Windows Server 2012 Problem with Events ( 2089, 3041, 2887)

Dimitri Finger 1 Reputation point
2021-01-26T13:36:02.347+00:00

Yoyo guys, how are u? I came here cuz i'm having lots of trouble with my windows server 2012. Everyday when I first open the server interface there are 3 Events that I'm trying to fix for weeks and they keep haunting me.

EVENT ID 3041:
60590-erro-3041.png

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS LDAP" />
<EventID Qualifiers="32768">3041</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-01-26T12:24:08.688379000Z" />
<EventRecordID>18732</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="704" />
<Channel>Directory Service</Channel>
<Computer>[bar].[foo].local</Computer>
<Security UserID="x-x-x-x" />
</System>
<EventData />
</Event>

EVENT ID 2887:
60597-erro-2887.png

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS LDAP" />
<EventID Qualifiers="32768">2887</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-01-26T12:24:08.688379000Z" />
<EventRecordID>18733</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="704" />
<Channel>Directory Service</Channel>
<Computer>[bar].[foo].local</Computer>
<Security UserID="x-x-x-x" />
</System>

  • <EventData>
    <Data>20</Data>
    <Data>0</Data>
    </EventData>
    </Event>

And the last and worst one, that is making me crazy.

EVENT ID 2089:

60628-erro-2089.png
60651-erro-2089.png

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  • <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
    <EventID Qualifiers="32768">2089</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>14</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2021-01-25T13:24:08.796425800Z" />
    <EventRecordID>18728</EventRecordID>
    <Correlation />
    <Execution ProcessID="556" ThreadID="704" />
    <Channel>Directory Service</Channel>
    <Computer>[bar].[foo].local</Computer>
    <Security UserID="x-x-x-x" />
    </System>
  • <EventData>
    <Data>DC=DomainDnsZones,DC=[foo],DC=local</Data>
    <Data>90</Data>
    <Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
    <Data>Backup Latency Threshold (days)</Data>
    </EventData>
    </Event>

As you can see below, I already added the reg key and this EVENT keeps happening everyday.
60500-reg.png

We're using a Dell T110-II running WS 2012 Fundatition

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,538 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,252 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,972 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,596 Reputation points
    2021-01-26T23:09:46.277+00:00

    Hi,

    It seems that some client are not using secure protocol like LDAP signing for LDAP connection. You can ignore this alert if you can't force all clients using LDAP signing.

    event-id-2887-display-error-again-and-again

    Regarding the second alert EVENT ID 2089 , it remind you that you don't have backup since 90 days. It's recommended to have at least a full backup of 2 domain controllers per domain. To remove this alert , you should backup a domain controller per domain.

    ntds-replication-event-2089-backup-latency-interval

    ----------

    Please don't forget to mark helpful reply as answer

    0 comments No comments

  2. Vicky Wang 2,646 Reputation points
    2021-01-28T07:00:08.817+00:00

    Hi,

    I am glad to hear that your issue was successfully resolved\I am pleased to know that the information is helpful to you. If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,
    Vicky

    0 comments No comments

  3. Dimitri Finger 1 Reputation point
    2021-01-28T12:54:04.093+00:00

    First of all ty for your answer.

    At the event 2089 I set the register key "Backup latency interval" to 9000 days, shouldn't it work? At least to send the messages away?