Q125995: Lanman BDC Synchronization Problems in Windows NT Domains
Article: Q125995
Product(s): Windows for Workgroups and Windows NT Networking Issues
Version(s): 2.1,2.1a,2.2x,3.5
Operating System(s):
Keyword(s):
Last Modified: 08-AUG-2001
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Windows NT Advanced Server
- Microsoft Windows NT Server version 3.5
- Microsoft LAN Manager, versions 2.1, 2.1a, 2.2x
-------------------------------------------------------------------------------
SYMPTOMS
========
When a user accounts database on a LAN Manager backup domain controller (BDC)
does not receive updates from the Windows NT domain controller, you encounter
any one of the following problems:
- You are unable to access shares on a LAN Manager Server. They receive an
Access Denied or Invalid Username Or Password error message.
- Attempts by administrators to remotely administer LAN Manager Servers result
in "Access Denied" error messages.
- The Windows NT Domain Controller Event Viewer reports "Full Synchronization
with the server \\LANMAN_Server failed."
- The error log on the LAN Manager Server reports the error message "Full
Synchronization with the Primary Domain Controller \\NTAS failed."
MORE INFORMATION
================
Use the troubleshooting steps to determine the cause of these errors:
1. Determine if the Lan Manager BDC can access the Windows NT domain controller
using the "NET VIEW" or "NET USE" command. If it cannot, the network
connection has failed; troubleshoot the problem as a connectivity issue.
2. Verify that the LAN Manager Server is actually configured as a BDC.
3. Verify that the NETLOGON service is running on the LAN Manager BDC. If the
NETLOGON service is not running, run NET START NETLOGON at the command prompt
to start it. If an error message appears, run NET HELPMSG #### to get more
information on the the error message.
4. Verify that the Windows NT Domain controller has a Servers user group. If it
does not, create one.
5. Verify that the LAN Manager BDC machine account is a member of the Servers
group. If it is not, add the LAN Manager BDC machine account to the group.
6. Verify that Windows NT Server Manager lists the LAN Manager BDC as a member
of the domain with a description of "Lan Manager Server." If it does not, add
a domain account for the LAN Manager BDC using the Computer menu Add To
Domain option.
7. If the protocol in use is a routable protocol, verify that the there is some
provision for NetBIOS name resolution for the domain name. For example, on a
TCP/IP network, verify that the LMHOSTS file contains an entry similar to the
following
102.54.94.97 <domcontroller> #PRE #DOM:domainname
where <domcontroller> is the NetBIOS name of the Windows NT Domain
Controller.
8. In the Windows NT Server Manager, select the LAN Manager BDC machine name and
then select Synchronize with Domain Controller from the Computer menu. After
the synchronization is complete, check the error log on the LAN Manager BDC
for messages generated by the NETLOGON service. You should see a report of
the outcome of the synchronization of the user account database. If the
NETLOGON service reports an error, note that error and any hex code
associated with it. The error will probably be Net3226, with one of a few
possible hex codes.
9. Translate the hex code to decimal to get a net error message by inverting the
digits, then converting them to decimal. For example, EA00 becomes 00EA after
being inverted, and then 234 after being converted to decimal. Type NET
HELPMSG 234 at the command prompt to get an explanation of the error
message.
If the hex code is 05 00, the problem is Access Denied. The Windows NT domain
controller is unable to establish a connection with the BDC. To correct this
problem, follow the instructions in Knowledge Base article Q120930: How to
Re-sync a LAN Manager Server in a Windows NT Domain.
If the hex code is EA 00, the problem is "More Data is available." The Windows
NT Domain controller is attempting to send more data to the LAN Manager BDC
than the BDC is able to accommodate. This problem is most likely the result
of having too many groups defined in the domain. A LAN Manager can support no
more than 256 groups.
To troubleshoot any other hex codes associated with the Net3226 message, query
on Microsoft Knowledge Base article Q99255: Troubleshooting NET3226 Errors,
here in the Microsoft Knowledge Base.
Additional query words: 3.10 2.20 2.1 2.1a 2.2 replication prodnt
======================================================================
Keywords :
Technology : kbWinNTsearch kbWinNT350search kbWinNTSsearch kbWinNTS350 kbWinNTAdvSerSearch kbWinNTS350search kbAudDeveloper kbLanManSearch kbLanMan210 kbLanMan210a kbLanMan220xSearch
Version : :2.1,2.1a,2.2x,3.5
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.