Event Id | 2087 |
Source | domain controllers |
Description | when Active Directory replication has failed because of a DNS or a NetBIOS lookup failure. the domain controller that logged Event ID 2087 was not able to resolve a replication partners IP address by using one of the following: • The CNAME resource record • The fully qualified computer name in DNS • The NetBIOS computer name Because the domain controller that logs the event cannot perform inbound replication, Active Directory data may be inconsistent among domain controllers. For example, user and computer group information may be inconsistent. |
Event Information | According to Microsoft: All domain controllers register SRV, A, and CNAME records in DNS. The CNAME record is of the form Dsa_Guid._msdcs.Dns_Domain_Name. Dsa_Guid is the GUID of the directory system agent (DSA) object for the domain controller. Dns_Domain_Name is the name of the forest where the domain controller is located. Domain controllers require the CNAME record to locate and to identify their replication partners. The Net Logon service on the domain controller registers all the SRV records. The DNS Client service on the domain controller registers the DNS host (A) record and the GUID CNAME record. A domain controller uses the following steps to locate its replication partner: 1. The domain controller uses DNS to look for the CNAME record of its replication partner. 2. If the lookup is unsuccessful, the domain controller looks for the DNS A record of its replication partner. For example, the domain controller looks for dc-03.corp.contoso.com. 3. If the DNS A record lookup is unsuccessful, the domain controller performs a NetBIOS broadcast by using the host name of its replication partner. For example, the domain controller uses dc-03. Resolution Follow the steps given in following articles <a href="http://support.microsoft.com/kb/216498" target="_blank">article</a> |
Reference Links | Troubleshooting Active Directory replication failures that occur because of DNS lookup failures, event ID 2087, or event ID 2088 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.