Event ID - 2527

Event Id2527
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionThe directory server failed to automatically update service account, dns name and/or port information.
This operation will be tried again at the following interval. Interval (minutes):%1 Additional Data Error value:%3 %4 Internal ID:%2
Event Information According to Microsoft :
Cause :
This event is logged when the directory server has failed to update the host name and/or ports information for service on the remote server.

Resolution :
Ensure the success of the remote update
Active Directory Lightweight Directory Services retries this operation periodically If the retry succeeds, no further action is necessary. If the update is unsuccessful for several hours, verify that this instance has connectivity with the replication partners that are named in the event text.
Verify :
To verify the configuration of an Active Directory Lightweight Directory Services instance, must first know the appropriate host name of the computer that hosts the instance, as well as the appropriate Lightweight Directory Access Protocol and LDAP over Secure Sockets Layer TCP port numbers.By default the LDAP and LDAPS port numbers are 389 and 636, respectively.Can quickly determine the host name of a computer by running the command hostname at a command prompt. You must also know the site name in Active Directory Domain Services where the computer that hosts the AD LDS instance is located. If network does not use Active Directory sites, all computer objects are created in the Default-First-Site-Name object.Must also know the user account name and security identifier of the account under which AD LDS is configured to run.
To resolve a user account name to its respective SID,must have a utility that can translate account names to SIDs. PsTools from Microsoft includes the PsGetSid utility, which translates account names to SIDs and SIDs to account names.
To perform these procedures,must have membership in Domain Admins or must have been delegated the appropriate authority.
Obtain and extract PsTools
To obtain and extract PsTools:
  1. Download PsTools.
  2. Extract PsTools.zip from your download folder to a new folder named PsTools.
  3. Close the extraction destination folder (C:\PsTools), which automatically opens in a new window when the extraction is complete.
Determine the service account security identifier
To determine the service account security identifier:
  1. Open a command prompt as an administrator on the computer that hosts the AD LDS instance.To open a command prompt as an administrator, click Start.In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what want and then click Continue.
  2. Type wmic service list control, and then press ENTER. In the output, locate the AD LDS instance name that want to verify.Must locate the name of the AD LDS instance and determine which user account it is configured to use:
    • If there is too much output on the screen, can redirect the output to a text file.This command redirects the list of services to a folder named pstools on the C: drive.
    • To open the text file, type notepad c:\pstools\services.txt, and then press ENTER.
  3. Record the user account name that the AD LDS instance is using as a service account.
  4. Change the directory path to the folder where you extracted PsTools.
  5. At the command prompt, type net config rdr, and then press ENTER. In the resulting command output, note the Workstation domain name, which is used in the following command.
  6. Type psgetsid domainName\serviceAccount, and then press ENTER, where domainName is the Workstation domain name in the output from the previous command and serviceAccount is the name of the user account that the AD LDS instance is configured to use:
    • If this is the first time that you are running psgetsid on this computer, the PsGetSid License Agreement appears.Read the license agreement.If agree to the terms, click Agree.If do not agree to the terms, cannot verify lookup using PsGetSid or continue with the following directions.
    • If the name has spaces in it, use quotation marks around the domainName/serviceAccount, for example "Contoso/Domain Administrator".
    • If the account name is networkservice, type " NT Authority/networkservice" with the quotation marks for the domainName/serviceAccount
  7. Record the SID in the output of the psgetsid command.
Verify that the appropriate values are set on AD LDS configuration attributes
To verify the values on the AD LDS configuration attributes:
  1. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type adsiedit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what want, and then click Continue.
  2. In the left pane, right-click ADSI Edit, and then click Connect to.
  3. In the Connection Settings dialog box, under Connection Point, ensure that Select a well known Naming Context is selected, and then select Configuration as the container.
  4. In Computer, select Select or type a domain or server, and then type the name of the server that hosts the AD LDS instance, followed by a colon and the port number on which the instance is hosted. If the server name is Server1, it is a member of the Contoso.com domain, and the AD LDS instance is running on port 389, the connection string is server1.contoso.com:389.Click OK.
  5. In the console pane, expand the Configuration container.Expand the container directly below that, which is named CN=Configuration,CN={GUID}, where GUID is a globally unique identifier for the instance.
  6. Expand the Sites object, and then expand the object that represents the Active Directory site of the server that hosts the AD LDS instance.
  7. Expand the Servers object.Should see an object named CN =serverName$instanceName, where serverName is the computer name of the server that hosts the AD LDS instance and instanceName is the name of the AD LDS instance. Right-click the object, and then click Properties.
  8. On the Attribute Editor tab, locate the dNSHostname and nETBIOSName attributes.Ensure that the values accurately reflect the name of the computer that hosts the AD LDS instance.
  9. Click Cancel .
  10. Expand the serverName object.
  11. Right-click the CN=NTDS Settings object, and then click Properties .
  12. Locate the msDS-PortLDAP and msDS-PortSSL attributes, and ensure that the values accurately reflect the LDAP and LDAPS ports on which the AD LDS instance should be available.
  13. Select the msDS-ServiceAccount attribute, and then click View. Ensure that the service account name and corresponding SID are listed correctly in Values.
  14. Click Cancel twice to close the open dialog boxes.
  15. Expand the CN=Roles container that is directly below the CN=Configuration,CN={GUID} container that was previously expanded.
  16. Under CN=Roles, right-click CN=Instances, and then click Properties.
  17. Select the member attribute, and then click View.
  18. Ensure that the service account and SID are listed correctly in Values.
  19. Click Cancel in the open dialog boxes, and then close ADSI Edit.
Complete all the previous procedures to verify the configuration of a single instance on a single server.To verify the configuration of an instance on the other servers in the configuration set, must connect to the Configuration container of each server and verify the configuration settings for that instance. For each additional instance that want to verify, connect to the appropriate Configuration container on each server in the configuration set, and then verify the configuration.
Reference LinksEvent ID 2527 from Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.