UA Sync Error NT code 0xc002001b


The error 0xc002001b NT code 0xc002001b will appear when the RPC service on the domain controller has failed to respond.

This error can show up when clicking "Test Connection" under Access > User Awareness > AD Query, or by email to the Account Admins. 

The issue can cause:

  • Users are not identified in Events and Analytics.
  • Traffic is blocked by the Internet/WAN Firewall due to users not being identified.
  • Customer new setup of User Awareness and getting DC sync errors. 

Possible Cause

This issue might happen due to exhausted resources on the Domain controller.


The following steps are troubleshooting steps that can be follow: 

  • Verify that the Domain controller is up and that it is not exhausted (no CPU or RAM spikes).

    • Increase the amount of RAM and CPUs on the server if possible.
    • If adding more physical resources to the server is not possible, follow the steps below to increase WMI Provider Service memory, handle quotas, and decrease the size of the Security Event logs:
      Follow the steps below to reduce the Security Log size limit to 1MB:
      1. Open the Event Viewer
      2. Navigate to Event Viewer > Windows Logs > Security
      3. Right click Security and click Properties
      4. Set the Maximum log size (KB) to 1024
      5. When maximum event log size is reached select Overwrite events as needed (oldest events first) or Archive the log when full, do not overwrite events.
      6. Click OK
  • Verify that the required domain controller services are running (open services.msc and check that Server, Remote Registry, and Windows Management Instrumentation are started and set for automatic startup.

  • In case the domain controller is showing stress signs, it might be required to restart the server.

Was this article helpful?

0 out of 0 found this helpful


Add your comment