Forum Discussion
Problems in Dynamic DNS updates (00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102)
Hi all
Randomly, in our AD W2K12 Server DCs, we are having a problem of not processing Dynamic DNS updates of RRs A and PTR. Tracing the network traffic, we have discovered that LDAP modify requests to the DC's local LDAP daemon/service, during the time interval in which dynamic updates are not processed, get the following error:
00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102
The event ID 4016 appears in the event viewer with a text that refers to the DN of the RR A or PTR that cannot be written by LDAP, for example:
The DNS server timed out attempting an Active Directory service operation on DC=221.128.127,DC=10.in-addr.arpa,cn=MicrosoftDNS,cn=System,DC=corporation,DC=lavoz,DC=es. Check Active Directory to see that it is working properly.The event data contains the error.
Do you have any idea of the reason for the error and a possible solution?
Thank you so much
- La_Voz_de_Galicia820Copper Contributor
The error caught in the network trace with wireshark
00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102
was only obtained minutes before the problem of not processing LDAP modify requests resolved itself.
I wanted to make sure that same error occurred during the entire interval in which LDAP modify requests were not progressing
I used two ways to try to confirm it:
- I tried to decrypt all local GSS-API SASL encrypted/sealed LDAP PDUs. My idea was to create a kerberos keytab file with the kerberos shared secrets of all security principals of the AD domain but i´m having problems when i try to export the AD DB with esedbexport utility (https://github.com/libyal/libesedb/wiki/Building)
- I tried to trace the LDAP modify_request and modify_responses sent by the dns.exe process ("DNS Server" NT service) using the procedure documented here (https://learn.microsoft.com/es-es/previous-versions/windows/desktop/ldap/ldap-and-etw?redirectedfrom=MSDN). Bad news are that the ldap_modify responses are not traced when the process that sends them is dns.exe. For example, for an ldapadmin.exe LDAP client, doing the trace with the following flags:
D:\ldapadmin>tracelog.exe -start ldapadmin -guid #099614a5-5dd7-4788-8bc9-e29f43db28fc -f D:\ldapadmin.etl -flag 0x00000402
both (request and response) are captured:
ldap_modify called for connection 0x22d05f0: DN is CN=XXXX,OU=Usuarios,OU=Sabon,DC=corporacion,DC=lavoz,DC=es. Synchronous is 0x1.
ldap_modify returned 0x0 for connection 0x22d05f0: DN was 'CN=XXXX,OU=Usuarios,OU=Sabon,DC=corporacion,DC=lavoz,DC=es'.but for dns.exe only the request (ldap_modify called for connection..) is captured
Despite the fact that, due to what was explained above, I cannot confirm it 100%, I believe that the error 00002002E: SvcErr: DSID-02080781 , problem 5001 (BUSY), data -1102
is the only one that occurs at the time of the problem
Do you have any idea of the reason for the error and a possible solution?
Thank you so much