Event ID - 1126

Event Id1126
SourceNTDS General
DescriptionUnable to establish connection with global catalog.
Event InformationAccording to Microsoft:

This behavior can occur if you lock the system partition and remove the Everyone group from various locations.
To resolve the behavior, reset system default file permissions:
1. Set environment variables as follows:
a. At a command prompt, type net share sysvol, and then press ENTER. Notice the path that is returned.
b. Right-click My Computer, and then click Properties.
c. On the Advanced tab, click Environment Variables.
d. In the System Variables section, click New.
e. In the Variable Name box, type Sysvol.
f. In the Variable Value box, type the path that you noted in step a without the last \sysvol item.
g. Repeat these steps to create the %DSDIT% variable and the %DSLOG% variable.
To view the path for these variables, examine these variables in the registry under the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
.For example, the default location for the Database log files path and for the DSA Working Directory is the following:C:\WINNT\NTDS
2. At a command prompt, run the following commands: cd \winnt\security\templates secedit /configure /cfg ""setup security.inf"" /db ss.sdb /log ss.log /verbose secedit /configure /cfg basicdc.inf /db basicdc.sdb /log basicdc.log /verbose
3. Restart the computer."
This problem may occur if you have a damaged object. You may be able to see this object by dumping the Ntds.dit file by using LDP:�
451667 187189 false 11 0 0 2002-01-17 10:37.32 - - - - - [GarbledCharacters]

This object is a damaged phantom object that results in ERROR_DS_DRA_INVALID_PARAMETER on the GC when the infrastructure master runs its phantom cleanup task every 24 hours.�
To resolve this problem, obtain the latest service pack for Windows 2000.
This problem occurs if the Net Logon service on the domain controller does not start before the World Wide Web Publishing Service starts.
This event can occur when promoting a domain controller to a global catalog server.
In one case, this event occurred on a domain controller when the DNS Server Windows component was uninstalled. In another case, this event appeared when an attempt to transfer a FSMO role (the PDC role) by running NTDSUTIL on another domain controller failed. Ensure that the primary network adapter is configured with the IP address of at least one available DNS Server. If using DSN Active Directory integrated zones then resolve any problems with Active Directory replication.
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the Nltest utility to diagnose this problem.
After applying MS security bulletin MS04-011 on a DC that is a catalog server, that domain controller after reboot does not register itself as a Global Catalog server in DNS. Hence, other domain controllers that are not global catalog servers may get this error.
I had this problem trying to promote a replicated AD machine to be the "first" DC after my original DC went bye-bye. After switching all the roles and getting the active database to rebuild, I was left with this error. Here is the fix I used: 1. Go to Administrative Tools, Sites and Services. 2. Browse the tree, Sites -> Default first name -> Servers -> your DC -> NTDS settings. 3. Right click NTDS settings and choose properties. 4. Check the box Global Catalog. 5. Reboot.
got this kind of errors after I changed the DC with a new one, namely after I promoted the new DC, demoted the old DC (which remained a GC). To fix the problem I modified the Service Location Record (SRV) for _gc in DNS that it would point to the new DC.
This error will also appear if you have removed the Global Catalog tick in NTDS Settings located under "AD Sites and Services.
Check your domain Controllers Local Policy User Rights Assignment to be sure that Exchange Enterprise Servers account is under Manage Auditing and security Log. If not add it or run Domain Prep from the Exchange 2000 CD again to fix all security issues. Then re-install Exchange service pack.
This can be caused by clocks on AD controllers being out of sync.
As the error says, verify the availability of the server hosting the Global Catalog (network, DNS, etc..) and if the Global Catalog is online.
Sometimes, certain applications may affect the functionality of the Global Catalog (Citrix, Surf Control, and others).
This event can also occur when the Netlogon service fails
Ensure that the Netlogon service is running. This service must be running for the GC to "Advertise". Eliminate any errors that cause the Netlogon server to fail to start.
Reference LinksDNS, Intersite Messaging, Global Catalog, NTFRS, and "Invalid Credentials" Error Messages on Domain Controller

Damaged Phantom Object Prevents Infrastructure Phantom Cleanup Task from Running

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.