updates that it receives. Therefore, you may reduce the risk of replication collisions. In a large domain, you can use this method to help reduce the load on the PDC. For more information about "piling on" scenarios, click the following article number to view the article in the Microsoft Knowledge Base:
http://support.microsoft.com/kb/3060**

Please post back if you have any more problems or questions.

Back to Software Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums