Thursday, March 8, 2018

 

[Windows] AD Domain Controller 환경에서의 Server Hang up & related Events



Server Hang up & related Event messages

in AD Domain Controller 




[Explanation]

ActiveDIrectory Domain Contoller (이하 AD 서버)에서 hangs이 발생하였습니다. Hangs이 발생하여 서버를 rebooting을 전후 주요한 이벤트 메시지를 공유드리오니, 해당 이벤트 발생에 대한 선감지하시는데 참고하시기 바랍니다. (특히, 이벤트 id가 1206, 7017, 2004 는 hang 상태이기 전에 error 메시지로 발생하였습니다. )

[EventID: 1206]
Source: ADWS
Active Directory Web Services was unable to determine if the computer is a global catalog server.


[EventID: 7017]
Source: Group Policy
The LDAP call to connect and bind to Active Directory completed.
CLARUSSRV.clarus.local
The call failed after 30014 milliseconds.


[EventID: 2004]
Source: Resource-Exhaustion-Detect
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: ASDSvc.exe (388) consumed 2122604544 bytes, svchost.exe (616) consumed 231415808 bytes, and svchost.exe (956) consumed 211873792 bytes



==================Rebooting server======================

[EventID: 41]
Source: Kernel-Power
The system has rebooted without cleanly shutting down first.
This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.


[EventID: 34]
Source: Disk
The driver disabled the write cache on device \Device\Harddisk0\DR0.


[EventID: 1539]
Source: ActiveDirectory_DomainService
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
Hard disk:c: Data might be lost during system failures.


[EventID: 2120]
Source: ActiveDirectory_DomainService
This Active Directory Domain Services server does not support the Recycle Bin.
Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost.
Additionally, attributes of other objects that refer to the object being undeleted may also be lost.



[EventID: 2121]
Source: ActiveDirectory_DomainService
This Active Directory Domain Services server is disabling the Recycle Bin. Deleted objects may not be undeleted at this time.


[EventID: 2041]
Source: ActiveDirectory_DomainService
Duplicate event log entries were suppressed.
See the previous event log entry for details. An entry is considered a duplicate if the event code and all of its insertion parameters are identical. The time period for this run of duplicates is from the time of the previous event to the time of this event.
Event Code:80000603
Number of duplicate entries: 2


[EventID: 4625]
Source: EventSystem
The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds.
The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.



[EventID: 2886]
Source: ActiveDirectory_DomainService
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection and will stop working if this configuration change is made.  To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred.  You are encouraged to configure those clients to not use such binds.  Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds.
For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.



[EventID: 1056]
Source: DHCP-Server
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.


[EventID: 7000]
Source: Service Control Manager
The True Last Logon Scheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


[EventID: 7009]
Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the True Last Logon Scheduler service to connect.


♔♔♔♔♔♔♔♔♔♔
댓글이나 의견은 언제든지 환영합니다.

Your Comments are Always Welcomed!
Share:

0 comments:

Post a Comment