Replication Changes
Applies To: Windows Server 2008
The replication process in Active Directory Domain Services (AD DS) ensures that domain controllers are able to maintain a consistent and updated Active Directory database. Because the Active Directory database holds essential information about user, group, and computer accounts, as well as other resources and services and the network configuration, keeping this information consistent on all the domain controllers is important. Failure of the Active Directory replication process can result in the following problems:
- Failure of applications that rely on consistent Active Directory information to function properly
- Logon rejections
- Password change failures
- Network service failures
- Incorrect or outdated information retrieval
For more information, see How Active Directory Replication Topology Works (https://go.microsoft.com/fwlink/?LinkID=93526).
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-ActiveDirectory_DomainService |
Preferred bridgehead servers have been selected to support intersite replication with the following site using the following transport. However, none of these preferred bridgehead servers can replicate the following directory partition. Site:%1 Transport:%2 Directory partition:%3 User Action Using Active Directory Sites and Services, do the following: - Configure a domain controller that can support replication of this directory partition as a preferred bridgehead server for this transport. You can do this by modifying the corresponding server. - Verify that the corresponding Server objects have a network address for this transport. For example, domain controllers that replicate using the SMTP transport must have a mailAddress attribute. This attribute is normally configured automatically after the SMTP service is installed. Until this is rectified, the Knowledge Consistency Checker (KCC) will consider all domain controllers in this site as possible bridgehead domain controllers for this directory partition. | |
Microsoft-Windows-ActiveDirectory_DomainService |
A thread in AD_TERM is waiting for the completion of a RPC made to the following directory service. Directory service: %1 Operation: %3 Thread ID: %2 Timeout period (minutes): %4 MC_CONCAT( ,AD_TERM) has attempted to cancel the call and recover this thread. User Action If this condition continues, restart the directory service. |
|
Microsoft-Windows-ActiveDirectory_DomainService |
Preferred bridgehead servers have been selected to support intersite replication with the following site using the following transport. However, none of these preferred bridgehead servers can replicate the following directory partition. Site: %1 Transport: %2 Directory partition: %3 User Action - Configure a directory server that can support replication of this directory partition as a preferred bridgehead server for this transport. - Verify that the corresponding Server objects have a network address for this transport. For example, directory servers that replicate using the SMTP transport must have a mailAddress attribute. This attribute is normally configured automatically after the SMTP service is installed. Until this is rectified, the Knowledge Consistency Checker (KCC) will consider all directory servers in this site as possible bridgehead servers for this directory partition. |
|
Microsoft-Windows-ActiveDirectory_DomainService |
AD_TERM did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN. Destination directory server: %1 SPN: %2 User Action Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated. . |
|
Microsoft-Windows-ActiveDirectory_DomainService |
The local directory service has denied a replication attempt on the following directory partition. The following directory service requested to replicate one or more objects from an unauthorized directory partition and the attempt failed. directory service: %1 Directory partition: %2 This might pose a security risk. . |
|
Microsoft-Windows-ActiveDirectory_DomainService |
The following directory service made a replication request for a writable directory partition that has been denied by the local directory service. The requesting directory service does not have access to a writable copy of this directory partition. Requesting directory service: %2 Directory partition: %1 User Action If the requesting directory service must have a writable copy of this partition, verify that the security descriptor on this directory partition has the correct configuration for the Replication Get Changes All access right. You may also get this message during the transition period after a child partition has been removed. This message will cease when knowledge of the child partition removal has replicated throughout the forest. . |