KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q249140: AD Replication Unsuccessful Using Srvmgr in Windows 2000 Domain

Article: Q249140
Product(s): Microsoft Windows NT
Version(s): WINDOWS:; winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4,4.0 SP5,4.0 SP6,4.0 SP6a
Operating System(s): 
Keyword(s): kbnetwork kbWinNT400PreSP7Fix
Last Modified: 08-MAY-2002

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a 
- Microsoft Windows 2000 Advanced Server 
- Microsoft Windows 2000 Server 
- Microsoft Windows 2000 Professional 
-------------------------------------------------------------------------------

SYMPTOMS
========

You can use Server Manager (Srvmgr.exe) to synchronize the user account database
of a Windows NT 4.0 or Windows 2000 domain. If you use the Windows NT 4.0
version of Server Manager to trigger synchronization in a domain with a Windows
2000 primary domain controller (PDC), Active Directory replication may not
work.

You can use Replmon.exe to search for all domain controllers with unsuccessful
replication. An example output follows:

  Active Directory Replication Domain Controller Replication Failure
  Output Printed at 12/3/1999 6:03:41 AM

  Below are the replication failures detected on Domain Controllers
  for this domain:

  Domain Controller Name: DCNAME00
  Directory Partition:    DC=domain,DC=corp
  Replication Partner:    Domain\DCNAME01
  Failure Code:           5
  Failure Reason:         Access is denied.

Additionally, the Internet Service Manager (ISM) service on the server may not
start and may display an SEC_E_LOGON_DENIED error code.

CAUSE
=====

This behavior occurs because the synchronization request generated by the
Windows NT 4.0 version of Server Manager triggers a computer account password
reset operation. After the password is changed, the PDC cannot establish a
secure replication channel between itself and its partner domain controllers.

RESOLUTION
==========

A new version of Srvmgr.exe is available for use in mixed-mode domains, with
Windows NT 4.0 and Windows 2000 domain controllers. This version of Srvmgr.exe
checks to see if the PDC is a Windows 2000 domain controller. If it is a Windows
2000 domain controller, the password reset operation is not triggered.

A supported fix is now available from Microsoft, but it is only intended to
correct the problem described in this article and should be applied only to
systems experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the
fix. For a complete list of Microsoft Product Support Services phone numbers and
information on support costs, please go to the following address on the World
Wide Web:

  http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are normally incurred for support calls may
be canceled, if a Microsoft Support Professional determines that a specific
update will resolve your problem. Normal support costs will apply to additional
support questions and issues that do not qualify for the specific update in
question.

The English-language version of this fix should have the following file
attributes or later:

  Date        Time     Size      File name     Platform
  -----------------------------------------------------
  12/23/1999  12:50p   211,216   Srvmgr.exe    I386
  12/23/1999  12:50p   305,936   Srvmgr.exe    Alpha



STATUS
======

Microsoft has confirmed this to be a problem in Windows NT 4.0.

Additional query words: fail fails dc

======================================================================
Keywords          : kbnetwork kbWinNT400PreSP7Fix 
Technology        : kbWinNTsearch kbWinNT400search kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbWinNTSsearch kbWinNTS400sp6 kbWinNTS400sp5 kbWinNTS400sp4 kbWinNTS400sp3 kbWinNTS400sp2 kbWinNTS400sp1 kbWinNTS400search kbWinNTS400 kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbWinAdvServSearch
Version           : WINDOWS:; winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4,4.0 SP5,4.0 SP6,4.0 SP6a
Hardware          : ALPHA x86
Issue type        : kbbug
Solution Type     : kbfix

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.