Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Active Directory
 Event ID: 1172 and 1138		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

mlee1234567
Welcome Newcomer

24 Posts
Status: offline
Posted - 04/02/2012 :  8:34:36 PM  Show Profile  Reply with Quote
Our Directory Services event log on the DC fill up with Event log ID: 1172 and 1138, I believe it’s related to exchange. Does everyone know where these logs come from and what triggered the logging?

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1172
Task Category: MAPI Interface
Level: Information
Keywords: Classic
User: DOMAIN\userID
Computer: DC FQDN
Internal event: A client process has connected to Active Directory Domain Services with the following RPC binding.

RPC binding:
ncacn_ip_tcp: IP Address of the Client machine

------------------------------------------------------------------

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 1138
Task Category: MAPI Interface
Level: Information
Keywords: Classic
User: DOMAIN\userID
Computer: DC FQDN
Internal event: Function NspiBind entered.

aval
Honorable But Hopeless Addict

USA
3274 Posts
Status: offline
Posted - 04/03/2012 :  5:11:55 PM  Show Profile  Reply with Quote
When you say "fill up" are the logs literally filled up or are there just frequent entries?

Not a lot out there. Googled on "Event ID 1172 1138 Exchange" and your post here was first to come up. Tried a couple other variants, not much more.

If these entries are informational, they normally would not be the sign of a problem.

I mostly pay attention to errors and warnings so I can't say for sure if this might be normal - will have to take a look.
Go to Top of Page

wkasdo
Administrator

Netherlands
7405 Posts
Status: online
Posted - 04/04/2012 :  02:43:10 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Looks like you might have enabled debug logging, and never turned it off. Check regkey: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\4 MAPI Interface Events", and set it to 0.
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

mlee1234567
Welcome Newcomer

24 Posts
Status: offline
Posted - 04/04/2012 :  12:48:13 PM  Show Profile  Reply with Quote
I check the DC and the "4 MAPI Interface Events" was turned on and set to 5, I set it to 0 and everything is back to normal. Thank you!
Go to Top of Page

wkasdo
Administrator

Netherlands
7405 Posts
Status: online
Posted - 04/04/2012 :  4:30:33 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Thx for the update, MLEE.
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.12 seconds. Snitz Forums 2000