Not really. It is OK to not generate a superior reference. Superior references are really for people who have a advanced directory setups, and intentionally want unknown LDAP DNs to be referred to another directory service (i.e. another AD forest, or Novel NDS, or Sun iPlanet / SunONE servers).
But this means that there is some application that is generating a garbage DN, in that it is asking your directory for a DN base that isn't rooted in any of your domains/config/schema NCs. What is the object DN in the event? Can you use that to guess at the errant app hitting your directory? Cheers, Brett Shirley [msft] This posting is provided "AS IS" with no warranties, and confers no rights. On Sun, 2 Jan 2005, Pete Procenko wrote: > I see, I found some references about superiorDNSRoot at the MS's site, could > You please recommend what to look for in AD to see where the trouble is? As > far as I understood superiorDNSRoot is something dynamically generated, but > in my case sometimes this generation fail, am I right? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Eric Fleischman > Sent: Friday, December 31, 2004 11:21 PM > To: [email protected] > Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error > > > Thanks. Yes Russian is fine for event text. > > So this error is a little silly on our part. In 2003, we actually disabled > this error by default, and only throw it if you increase the appropriate > logging level to at least one (whereas in 2000 0 would toss it, aka default > install). We also added some better text and parameters in 2003: > > ---------- > An attempt to generate a referral based on the superiour reference failed for > the following DN. > Active Directory could not find the superiorDNSRoot attribute on the > cross-reference object for > the root domain of this forest because it is not set. An attempt to generate > a referral > automatically has also failed. > > Additional info: > > Object DN: > ---------- > > Of course, the parameters would be filled in on an actual throwing of the > error. > > Try looking at what the error text from 2003 is telling you. The code path > which throws this in 2003 is logically similar to 2000. > > ~Eric > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Procenko > Sent: Friday, December 31, 2004 12:36 AM > To: [email protected] > Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error > > Thanks for reply! > > Ok, I will,but it would be in Russian. > > ��� �������(Event Type): ������ (Translation - Error) > �������� �������(Event Source): NTDS General > ��������� �������(Event Category): (9) > ��� �������(Event id): 1049 > ����: 29.12.2004 > �����: 8:47:13 > ������������: DOMAIN\adminuser > ���������: MAINDC > �������� (Description): > ��� �������� ������� ������� ������ �� ������, �� ��� �� �������. > (Translation - All Directories require main root reference,but it is not > found) > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Eric Fleischman > Sent: Thursday, December 30, 2004 6:03 PM > To: [email protected] > Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error > > > Can you please paste the entire event message in to an email and > reply-all with it? Please use the event viewer copy button so we get it > as-is with no typo's nor language changes. > > Thanks! > ~Eric > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete Procenko > Sent: Thursday, December 30, 2004 12:08 AM > To: [email protected] > Subject: [ActiveDir] help troubleshoot ntds general 1049 error > > Hi! > Do anyone know what error "All Directories require main root reference, > but it is not found" means and what to do in this case? > We use localized w2k server with sp4, so in english version message > could sound differently. > Last month this message with source NTDS General and Event id 1049 > began to appear about one or two times per week, it seems that all is > working fine, but who knows? > We have two domains in one forest, four DC, all DC's are GC, this > error is logged only on first DC in first domain. > Tried to find anythihg about this at microsoft's site, and at > Google, and in maillist archives, but unsuccessifully. > > > Pete. > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
