You are currently offline, waiting for your internet to reconnect

The semantic database analysis checker that is included with Ntdsutil.exe may not be able to fix a mangled subref

This article has been archived. It is offered "as is" and will no longer be updated.
The semantic database analysis checker that is included with the Ntdsutil.exe tool may not be able to fix a mangled subref. In this scenario, Active Directory replication may fail, and event messages that are similar to the following may be logged in the Directory Service event log:
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: Date
Time: Time
User: N/A
Computer: Computer_Name
The attempt to establish a replication link with parameters

Partition: DC=child,DC=parent,DC=root,DC=com
Settings,CN=NTDS Settings,CN=Servers,CN=name,CN=Sites,CN=Configuration,DC= name,DC=com Source DSA Address: 339ca0d9-7dd7-4e15-bbee-1998387e4634._msdcs. Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC= name,DC=com
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1645
Date: Date
Time: Time
User: Everyone
Computer: Computer_Name
The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is 339ca0d9-7dd7-4e15-bbee-1998387e4634._msdcs. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/339ca0d9-7dd7-4e15-bbee-1998387e4634/eas

Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated.
When you try resolve this problem by using the semantic database analysis checker that is included with Ntdsutil, you cannot resolve the problem, and you may receive a message that is similar to the following:
ntdsutil: sem d a semantic checker: go fix Fixup mode is turned on
Opening DIT database... Done.

Fixing conflict mangled name: eas
Fixing by rename with structural collision.

Could not update "datatable" table: key already exists
Error<8000ffff>: failed to fix mangled dn eas. Retrying.

***Manual intervention required***
Error <0>: non mangled name isn't a phantom (1)
There is an object holding the non mangled name
The object must be removed or renamed before the mangled name may be corrected.
DBG: Rolling back transaction due to error 80004005.
Can't fix Mangled NC Error.
To resolve this problem, install this hotfix on the domain controller that has the name-mangled object, restart the computer in Dsrepair mode, and then run the Ntdsutil go fix command to use the semantic database analysis checker on the Ntds.dit database. In Dsrepair mode, clients may receive an "Access denied" error message if they try to access DFS Root or DFS Link information on the computer. The generation of the error message is by design. This hotfix includes a new version of Ntdsutil.

Note To start the domain controller in Dsrepair mode, press F8 during the startup process, and then select Directory Service Restore Mode in the Advanced Options menu.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


No prerequisites are required.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version              Size  File name   -----------------------------------------------------------   14-Nov-2003  23:56  5.0.2195.6824     124,688  Adsldp.dll   14-Nov-2003  23:56  5.0.2195.6824     132,368  Adsldpc.dll   14-Nov-2003  23:56  5.0.2195.6824      63,760  Adsmsext.dll   14-Nov-2003  23:56  5.0.2195.6824     381,712  Advapi32.dll   14-Nov-2003  23:56  5.0.2195.6866      69,904  Browser.dll   14-Nov-2003  23:56  5.0.2195.6824     136,464  Dnsapi.dll   14-Nov-2003  23:56  5.0.2195.6824      96,016  Dnsrslvr.dll   14-Nov-2003  23:56  5.0.2195.6866      47,376  Eventlog.dll   14-Nov-2003  23:56  5.0.2195.6871     148,240  Kdcsvc.dll   05-Nov-2003  19:32  5.0.2195.6871     205,584  Kerberos.dll   21-Sep-2003  00:32  5.0.2195.6824      71,888  Ksecdd.sys   29-Oct-2003  06:45  5.0.2195.6869     511,248  Lsasrv.dll   29-Oct-2003  06:45  5.0.2195.6869      33,552  Lsass.exe   17-Oct-2003  00:33  5.0.2195.6866     114,960  Msv1_0.dll   14-Nov-2003  23:56  5.0.2195.6866     307,984  Netapi32.dll   14-Nov-2003  23:56  5.0.2195.6863     361,232  Netlogon.dll   14-Nov-2003  23:56  5.0.2195.6874     931,600  Ntdsa.dll   14-Nov-2003  23:56  5.0.2195.6824     392,464  Samsrv.dll   14-Nov-2003  23:56  5.0.2195.6824     113,936  Scecli.dll   14-Nov-2003  23:56  5.0.2195.6824     259,856  Scesrv.dll   06-Nov-2003  22:29  5.0.2195.6870   5,847,552  Sp3res.dll   14-Nov-2003  23:56  5.0.2195.6824      48,912  W32time.dll   21-Sep-2003  00:32  5.0.2195.6824      57,104  W32tm.exe   14-Nov-2003  23:56  5.0.2195.6869     126,224  Wldap32.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For additional information about the new file naming schema for Microsoft Windows software update packages, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For additional information about the terminology that is used in this article, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
PSS dbdump

Article ID: 830379 - Last Review: 12/08/2015 05:05:18 - Revision: 2.0

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • kbnosurvey kbarchive kbautohotfix kbhotfixserver kbqfe kbbug kbfix kbwin2000presp5fix KB830379