KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q125995: Lanman BDC Synchronization Problems in Windows NT Domains

Article: Q125995
Product(s): Windows for Workgroups and Windows NT Networking Issues
Version(s): 2.1,2.1a,2.2x,3.5
Operating System(s): 
Keyword(s): 
Last Modified: 08-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Advanced Server 
- Microsoft Windows NT Server version 3.5 
- Microsoft LAN Manager, versions 2.1, 2.1a, 2.2x 
-------------------------------------------------------------------------------

SYMPTOMS
========

When a user accounts database on a LAN Manager backup domain controller (BDC)
does not receive updates from the Windows NT domain controller, you encounter
any one of the following problems:

- You are unable to access shares on a LAN Manager Server. They receive an
  Access Denied or Invalid Username Or Password error message.

- Attempts by administrators to remotely administer LAN Manager Servers result
  in "Access Denied" error messages.

- The Windows NT Domain Controller Event Viewer reports "Full Synchronization
  with the server \\LANMAN_Server failed."

- The error log on the LAN Manager Server reports the error message "Full
  Synchronization with the Primary Domain Controller \\NTAS failed."

MORE INFORMATION
================

Use the troubleshooting steps to determine the cause of these errors:

1. Determine if the Lan Manager BDC can access the Windows NT domain controller
  using the "NET VIEW" or "NET USE" command. If it cannot, the network
  connection has failed; troubleshoot the problem as a connectivity issue.

2. Verify that the LAN Manager Server is actually configured as a BDC.

3. Verify that the NETLOGON service is running on the LAN Manager BDC. If the
  NETLOGON service is not running, run NET START NETLOGON at the command prompt
  to start it. If an error message appears, run NET HELPMSG #### to get more
  information on the the error message.

4. Verify that the Windows NT Domain controller has a Servers user group. If it
  does not, create one.

5. Verify that the LAN Manager BDC machine account is a member of the Servers
  group. If it is not, add the LAN Manager BDC machine account to the group.

6. Verify that Windows NT Server Manager lists the LAN Manager BDC as a member
  of the domain with a description of "Lan Manager Server." If it does not, add
  a domain account for the LAN Manager BDC using the Computer menu Add To
  Domain option.

7. If the protocol in use is a routable protocol, verify that the there is some
  provision for NetBIOS name resolution for the domain name. For example, on a
  TCP/IP network, verify that the LMHOSTS file contains an entry similar to the
  following

     102.54.94.97     <domcontroller>     #PRE     #DOM:domainname

  where <domcontroller> is the NetBIOS name of the Windows NT Domain
  Controller.

8. In the Windows NT Server Manager, select the LAN Manager BDC machine name and
  then select Synchronize with Domain Controller from the Computer menu. After
  the synchronization is complete, check the error log on the LAN Manager BDC
  for messages generated by the NETLOGON service. You should see a report of
  the outcome of the synchronization of the user account database. If the
  NETLOGON service reports an error, note that error and any hex code
  associated with it. The error will probably be Net3226, with one of a few
  possible hex codes.

9. Translate the hex code to decimal to get a net error message by inverting the
  digits, then converting them to decimal. For example, EA00 becomes 00EA after
  being inverted, and then 234 after being converted to decimal. Type NET
  HELPMSG 234 at the command prompt to get an explanation of the error
  message.

  If the hex code is 05 00, the problem is Access Denied. The Windows NT domain
  controller is unable to establish a connection with the BDC. To correct this
  problem, follow the instructions in Knowledge Base article Q120930: How to
  Re-sync a LAN Manager Server in a Windows NT Domain.

  If the hex code is EA 00, the problem is "More Data is available." The Windows
  NT Domain controller is attempting to send more data to the LAN Manager BDC
  than the BDC is able to accommodate. This problem is most likely the result
  of having too many groups defined in the domain. A LAN Manager can support no
  more than 256 groups.

  To troubleshoot any other hex codes associated with the Net3226 message, query
  on Microsoft Knowledge Base article Q99255: Troubleshooting NET3226 Errors,
  here in the Microsoft Knowledge Base.

Additional query words: 3.10 2.20 2.1 2.1a 2.2 replication prodnt

======================================================================
Keywords          :  
Technology        : kbWinNTsearch kbWinNT350search kbWinNTSsearch kbWinNTS350 kbWinNTAdvSerSearch kbWinNTS350search kbAudDeveloper kbLanManSearch kbLanMan210 kbLanMan210a kbLanMan220xSearch
Version           : :2.1,2.1a,2.2x,3.5

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.