Home
  •  

A domain controller made a replication request for a writable directory partition that has been denied by the local domain controller

A_domain_controller_made_a_replication_request_for_a_writable_directory_partition_that_has_been_denied_by_the_local_domain_controller_5_Rule (Rule)

Knowledge Base article:

Summary

The following domain controller made a replication request for a writable directory partition that has been denied by the local domain controller. The requesting domain controller does not have access to a writable copy of this directory partition.

Sample Event:

The following domain controller made a replication request for a writable directory partition that has been denied by the local domain controller. The requesting domain controller does not have access to a writable copy of this directory partition.

Requesting domain controller: %2

Directory partition: %1

Resolutions

If the requesting domain controller must have a writable copy of this partition, verify that the security descriptor on this directory partition has the correct configuration for the Replication Get Changes All access right.

External

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1977
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
A domain controller made a replication request for a writable directory partition that has been denied by the local domain controller
{0}
Event LogDirectory Service
CommentMom2005ID='{0FE79EC7-956C-46E7-910B-3DC4DFAA1B52}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="A_domain_controller_made_a_replication_request_for_a_writable_directory_partition_that_has_been_denied_by_the_local_domain_controller_5_Rule" Comment="Mom2005ID='{0FE79EC7-956C-46E7-910B-3DC4DFAA1B52}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Directory Service</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1977</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>Channel</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Directory Service</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="A_domain_controller_made_a_replication_request_for_a_writable_directory_partition_that_has_been_denied_by_the_local_domain_controller_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>