Error Events 1136 Following Windows Server 2008 Forestprep

By | January 23, 2009

Most people are (quite rightly) terrified of seeing a whole bunch of errors in the DS event log following a schema update.   This happened to me in a lab environment at a customer recently and I thought I would share the information here.

I ran Windows Server 2008 adprep /forestprep on a Windows Server 2003 SP1 DC.  All seemed to go well and the schema update completed successfully.  Before moving on I checked the Directory Service event log and found a large number of 1136 error events.  There were effectively two events that were recurring, as shown below.

Event Type: Error
Event Source: NTDS General
Event Category: DS Schema
Event ID: 1136
Date:  23/01/2009
Time:  1:02:38 p.m.
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
Active Directory failed to create an index for the following attribute.

Attribute identifier:
591789
Attribute name:
msFVE-RecoveryGuid

A schema cache update will occur 5 minutes after the logging of this event and will attempt to create an index for the attribute.

Additional Data
Error value:
-1403 JET_errIndexDuplicate, Index is already defined

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NTDS General
Event Category: DS Schema
Event ID: 1136
Date:  23/01/2009
Time:  1:01:53 p.m.
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
Active Directory failed to create an index for the following attribute.

Attribute identifier:
591822
Attribute name:
msFVE-VolumeGuid

A schema cache update will occur 5 minutes after the logging of this event and will attempt to create an index for the attribute.

Additional Data
Error value:
-1403 JET_errIndexDuplicate, Index is already defined

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp

Some Googling revealed the problem to be to do with a combination of the BitLocker Drive Encryption schema updates that are included as part of the Windows Server 2008 schema extensions together with certain language locales (New Zealand English in my case).

The resolution of the issue involves removing the CONTAINER_INDEX setting within the searchFlags attribute value of the msFVE-VolumeGuid and msFVE-RecoveryGuid attribute schema objects.  To do this you can use ADSIEdit to modify the value for both attributes from 27 to 25, as shown in the screenshot below.

 ms-fve-recoveryguid.jpg

Once the modifications have been made, the errors no longer recur.

Interestingly, I could not reproduce the problem when running Windows Server 2008 forestprep on a Windows Server 2003 R2 SP2 DC with the same language locale.

For more information see the Microsoft KB article below.

Error messages after you install the BitLocker Drive Encryption schema updates in a Windows Server 2003 domain

5 thoughts on “Error Events 1136 Following Windows Server 2008 Forestprep

  1. David B

    Thank you very much; such a simple fix for such an annoying error. The MS KB’s are useless. I was changing the searchFlags value to 0 but it wasn’t fixing anything 😀

    Reply
  2. Lawrence M

    Thanks for such a simple fix. Yes M$ KB’s are useless. Your would have thought M$ would have had this fixed by now as it is a common thing to happen.

    Reply
  3. Joe Willis

    Thanks! Saved me a lot of work. I wish that MS would do a better job with helping out in these kinds of issues.

    Reply

Leave a Reply to David B Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.