Имеется два домен контроллера под управлением ОС Windows Server 2008 r2. Один из них хозяин схемы и всех ролей. Оба настроены в реплику. Когда на одном делаю изменения допустим в AD, то во втором они тоже появляются.
Спустя примерно месяц после настройки домена в логах обоих серверов стала появляться ошибка с кодом 2089 каждый день в одно и то же время. Текст ошибки
«Not able to obtain the full description for event ID 2089 from source NTDS Replication. This may happen if this computer is not able to access the event log message file on the analyzed computer or the message file does not exist.
Looking up this event/source combination through www.eventid.net may reveal the actual description.
The event log message contains the following parameters (sometimes this represents the message description itself):
CN=Configuration,DC=companename,DC=local
90
SystemCurrentControlSetServicesNTDSParameters
Backup Latency Threshold (days) «
и еще 4 похожие ошибки, но с отличием в одной строке:
-DC=companename,DC=local
-CN=Schema,CN=Configuration,DC=companename,DC=local
-DC=ForestDnsZones,DC=companename,DC=local
-DC=DomainDnsZones,DC=companename,DC=local
Похоже, что ругается на репликацию, но сервера вроде реплицируются. Подскажите, как избавиться от этого ивента?
Functionality on all three of my domain controllers seem to be running fine….
Does anyone have any suggestions for this event being logged?
=========================================================
Event Type: Warning
Event Source: NTDS Replication
Event Category: Backup
Event ID: 2089
Date: 6/15/2009
Time: 4:09:19 AM
User: NT AUTHORITYANONYMOUS LOGON
Computer: SMADC4
Description:
This directory partition has not been backed up since at least the following number of days.
Directory partition:
DC=salesmaster,DC=local
‘Backup latency interval’ (days):
30
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven’t taken a backup since at least the ‘backup latency interval’ number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the ‘Backup latency interval’ is set to half the ‘Tombstone Lifetime Interval’. If you want to change the default ‘Backup latency interval’, you could do so by adding the following registry key.
‘Backup latency interval’ (days) registry key:
SystemCurrentControlSetServicesNTDSParametersBackup Latency Threshold (days)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Opens a new window.
=========================================================
| title | description | ms.date | author | ms.author | manager | audience | ms.topic | ms.prod | localization_priority | ms.reviewer | ms.custom | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
NTDS Replication Event 2089 is logged |
Discusses the problem where a new event error message is logged if you don’t back up a Windows Server 2003 Service Pack 1 (SP1)-based domain controller in a given time period that is called the backup latency interval. |
9/24/2021 |
Deland-Han |
delhan |
dcscontentpm |
itpro |
troubleshooting |
windows-server |
medium |
kaushika |
sap:active-directory-backup-restore-or-disaster-recovery, csstroubleshoot |
windows-server-active-directory |
NTDS Replication Event 2089 is logged if Windows Server 2003 SP1 and later domain controllers aren’t backed up in a given time period
This article discusses the problem where a new event error message is logged if you don’t back up a Windows Server 2003 Service Pack 1 (SP1)-based domain controller in a given time period that is called the backup latency interval.
Applies to: Window Server 2003
Original KB number: 914034
Introduction
When you back up a domain controller that is running Microsoft Windows Server 2003 Service Pack 1 (SP1), a new event error message is logged for each writable domain or application partition that the domain controller hosts. This is true if the partition isn’t backed up in a given time period. The time period is called a backup latency interval. You can set a registry value to specify this interval in days.
More information
New behavior in Windows Server 2003 SP1
The DSA Signature attribute is modified every time that a system state backup is made. The operating system monitors this attribute. An event error message is logged when the backup latency interval criteria are met. Any Windows Server 2003 SP1-based domain controller may log the event because the DSA Signature attribute is a replicated attribute.
[!NOTE]
The new event error message is not logged until a backup is made on a Windows Server 2003-based domain controller that is running Windows Server 2003 SP1. Only Windows Server 2003 SP1-based domain controllers log this event error message.
The default time period of the backup latency interval is half of the Tombstone Lifetime (TSL) for logging the event error message on the domain controller. The following list shows the difference in the default TSL values for a forest that is created on Windows Server 2003 and a forest that is created on Windows Server 2003 SP1:
- Windows Server 2003
By default, the TSL value in Windows Server 2003 is 60 days. Therefore, the event error message isn’t logged until 30 days after the last backup.
- Windows Server 2003 SP1
By default, the TSL value in new forest created by Windows Server 2003 SP1 is 180 days. The TSL value is 60 days in all other cases. The event error message in a forest with a 180-day TSL isn’t logged until 90 days after the last backup.
[!NOTE]
If you just install Windows Server 2003 SP1 on Windows Server 2003-based computers, this doesn’t increase the TSL to 180 days. The forest must be created on a server that has Windows Server 2003 SP1 installed at the time that you create it. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
216993 Useful shelf life of a system-state backup of Active Directory
Deployment Strategy
The default value for the backup latency interval in a forest that uses the default TSL is insufficient to correctly warn administrators that partitions aren’t being backed up with sufficient frequency.
In the registry, administrators can specify a value for the Backup Latency Threshold (days) entry. This provides a simple method to adjust how soon event ID 2089, is logged if a backup isn’t made in a certain time period. Therefore, the time period reflects the backup strategies of the administrators. This event error message serves as a warning to administrators that domain controllers aren’t being backed up before the TSL expires. This event error message is also a useful tracking event to monitor applications such as Microsoft Operations Manager (MOM).
We recommend that you take system state backups that include each forest, domain, and application partition on at least two computers every day. We also recommend that you configure this event to occur every other day if a backup isn’t made. Third-party backup programs may use a method that calls the backup API that updates the attribute. When these programs use this method, it causes the DSA Signature attribute to be updated.
An event ID 2089 error message is logged in the Directory Service event log when a partition isn’t backed up during the backup latency interval. Only one event error message is logged each day for each partition that a domain controller hosts. The event error message is similar to the following:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Backup Event ID: 2089
Description: This directory partition has not been backed up since at least the following number of days.Directory partition:
DC=domainDC=com«Backup latency interval» (days):
30
It’s recommended that you take a backup as often as possible to recover from accidental loss of data. However, if you haven’t taken a backup since at least the «backup latency interval» number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the «Backup latency interval» is set to half the «Tombstone Lifetime Interval». If you want to change the default «Backup latency interval», you could do so by adding the following registry key.
«Backup latency interval» (days) registry key:
SystemCurrentControlSetServicesNTDSParametersBackup Latency Threshold (days).
[!NOTE]
The value of Backup Latency Threshold (days) is a registry entry but not a key as stated in the event error message. The backup latency interval is half the value of the TSL of the forest. When this value is reached, the operating system logs event ID 2089 in the Directory Service event log. This event ID warns administrators to monitor applications and to make sure that domain controllers are backed up before the TSL expires. To set the interval that the operating system waits before an event ID 2089 is logged, use Registry Editor to set the value of the Backup Latency Threshold (days) entry. To do this, follow these steps:
- Start Registry Editor.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters- Right-click Parameters, point to New, and then click DWORD Value.
- Type Backup Latency Threshold (days), and then press ENTER.
- Right-click Backup Latency Threshold (days), and then click Modify.
- In the Value data box, type the number of days to use as a threshold, and then click OK.
References
https://blogs.msdn.com/brettsh/archive/2006/02/09/528708.aspx
- Remove From My Forums
-
Question
-
Hi Folks;
I started seeing this error on my DC’s after testing out Veem VM backup software. Prior to installing that software this event id entry never appeared.
It seems that the Veem software ‘turned on’ monitoring of the directory partition and whether it has been backed up.
The error is occurring on Windows 2008 R2 domain controllers.
I’m not interested in discussing backup strategies or how to adjust the time frame that these event ID’s show up…. or how to use Windows Backup to address the issue.
What I would like to know is how to turn off this monitoring
as it was before VEEM was installed. Does anyone know how to do this?
Q: Marking a question as answered when it’s not — is this something new? A: Not at all, it’s standard Nick Gu!
Страницы
- Друзья
- Карта сайта
- О сайте
Промо
На основном контроллере домена (PDC) с недавних пор начало появляться сообщение — «Ошибка 2089 — Этот раздел каталога не архивировался по крайней мере указанное количество дней». Чёрти что. Всё работает нормально, но сообщение смущает. Не нормально ведь.
Тип: Предупреждение
Источник: NTDS Replication
Категория: Архивация данных
Код (ID): 2089
Дата: 9.12.2005
Время: 19:05:24
Пользователь: NT AUTHORITYАНОНИМНЫЙ ВХОД
Компьютер: Svtorcm
Описание: Этот раздел каталога не архивировался по крайней мере указанное количество дней.
Раздел каталога: DC=local
Интервал задержки архивации (дней): 30
Рекомендуется создавать архивную копию как можно чаще, чтобы обеспечить возможность восстановления в случае аварийной потери данных. Однако в том случае, если архивная копия не создавалась в течение указанного как «интервал задержки архивации» количества дней, это сообщение будет записываться в журнал каждый день до тех пор, пока не будет создана архивная копия. Можно сделать архивную копию любой реплики, содержащей этот раздел.
По умолчанию интервал задержки архивации устанавливается равным половине интервала времени жизни захоронения. Чтобы изменить интервал задержки архивации, можно добавить следующий раздел реестра.
Раздел реестра для интервала задержки архивации:
SystemCurrentControlSetServicesNTDSParametersBackup Latency Threshold (days)
Уже где то дней 15 выскакивает это сообщение с периодичностью в 24 часа. Причем выскакивает еще шесть сообщений которые отличаются между собой только параметром в описании:
1.Раздел каталога: DC=local
2.Раздел каталога: CN=Configuration,DC=local
3.Раздел каталога: CN=Schema,CN=Configuration,DC=local
3.Раздел каталога: DC=DomainDnsZones,DC=local
4.Раздел каталога: DC=ForestDnsZones,DC=local
5.Раздел каталога: DC=TAPI3Directory,DC=local
Для того чтобы в Windows Server 2003 избежать ошибки — необходимо воспользоваться стандартной утилитой ntbackup.exe (Архивация данных) и не реже чем 1 раз в 90 дней делать резервную копию SystemState — можно в ручную, можно по расписанию.
Как это сделать расскажу дальше.
«Пуск — Выполнить — ntbackup».
Запускаем в режиме мастера.
Открылось окно выбора действий.
Архивируем файлы и параметры.
Выбираем объекты, которые будем архивировать. В нашем случае это SystemState, со всем его содержимым.
Выбираем размещение и имя архива. И жмём Далее.
Поехали.
После того как бекап будет сделан, предупреждения перестанут появляться. Рекомендую добавить это задание в планировщик.
запах после пожара
Комментарии
|
Комментарий от ts [ 9 августа, 2013, 15:00 ] |
|
Спасибо! |
|
Комментарий от Вадим [ 10 сентября, 2014, 07:23 ] |
|
Спасибо огромное за статью! |
|
Комментарий от Роман [ 19 ноября, 2014, 12:27 ] |
|
Спасибо за статью! |
Поиск по сайту
Статистика
Мета
- Админ
- RSS записей
- RSS комментариев