Maybe you are running out of system resources (like non-paged pool). You can try using poolmon to diagnose that (there's an old blog post on my blog about using that tool)
Cheers Ken -----Original Message----- From: Elijah Buck [mailto:elijah.b...@gmail.com] Sent: Tuesday, 29 January 2013 12:10 PM To: NT System Admin Issues Subject: Re: DC eventid 1168, bizarre behavior Yes, we ran adprep /rodc from the server 2008 cd. The RODC appears to be functioning correctly. The servers with event id 1168 are not rodc, by the way, if that wasn't clear. Elijah Sent from my iPhone On Jan 28, 2013, at 6:57 PM, Greg Olson <gol...@markettools.com> wrote: > Did you prep the domain for the read-only dc using the adprep /rodcprep cmd? > http://technet.microsoft.com/en-us/library/cc771055(v=ws.10).aspx > > Even if you have no 2003 servers if I remember right (and I could be wrong) > you still need to do the above with certain versions of Samba. > > > -Greg > > > -----Original Message----- > From: Elijah Buck [mailto:elijah.b...@gmail.com] > Sent: Monday, January 28, 2013 1:58 PM > To: NT System Admin Issues > Subject: DC eventid 1168, bizarre behavior > > Hello, > > I've been battling an odd issue with our domain controllers, and am > completely stumped. This seems to have been precipitated by adding a Read > Only Domain Controller and adding a number of Linux samba servers. The > symptoms of the issue follows: > > On DC11 (2008 sp2 ReadWrite DC, 2GB ram, virtual machine on ESXi 5.0u2): > > 0.) cpu usage is low, typically under 5%. Memory is 800M cached. 118M free. > > 1.) In the Directory Service event log the following two errors are logged: > *Event ID 1168 - Internal error: An Active Directory Domain Services error > has occured. > Additional data: Error value (decimal): 1450, Error Value (hex): 5aa, > Internal ID: 124048b *Event ID 1168 - Internal error: An Active Directory > Domain Services error has occured. > Additional data: Error value (decimal): 1450, Error Value (hex): 5aa, > Internal ID: 1240627 > > 2.) This has happened three times on DC11, and once on DC10 (also 2008 sp2). > The time that it affected both DC11 and DC10, manually pushing > passwords-to-be-cached to the RODC failed. > > 3.) Trying to read the properties of an object with ADSI edit (connected to > DC11) returns: > Windows could not load the values for all the attributes. Operation failed. > Error Code: > 0x2121. The search failed to retrieve attributes from the database. > 00002121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 1450. > > 4.) Attempting to run Windows Update gives Error 0x800705AA, which I believe > is ERROR_NO_SYSTEM_RESOURCE. > > 5.) Running 'runas /user:me cmd' fails with "5: Access is denied" > > 6.) The server appears to continue to service auth requests, and LDAP binds > still work. However, we seem to encounter intermittent issues with the samba > servers during this time. > > Site topology: > CORP: > DC4, DC5 (server 2003, auto-site coverage disabled by registry) > DC10, DC11 (server 2008 sp2) > > CAL: connected to CORP > RODC1 (server 2008 R2, read only domain controller) > > NY: connected to CORP and DRSITE > NYDC4 (server 2003) > > DRSITE: connected to CORP and NY > DC3 (server 2003) > DC20 (server 2008 R2) > > DC4 is the Schema Master. All other roles are on DC5. > > repadmin /showrepl and dcdiag don't show any errors. > > Two additional bits of information. (1) For some reasons, IIS is installed on > the DC10 and DC11 domain controllers. (2) a similar thing recently happened > with our Exchange 2010 server (2008 R2). The same error with 'runas' failing > occured, IIS app pools couldn't restart, and the windows process activation > service couldn't be restarted (also with error 5 access denied). > > I am planning on setting up a new RWDC, physically in CORP but in the CAL AD > site, and seeing if the issue follows the new server or stays with DC11. > > Any help would be appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
