Event ID - 2536

Event Id2536
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionThe directory server has failed to update the AD_TERM_ABBR serviceConnectionPoint object in AD_TERM. This operation will be retried.
Additional Data
SCP object DN:
%1
Error value:
%2 %3
Server error:
%4
Internal ID:
%5
AD_TERM_ABBR service account:
%6
User Action If AD_TERM_ABBR is running under a local service account, it will be unable to update the data in AD_TERM. Consider changing the AD_TERM_ABBR service account to either NetworkService or a domain account.

If AD_TERM_ABBR is running under a domain user account, make sure this account has sufficient rights to update the serviceConnectionPoint object.

ServiceConnectionPoint object publication can be disabled for this instance by setting msDS-DisableForInstances attribute on the SCP publication configuration object.
Event Information According to Microsoft :

Cause :

This event is logged when the directory server has failed to update the AD_TERM_ABBR serviceConnectionPoint object in AD_TERM.

Resolution :

Ensure that the service account can update SCP information

If you want other computers to be able to locate the Active Directory Lightweight Directory Services (AD LDS) instance, ensure that permissions are configured appropriately to allow the serviceConnectionPoint (SCP) update to occur. To resolve this issue, you must ensure that the service account type is correct and that it has the appropriate permissions to update the SCP. Perform the following procedures on the computer that is logging the event to be resolved.

To perform these procedures, you must have membership in Domain Admins , or you must have been delegated the appropriate authority.

To ensure that the service account type is correct:
  1. Open Services. To open Services, click Start , in Start Search , type services.msc , and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  2. Locate the AD LDS instance name in the list of services, right-click it, and then click Properties .
  3. Select Log On , and ensure that Local System account is not selected. If it is selected, click This account , and then enter Network Service or the name of a domain user account that you want the AD LDS instance to use:

    • If you are using Network Service, clear the Password and Confirm password boxes.
    • If you are using a domain user account, enter and then confirm the password for that account.
    • Click OK to confirm the changes to the service account.

  4. Click OK if you are prompted to confirm that the account should be given the right to log on as a service and that a restart of the service is required.
  5. Do not close the Services snap-in because you will use it to restart the AD LDS instance at the end of these procedures.
To verify that the service account has the appropriate permissions:
  1. Open ADSI Edit. To open ADSI Edit, click Start , in Start Search , type adsiedit.msc , and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  2. In the console tree, right-click the ADSI Edit object, and then click Connect to .
  3. Ensure that Select a well known Naming Context is selected and that the option is set to Default naming context .
  4. Ensure that Select or type a domain or server is selected, and then type the name of a domain controller, followed by the port number on which Active Directory Domain Services (AD DS) is hosted (by default, port 389). For example, to connect to a domain controller named ContosoDC1 on port 389, type ContosoDC1:389 .
  5. The distinguished name of the SCP is identified in the Event Viewer event text. Expand that location. By default, the location is an object that is subordinate to the computer object of the computer that hosts the AD LDS instance. The object is CN={GUID}, where GUID is the globally unique identifier (GUID) for the instance, which is listed in the event text. Note : You open objects in ADSI Edit in the reverse order in which they appear in the event text. For example, given the path CN={GUID},CN=Service Connect,DC=Contoso,DC=com in the event text, expand the DC=Contoso,DC=com object first, and then select CN=Service Connect .
  6. Right-click the SCP object, and then click Properties .
  7. Click Security . You may either select a domain account in the existing list of groups or user names to use or click Add to add a domain user or group account.
  8. Ensure that the account that you selected or added has the Full Control permission set to Allow.
  9. Return to Services, and then restart the AD LDS instance service. To restart the service, right-click the instance name, and then click Restart .
Verify :

When an Active Directory Lightweight Directory Services (AD LDS) instance successfully creates a serviceConnectionPoint (SCP), Event ID 2535 is logged in Event Viewer. Check for the existence of this event in the ADAM_instanceName log of Event Viewer, where instanceName is the name of the AD LDS instance.
Reference LinksEvent ID 2536 from Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh