Event Id | 1085 |
Source | NTDS Replication |
Description | Replication warning: The directory replication agent (DRA) couldnt synchronize partition CN=Schema,CN=Configuration,DC=,DC=com with partition on directory server ._msdcs..com The error was: The DSA operation is unable to proceed because of a DNS lookup failure. Please verify that the address can be resolved with DNS, and that it is reachable via the transport. If this error persists, the KCC will reconfigure the links around this server. |
Event Information | According to Microsoft: CAUSE: This issue may occur when destination domain controllers that are performing remote procedure call (RPC)-based replication do not receive replication changes from a source domain controller within the time that the RPC Replication Timeout (mins) registry setting specifies. You might experience this issue most frequently in one of the following situations: 1. You promote a new domain controller into the forest by using the Active Directory Installation Wizard (Dcpromo.exe). 2. Existing domain controllers replicate from source domain controllers that are connected over slow network links. The default value for the RPC Replication Timeout (mins) registry setting on Windows 2000-based computers is 45 minutes. The default value for the RPC Replication Timeout (mins) registry setting on Windows Server 2003-based computers is 5 minutes. When you upgrade the operating system from Windows 2000 to Windows Server 2003, the value for the RPC Replication Timeout (mins) registry setting is changed from 45 minutes to 5 minutes. If a destination domain controller that is performing RPC-based replication does not receive the requested replication package within the time that the RPC Replication Timeout (mins) registry setting specifies, the destination domain controller ends the RPC connection with the non-responsive source domain controller and logs a Warning event. RESOLUTION: To resolve this issue, increase the bandwidth of your network connection so that the Active Directory changes replicate in the five minute timeout period. If you cannot increase the bandwidth of your network connection, edit the registry on your Windows Server 2003-based computer to increase the value of the RPC timeout for Active Directory replication. To increase the RPC timeout value, follow these steps: 1. Start Registry Editor. 2. Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Para |
Reference Links | Active Directory changes do not replicate in Windows Server 2003 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.