none
AD Health Issues and NTDS Shadow Copy Freeze Messages

    Question

  • I have a new Windows Server 2016 Standard Server running on Dell PE R530 hw. The server is owner of all FSMO roles, which were transferred from a retired SBS 2011 Standard server. I also have a VMware VM running Windows Server 2008 R2, which is an additional domain controller in the same subnet.

    Every 6 hours or so, I'm getting a few information messages in the Directory Services log that I cannot resolve or find answers for.  The 1st one has source of NTDS ISAM, with message of NTDS (836) NTDSA: Shadow copy instance 20 freeze started.  The freeze numbers started at 1 and have continued to 20, 21...  I am also getting Internal event: The Address Book hierarchy table has been rebuilt messages.  All of these messages are Information category items with no warnings or errors.  And AD appears to be running fine with no client login or authentication issues.

    I have run all normal Active Directory tests to confirm AD and DNS health and all reports are clean.  Domain times settings are also correct.  These are the tests I have run thus far:

    Dcdiag /V /C /D /E, dcdiag /test:dns, repadmin /replsum, repadmin /showreps.

    I have also installed the latest Microsoft AD Replication Status Tool on both of my DCs and all tests are fine using this tool.

    My nightly VSS backups are running fine along with the daily VSS snapshots.  Vssadmin list writers also looks good.

    I did notice on my main DC that the standard, nightly NTDS online defrag jobs are not running.  However, they are running on my additional DC without issue.

    Should I be concerned about these Information only messages in my Directory Services log?

    Thanks for any input.

    Ken

    Saturday, March 18, 2017 11:59 AM

All replies

  • If they are informational I wouldn't worry. Do you have an SQL server on one of the servers? Maybe exclude the VSS writer for SQL from your backup program and see if that gets rid of the messages?


    Brian Baldock | MCTS | MS | MCP

    Please note: This post is provided as is with no guarantee.

    Test, then test again.

    Saturday, March 18, 2017 1:53 PM
  • No SQL instance installed.  It's simply a Windows Server 2016 Standard server with the Essentials Role enabled.  And I'm using the standard Windows Server backup utility for night backup jobs, which do complete fine.  I've also done SystemState backups as well.  I guess I'm just being overly paranoid because of the migration from the legacy SBS 2011 Standard server, which was retired. 

    What would explain the 2016 server not running a nightly NTDS online defrag job as I thought that was normal on all DCs?  My additional DC, which is running Server 2008 R2 does run the nightly online defrag of NTDS.  Also, the c:\windows\ntds folder has about a dozen edb0006A.log, edb0006B.log, edb0006C.log files, which are 10mb in size and a new one is created daily from what I can tell.  Ntds.dit is 45mb is size.  Not a large AD with only 35 users.

    Thanks.

    Ken 

    Saturday, March 18, 2017 4:05 PM
  • Hi Ken,

    To my knowledge, online defragmentation occurs automatically while AD DS is running.

    How did you determine if the nightly NTDS online defrag job was not running on your Windows Server 2016 DC?

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 20, 2017 7:24 AM
    Moderator
  • The reason that I think the online defrag of NTDS is not occurring on the Windows Server 2016 box is because there's no daily entries for the task in the Directory Services event log.  But on my Windows Server 2008 R2 server, which is my additional DC in the domain, I am seeing the event log messages for NTDS online defrag.  It occurs every 12 hours.  Event ID 700 is the start and event ID 701 is the completion event.

    But I have tested AD health pretty thoroughly and I cannot find any errors.  I just found it odd that the daily online defrags are not occurring.  And I had never seen the NTDS shadow copy freeze items in the Directory Services log.  They're not warnings or even cautions.  They're simply information items that I noticed while checking for the online defrag events.

    Event ID 2001 for NTDS ISAM:

    NTDS (836) NTDSA: Shadow copy instance 24 freeze started.

    And the C:\Windows\NTDS folder gets a daily log file called ebd00078.log, ebd00079.log...  If I understand the online defrag event, it checks the logs and writes the activity to the ntds.dit database and then clears the logs.  Much like what occurs with Exchange Server logs.

    Maybe I'm just being overly cautious of my AD health.

    Thanks for any input.

    Ken

    Monday, March 20, 2017 10:03 AM
  • Hi Ken,

    Maybe you could change the garbage collection logging level and check the Directory Service event log for Event ID 1646. It could prove that the NTDS online defrag running properly.

    Garbage Collection Logging Level

    https://servergeeks.wordpress.com/tag/online-defragmentation/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 21, 2017 6:55 AM
    Moderator
  • I did enable the garbage collection registry key last night and I am now seeing the daily 1646 event for the database statistics.  However, I'm still not seeing the online defrag activity for NTDS.

    Ken

    Wednesday, March 22, 2017 6:39 PM
  • Hi Ken,

    Directory Service event log for Event ID 1646, which reports the amount of disk space that you can recover by performing offline defragmentation. Since the daily 1646 event appeared, I think the online defrag worked properly.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 24, 2017 5:37 AM
    Moderator
  • Thanks for the input.

    Ken

    Friday, March 24, 2017 11:22 PM
  • Hi Ken,

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 27, 2017 1:30 AM
    Moderator