Article ID: 830379 - View products that this article applies to.
The semantic database analysis checker that is included with the Ntdsutil.exe tool may not be able to fix a mangled subref. In this scenario, Active Directory replication may fail, and event messages that are similar to the following may be logged in the Directory Service event log:
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
The attempt to establish a replication link with parameters
Source DSA DN: CN=NTDS
Settings,CN=NTDS Settings,CN=Servers,CN=name,CN=Sites,CN=Configuration,DC= name,DC=com Source DSA Address: 339ca0d9-7dd7-4e15-bbee-1998387e4634._msdcs. name.com Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC= name,DC=com
When you try resolve this problem by using the semantic database analysis checker that is included with Ntdsutil, you cannot resolve the problem, and you may receive a message that is similar to the following:
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1645
The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is 339ca0d9-7dd7-4e15-bbee-1998387e4634._msdcs. name.com. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/339ca0d9-7dd7-4e15-bbee-1998387e4634/eas CNF:3311d1ff-608f-411c-97dc-56d221e04bab.parent.root.com@eas CNF:3311d1ff-608f-411c-97dc-56d221e04bab.parent.name.com.
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated.
To resolve this problem, install this hotfix on the domain controller that has the name-mangled object, restart the computer in Dsrepair mode, and then run the Ntdsutil go fix command to use the semantic database analysis checker on the Ntds.dit database. In Dsrepair mode, clients may receive an "Access denied" error message if they try to access DFS Root or DFS Link information on the computer. The generation of the error message is by design. This hotfix includes a new version of Ntdsutil.
Note To start the domain controller in Dsrepair mode, press F8 during the startup process, and then select Directory Service Restore Mode in the Advanced Options menu.
Hotfix informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
PrerequisitesNo prerequisites are required.
Restart requirementYou must restart your computer after you apply this hotfix.
Hotfix replacement informationThis hotfix does not replace any other hotfixes.
File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ----------------------------------------------------------- 14-Nov-2003 23:56 5.0.2195.6824 124,688 Adsldp.dll 14-Nov-2003 23:56 5.0.2195.6824 132,368 Adsldpc.dll 14-Nov-2003 23:56 5.0.2195.6824 63,760 Adsmsext.dll 14-Nov-2003 23:56 5.0.2195.6824 381,712 Advapi32.dll 14-Nov-2003 23:56 5.0.2195.6866 69,904 Browser.dll 14-Nov-2003 23:56 5.0.2195.6824 136,464 Dnsapi.dll 14-Nov-2003 23:56 5.0.2195.6824 96,016 Dnsrslvr.dll 14-Nov-2003 23:56 5.0.2195.6866 47,376 Eventlog.dll 14-Nov-2003 23:56 5.0.2195.6871 148,240 Kdcsvc.dll 05-Nov-2003 19:32 5.0.2195.6871 205,584 Kerberos.dll 21-Sep-2003 00:32 5.0.2195.6824 71,888 Ksecdd.sys 29-Oct-2003 06:45 5.0.2195.6869 511,248 Lsasrv.dll 29-Oct-2003 06:45 5.0.2195.6869 33,552 Lsass.exe 17-Oct-2003 00:33 5.0.2195.6866 114,960 Msv1_0.dll 14-Nov-2003 23:56 5.0.2195.6866 307,984 Netapi32.dll 14-Nov-2003 23:56 5.0.2195.6863 361,232 Netlogon.dll 14-Nov-2003 23:56 5.0.2195.6874 931,600 Ntdsa.dll 14-Nov-2003 23:56 5.0.2195.6824 392,464 Samsrv.dll 14-Nov-2003 23:56 5.0.2195.6824 113,936 Scecli.dll 14-Nov-2003 23:56 5.0.2195.6824 259,856 Scesrv.dll 06-Nov-2003 22:29 5.0.2195.6870 5,847,552 Sp3res.dll 14-Nov-2003 23:56 5.0.2195.6824 48,912 W32time.dll 21-Sep-2003 00:32 5.0.2195.6824 57,104 W32tm.exe 14-Nov-2003 23:56 5.0.2195.6869 126,224 Wldap32.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For additional information about the new file naming schema for Microsoft Windows software update packages, click the following article number to view the article in the Microsoft Knowledge Base:
816915For additional information about the terminology that is used in this article, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/816915/ )New file naming schema for Microsoft Windows software update packages
(https://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 830379 - Last Review: October 27, 2011 - Revision: 2.0