Event ID - 16644

Event Id16644
SourceSAM
DescriptionAn initial account-identifier pool has not yet been allocated to this domain controller. A possible reason for this is that the domain controller has been unable to contact the RID master domain controller, possibly due to connectivity or network problems. Account creation will fail on this domain controller until the pool is obtained.
Event InformationAccording to Microsoft :
Cause :
This event is logged when an initial account-identifier pool has not yet been allocated to this domain controller.
Resolution :
Check connectivity to the RID master, and check its replication status
A relative ID (RID) pool was not allocated to the local domain controller. Ensure that the local domain controller can communicate with the domain controller that is identified as the RID operations master. Ensure that the RID master is online and replicating to other domain controllers. Perform the following procedure using the computer that is logging the event to be resolved.
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority.
To determine which domain controller is the RID master:
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the console tree, right-click the domain object, and then click Operations Masters.
  3. On the RID tab, note the name of the computer that is identified as the Operations master.
  4. Click Start, click Run, type \\RIDcomputer\sysvol, and then click OK. (Substitute the name of the computer that is identified as the RID master for RIDcomputer.) If a connection opens to the computer, the local computer can connect to the domain controller that holds the RID operations master role.
If you determine that the local computer is not able to communicate with the computer that is identified as the RID master, check network connectivity to other computers. Check for other events in the local computer's Event Viewer that might indicate network connectivity issues. Check the domain controller that is identified as the RID operations master to see if that computer has network connectivity issues or replication issues that are logged in Event Viewer. At a command prompt, you can use the repadmin and dcdiag commands to further test the RID master functionality:
repadmin /showrepldcdiag /test:ridmanager /v
When the relative ID (RID) operations master successfully allocates a RID pool (a set of unique identification numbers) to a domain controller, the domain controller logs Event ID 16648 to Event Viewer. In addition to checking for Event ID 16648, you can verify that a new RID pool is available to a specific domain controller by creating a new account using that domain controller. Perform the following procedures using the computer that is logging the event to be resolved.
To perform these procedures, you must have membership in Domain Admins or you must have been delegated the appropriate authority.
Create an account using Active Directory Users and ComputersTo create an account using Active Directory Users and Computers:
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the console tree, expand the hierarchy of objects as necessary.Right-click the container in which you want to create the new account, click New, and then click the account type that you want to create (for example, Computer, Contact, Group, or User). Fill in all the required fields (and any of the appropriate optional fields) in the dialog box that appears for the specific type of account that you select. If you select one of the following account types: User or InetOrgPerson, an additional dialog box opens. Click Next to go to the next dialog box, and then fill in the appropriate information.
  3. When you have filled out all the appropriate information and you are ready to create the account, click OK. If you created this account for testing purposes, you can delete the account.
Delete an account using Active Directory Users and Computers
To delete an account using Active Directory Users and Computers:
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then press ENTER.
  2. In the console tree, expand the hierarchy of objects as necessary.
  3. Right-click the account that you want to remove, and then click Delete.
  4. Click OK to confirm the deletion of the account.
Verify :
When the relative ID (RID) operations master successfully allocates a RID pool (a set of unique identification numbers) to a domain controller, the domain controller logs Event ID 16648 to Event Viewer. You can also use the dcdiag command to verify the RID master has properly assigned a RID pool to a domain controller. To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. To confirm a RID pool assignment to a domain controller
  1. Open a Command Prompt as an administrator on a domain controller in the domain you want to check. To do so, click Start. In Start Search, type Command Prompt, then right click Command Prompt from the Start Menu and select Run as administrator.
  2. Run the command dcdiag /test:ridmanager /v /f:%userprofile%\desktop\DCname_RIDpool.txt /s:DCname and press ENTER; substitute the name of the domain controller you want to test for each DCname in the command. This creates diagnostic files on the Desktop of the current user named for each domain controller tested.
  3. Open the file with Notepad or another text editor. To open the file with Notepad you can type Notepad %userprofile%\desktop\DCname_RIDpool.txt and press ENTER. If you do not have a text editor installed, you can run the command type %userprofile%\Desktop\DCname_RIDpool.txt |more to view one screen of information at a time and use the SPACEBAR to advance one screen at a time through the file.
Reference LinksEvent ID 16643 from Source SAM

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.