-Our network has two sites (a "home" and "remote" site). For the most part, accounts in the remote site do not become locked out.
-We have 2 DCs in the home site, one at the remote site. We have 144kbps IDSL Internet access out at the remote location. We run a VPN using Sonicwall firewalls between locations with a single domain.
-The domain is in Mixed mode no NT BDCs, some Windows 9X machines.
-In the Domain Security Policy and Account lockout policy, all settings are set to "not defined."
-The Network Infrastructure is not in very good shape at either location. Work group hubs are daisy chained off of other hubs.
Info from logs on main AD server (PDC emulator server, host all other Operations Masters as well, DNS, DHCP):
-Directory Service Log has the following errors/ warnings: Warning 1083 "The Directory is busy. Couldn't update object"
-DNS Log has the following errors/ warnings:
-Warning 409: "The DNS server list of restricted interfaces contains IP addresses that are not configured for use at this server."
-Warning 5504: The DNS server encountered an invalid domain name in packet from or Invalid domain name.
-Error 4004: Unable to complete directory service enumeration
-Error 6702: DNS server has updated its own A record. Tried to update peers through dynamic update. Error occurred updating replication partners. If DNS server does not have peers ignore.
-Replication Log has the following Errors/ Warnings:
-Warning 13508: Having difficulty replicating. (Replication of Directory Services has trouble between DC at remote site and DCs at the main site. Probably due to a slow connection out at the remote site 144kpbs IDSL). Replication set to run only during off hours. FRS has trouble replicating between DCs at the Home site as well.
-Warning 13509: Replication successful
-Warning 1803: Replication warning. Directory is busy. It couldn't update object.
This was first published in January 2004