EVENT ID 2513 - Active Directory Domain Service installed on Windows 2008 R2


  • Dear All,

    I am facing the following issue with my Active Directory installed on Server Windows 2008 R2.

    The error is occurring after every reboot of the Server only.

    Kindly help us to resolve the issue.

    Error is as given below :-

    Attempting to set the desired authentication protocol for a connection to the following DSA failed. 

     Additional Data:
     1747 The authentication service is unknown.

    Friendly View -

    - System
    - Provider
    [ Name] Microsoft-Windows-ActiveDirectory_DomainService
    [ Guid] {0e8478c5-3605-4e8c-8497-1e730c959516}
    [ EventSourceName] NTDS Replication
    - EventID 2513
    [ Qualifiers] 49152
    Version 0
    Level 2
    Task 22
    Opcode 0
    Keywords 0x8080000000000000
    - TimeCreated
    [ SystemTime] 2017-04-25T13:40:18.921336300Z
    EventRecordID 5132
    - Execution
    [ ProcessID] 712
    [ ThreadID] 3616
    Channel Directory Service
    - Security
    [ UserID] S-1-5-7


    The authentication service is unknown.


    Thursday, April 27, 2017 5:58 AM

All replies

  • Hi

     Seems to unknown traffic trying to authenticate itself from the AD & its been rejected due to failure in proving its identity,you need to check the connectivity & your firewall for the source of this anonymous traffic arising(wireshark,ms network monitor tool,etc.),Also you should check the process that is runing on the DC the source of this fail(process monitor).

    Microsoft Network Monitor ;

    Process Monitor ;

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, April 27, 2017 6:38 AM
  • From the event log the Security ID is S-1-5-7 and this is anonymous logon, you can enable Advance security settings on the DC and check the logs, also check if you have Firewall enabled and Antivirus updated on the DC.

    Check your Delegation on the DC and make sure you dont have any open ports or applications running on the DC that can be targeted by virus/ransomware.

    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    Thursday, April 27, 2017 9:34 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.
    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, May 1, 2017 3:41 AM