Event ID 1699 is logged many times and fills the Directory Service event log of a Windows Server 2008-based writable domain controller

Applies to: Windows Server 2008 Datacenter without Hyper-VWindows Server 2008 Enterprise without Hyper-VWindows Server 2008 for Itanium-Based Systems


Consider the following scenario:
  • You have a Windows Server 2008-based writable domain controller and a Windows Server 2008-based read-only domain controller (RODC). Some client computers that exist in one site belong to the same domain.
  • Some users use a domain account to log on to the domain from a client computer that is in the site.
In this scenario, Event ID 1699 is logged many times in the Directory Service event log of the writable domain controller. These events resemble the following event:
Sometimes, Event ID 2041 may also be logged. The event that is logged resembles the following event:
These events fill the Directory Service event log and prevent administrators from troubleshooting issues according to the event logs.


When a Windows Server 2008 RODC tries to cache the password of a principal, a writable domain controller performs a check to determine whether this operation is permitted. If this operation is not permitted, an error code is returned. This is expected behavior. However, Event 1699 may incorrectly be logged when the error code is returned.


A hotfix is available to resolve this issue. After you install this hotfix, the server does not log Event ID 1699 in the scenario that is mentioned in the "Cause" section. In other scenarios, the event is still logged.

Note This hotfix is already incorporated on Windows Server 2008 R2 full DCs. The fix is not required on Windows Server 2008 R2 full DCs.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.


T o apply this hotfix, you must have Windows Server 2008 installed on the writable domain controller.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other previously released hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2008, x86-based versions
File nameFile versionFile sizeDateTimePlatform
Ntdsa.mofNot Applicable227,72518-Dec-200721:02Not Applicable
Windows Server 2008, x64-based versions
File nameFile versionFile sizeDateTimePlatform
Ntdsa.mofNot Applicable227,72518-Dec-200721:03Not Applicable


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Server 2008

Additional files for all supported 32-bit versions of Windows Server 2008 and of Windows Vista
File nameFile versionFile sizeDateTimePlatform
Package_for_kb953392_sc_0~31bf3856ad364e35~x86~~ Applicable1,64716-Jun-200818:43Not Applicable
Package_for_kb953392_sc~31bf3856ad364e35~x86~~ Applicable1,42216-Jun-200818:43Not Applicable
Package_for_kb953392_server_0~31bf3856ad364e35~x86~~ Applicable1,63716-Jun-200818:43Not Applicable
Package_for_kb953392_server~31bf3856ad364e35~x86~~ Applicable1,43016-Jun-200818:43Not Applicable
X86_microsoft-windows-d..toryservices-ntdsai_31bf3856ad364e35_6.0.6001.22203_none_f152e17bd23dad95.manifestNot Applicable12,57414-Jun-200804:26Not Applicable
Additional files for all supported 64-bit versions of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-d..toryservices-ntdsai_31bf3856ad364e35_6.0.6001.22203_none_4d717cff8a9b1ecb.manifestNot Applicable12,63214-Jun-200805:04Not Applicable
Package_for_kb953392_sc_0~31bf3856ad364e35~amd64~~ Applicable1,65716-Jun-200818:43Not Applicable
Package_for_kb953392_sc~31bf3856ad364e35~amd64~~ Applicable1,43016-Jun-200818:43Not Applicable
Package_for_kb953392_server_0~31bf3856ad364e35~amd64~~ Applicable1,64716-Jun-200818:43Not Applicable
Package_for_kb953392_server~31bf3856ad364e35~amd64~~ Applicable1,43816-Jun-200818:43Not Applicable