Posted: 4/30/2007 10:44:20 AM EDT
Okay guys, I've got five 2003 R2 domain controllers generating the following error message in the System Log:
This error is logging almost continuously. As an example, one server has a System Log size of 11,456KB and only goes back to 4/29/2007 3:20:20 PM. However, there is no indication of decreased performance on the server. Of course, there is no documentation on TechNet pertaining to this error. I have found a very similar problem here, however it's not an exact match and seems to be the only one even close when I Google: EventID.Net. Ideas? It's making it virtually impossible to perform any proactive system monitoring on these servers when the log fills up in only 24 hours. E-95 |
|
Has anyone fooled with Default Domain Controllers GPO? Maybe look and see if anyone put some settings in it? looking around also I see some mentions of permissions on GPO objects..maybe a GPO is corrupt or isn't replicating to all fo the DCs? Do you see any File replication errors? Page 21 here mentions that this may have something to do with the security policy INFs..maybe someone ran the Security lockdown wizard.. http://www.wsmr.army.mil/workforce/InformationAssurance/Windows_Server_2003_Security_Guide.pdf looks like there is a fair amount of info on MSDN.. http://search.msdn.microsoft.com/search/Default.aspx?brand=msdn&locale=en-us&query=SDDL |
|
Yea, we've been looking at the DC GPO's to try to nail it down. Part of the problem is that until the last two of us in our group came on board (Jack and I), there really wasn't anyone looking hard at MOM and the general health of AD. As a result, we don't know when the errors started. I'll take a look through the URL's you found and see if we can nail down a resolution. By the way, thanks for posting the little utility in the security/password thread. Very nice!  E-95 |
|
Well, I've narrowed down at least a contributor to the error. One of the GPO's applied to the DC's has both Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Access Restrictions and Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Launch Restrictions set to a blank value (not even Distributed COM Users granted rights). I'm coming in after the fact so I'm not really sure why this setting was enabled but at the very least that is constraining the DCOM security so the application in question (unknown at this time) can't perform some function resulting in the generated error. The investigation continues.  E-95 |
|
Same here. MOM was installed with all the options available so we're getting messages generated out the ying-yang. My counterpart over the cube wall has been doing a great job whittling it down and it's close to where it needs to be. By the way, found out that the GPO setting was made on the advice of Microsoft to solve an issue with were having with one of the TAP's we're involved with. An alternative solution was found, the GPO has been reset, and the errors have stopped.  E-95 |