Event ID - 1977

Event Id1977
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionThe following directory service made a replication request for a writable directory partition that has been denied by the local directory service. The requesting directory service does not have access to a writable copy of this directory partition. Requesting directory service: %2 Directory partition: %1 User Action If the requesting directory service must have a writable copy of this partition, verify that the security descriptor on this directory partition has the correct configuration for the Replication Get Changes All access right. You may also get this message during the transition period after a child partition has been removed. This message will cease when knowledge of the child partition removal has replicated throughout the forest.
Event InformationAccording to Microsoft :
Cause :
This event is logged when the following directory service made a replication request for a writable directory partition that has been denied by the local directory service.
Resolution :
Ensure that the security descriptors are set correctly on the directory partition
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To ensure that the security descriptor is set correctly on the directory partition:
  1. On any domain controller in the domain, open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type ADSIEdit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. If the directory partition from the error message does not appear, in the console tree, right-click ADSI Edit, and then click Connect to. In Connection Point, type the Lightweight Directory Access Protocol (LDAP) path of the partition from the error message into Select or type a Distinguished Name or Naming Context and then click OK.
  3. In the console tree, expand the object that represents the naming context of the partition from the error message. You should see another object with the LDAP path that was identified in the event message text.
  4. Right-click the object that has the name of the LDAP path from the event message text, and then click Properties.
  5. On the Security tab, in the Group or user names box, click Enterprise Read-only Domain Controllers. If the Enterprise Read-only Domain Controllers group, or any other group that is mentioned in the following steps, does not appear in the Group or user names box, click Add. Type the name of the group, and then click OK.
  6. In Permissions for Enterprise Read-only Domain Controllers, ensure that the Allow check box is selected for the permission Replicating directory changes. If you are configuring permissions on the Schema partition, also ensure that the Allow check box is selected for the permissions Replicating Directory Changes In and Replicating directory changes all.
  7. In Group or user names, click ENTERPRISE DOMAIN CONTROLLERS.
  8. In Permissions for ENTERPRISE DOMAIN CONTROLLERS, ensure that the Allow check box is selected for the following permissions: Replicating directory changes, Replicating Directory Changes In, Replicating directory changes all, and Replication synchronization.
    If you are configuring a domain partition, proceed with the next step. If you are not configuring a domain partition, you may skip the next two steps.
  9. In the Group or user names box, click Domain Controllers.
  10. In Permissions for Domain Controllers, ensure that the Allow check box is selected for the permission Replicating directory changes all.
  11. Click OK.
  12. Close ADSI Edit.
Verify :
Perform the following procedure using the domain controller from which you want to verify that Active Directory replication is functioning properly.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify that Active Directory replication is functioning properly:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command repadmin /showrepl.This command displays the status reports on all outbound replication links for the domain controller. Active Directory replication is functioning properly on that domain controller if all status messages report that the last replication attempt was successful.
If there are any indications of failure or error in the status report following the last replication attempt, Active Directory replication on the domain controller is not functioning properly. If the repadmin command reports that replication was delayed for a normal reason, wait and try repadmin again in a few minutes.
Reference LinksEvent ID 1977 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.