none
EVENT ID 2513 - Active Directory Domain Service installed on Windows 2008 R2

    Question

  • Dear All,

    I am facing the following issue with my Active Directory installed on Server Windows 2008 R2.

    The error is occurring after every reboot of the Server only.

    Kindly help us to resolve the issue.

    Error is as given below :-

    Attempting to set the desired authentication protocol for a connection to the following DSA failed. 
     DSA: 
     47e135d4-51cd-46ba-aa4d-1d63c1a87b4c._msdcs.igtr.com

     Additional Data:
     Error:
     1747 The authentication service is unknown.

    Friendly View -

    - System
    - Provider
    [ Name] Microsoft-Windows-ActiveDirectory_DomainService
    [ Guid] {0e8478c5-3605-4e8c-8497-1e730c959516}
    [ EventSourceName] NTDS Replication
    - EventID 2513
    [ Qualifiers] 49152
    Version 0
    Level 2
    Task 22
    Opcode 0
    Keywords 0x8080000000000000
    - TimeCreated
    [ SystemTime] 2017-04-25T13:40:18.921336300Z
    EventRecordID 5132
    Correlation
    - Execution
    [ ProcessID] 712
    [ ThreadID] 3616
    Channel Directory Service
    Computer ADC.igtr.com
    - Security
    [ UserID] S-1-5-7

    -

    EventData
    47e135d4-51cd-46ba-aa4d-1d63c1a87b4c._msdcs.igtr.com
    The authentication service is unknown.

    1747

    Thursday, April 27, 2017 5:58 AM

All replies

  • Hi

     Seems to unknown traffic trying to authenticate itself from the AD & its been rejected due to failure in proving its identity,you need to check the connectivity & your firewall for the source of this anonymous traffic arising(wireshark,ms network monitor tool,etc.),Also you should check the process that is runing on the DC the source of this fail(process monitor).

    Microsoft Network Monitor ; https://www.microsoft.com/en-us/download/details.aspx?id=4865

    Process Monitor ; https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, April 27, 2017 6:38 AM
  • From the event log the Security ID is S-1-5-7 and this is anonymous logon, you can enable Advance security settings on the DC and check the logs, also check if you have Firewall enabled and Antivirus updated on the DC.

    Check your Delegation on the DC and make sure you dont have any open ports or applications running on the DC that can be targeted by virus/ransomware.



    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    Thursday, April 27, 2017 9:34 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.
    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 1, 2017 3:41 AM
    Moderator