Event ID 1699 is logged many times and fills the Directory Service event log of a Windows Server 2008-based writable domain controller

Symptoms

Consider the following scenario:

  • You have a Windows Server 2008-based writable domain controller and a Windows Server 2008-based read-only domain controller (RODC). Some client computers that exist in one site belong to the same domain.

  • Some users use a domain account to log on to the domain from a client computer that is in the site.

In this scenario, Event ID 1699 is logged many times in the Directory Service event log of the writable domain controller. These events resemble the following event:
Sometimes, Event ID 2041 may also be logged. The event that is logged resembles the following event:
These events fill the Directory Service event log and prevent administrators from troubleshooting issues according to the event logs.

Cause

When a Windows Server 2008 RODC tries to cache the password of a principal, a writable domain controller performs a check to determine whether this operation is permitted. If this operation is not permitted, an error code is returned. This is expected behavior. However, Event 1699 may incorrectly be logged when the error code is returned.

Resolution

A hotfix is available to resolve this issue. After you install this hotfix, the server does not log Event ID 1699 in the scenario that is mentioned in the "Cause" section. In other scenarios, the event is still logged.

Note This hotfix is already incorporated on Windows Server 2008 R2 full DCs. The fix is not required on Windows Server 2008 R2 full DCs.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

T o apply this hotfix, you must have Windows Server 2008 installed on the writable domain controller.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other previously released hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2008, x86-based versions

File name

File version

File size

Date

Time

Platform

Ntdsa.mof

Not Applicable

227,725

18-Dec-2007

21:02

Not Applicable

Ntdsai.dll

6.0.6001.22203

1,950,720

14-Jun-2008

03:35

x86

Windows Server 2008, x64-based versions

File name

File version

File size

Date

Time

Platform

Ntdsa.mof

Not Applicable

227,725

18-Dec-2007

21:03

Not Applicable

Ntdsai.dll

6.0.6001.22203

2,634,752

14-Jun-2008

03:59

x64

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Server 2008

Additional files for all supported 32-bit versions of Windows Server 2008 and of Windows Vista


File name

File version

File size

Date

Time

Platform

Package_for_kb953392_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mum

Not Applicable

1,647

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_sc~31bf3856ad364e35~x86~~6.0.1.0.mum

Not Applicable

1,422

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_server_0~31bf3856ad364e35~x86~~6.0.1.0.mum

Not Applicable

1,637

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_server~31bf3856ad364e35~x86~~6.0.1.0.mum

Not Applicable

1,430

16-Jun-2008

18:43

Not Applicable

X86_microsoft-windows-d..toryservices-ntdsai_31bf3856ad364e35_6.0.6001.22203_none_f152e17bd23dad95.manifest

Not Applicable

12,574

14-Jun-2008

04:26

Not Applicable

Additional files for all supported 64-bit versions of Windows Server 2008

File name

File version

File size

Date

Time

Platform

Amd64_microsoft-windows-d..toryservices-ntdsai_31bf3856ad364e35_6.0.6001.22203_none_4d717cff8a9b1ecb.manifest

Not Applicable

12,632

14-Jun-2008

05:04

Not Applicable

Package_for_kb953392_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mum

Not Applicable

1,657

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_sc~31bf3856ad364e35~amd64~~6.0.1.0.mum

Not Applicable

1,430

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mum

Not Applicable

1,647

16-Jun-2008

18:43

Not Applicable

Package_for_kb953392_server~31bf3856ad364e35~amd64~~6.0.1.0.mum

Not Applicable

1,438

16-Jun-2008

18:43

Not Applicable

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×