These are my notes form the last time I fought this issue. Hope they help. Basically the DC will not replicate until the logs are cleared or the registry key is changed.
Problem "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail". When this registry key is set to the value of 2 then only members of the Administrators group can log onto xxxxxx. When attempting to pull replication the replication attempts occurred under the "System" context which is not a member of the Administrators group and thus failing with "Access is denied". RESOLUTION: We set the CrashOnAuditFail value to 0 or 1. We can modify this functionality via the "Default Domain Controller" group policy with the following setting, "Computer Configuration\Windows Settings\Security\ Local Policies\Security Options\Audit: Shut down the system immediately if unable to log security audits" When this group policy setting is set to enabled then the CrashOnAuditFail is set to 1 but if it is disabled then the value is 0. I also create an internal article describing our issue and this way if enough support professionals use my article to resolve their issue then it may become a public knowledge base article. Value Meaning 0 The feature is off. The system does not halt, even when it cannot record events in the Security Log. 1 The feature is on. The system halts when it cannot record an event in the Security Log. 2 The feature is on and has been triggered. The system halted because it could not record an auditable event in the Security Log. Only members of the Administrators group can log on. On Sat, 21 Aug 2004 03:48:16 +0300, Guy Teverovsky <[EMAIL PROTECTED]> wrote: > > In my environment, when W2K3 DC boots with security logs full, the > replication from that DC stops till the security log is cleared and the > box is rebooted. > The interesting thing is that after the security logs become full (while > the box is online) the replication continues to work till the box is > rebooted with full log. > > So the question is whether this can be prevented (we do have a routine > which takes care of security logs archiving, but it failed on one of the > DCs and I would like to prevent the replication from breaking again). > > And another OT question: > When logging on to XP with cached credentials, is the Kerberos ticket > cached too ? And if yes, what happens when the ticket expires and the > box is reconnected to the network: will it seamlessly try to renew the > ticked ? > > Thanks, > Guy > > -- > Smith & Wesson - the original point and click interface > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
