Windows NT-Based BDCs No Longer Synchronize After a Windows 2000 Domain Is Switched to Native Mode (240305)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
This article was previously published under Q240305

SYMPTOMS

A Windows NT-based backup domain controller (BDC) may display the following error messages in Event Viewer:
Event ID: 5716
Source: Netlogon
Description: The partial synchronization replication of the (LSA, SAM, Builtin) database from the Primary Domain Controller failed with the following error:
The network request is not supported.
The BDC generates all three error messages (LSA, SAM, and Builtin) every five minutes with the same message. This fills the event log on a BDC that has been cut off from the primary domain controller (PDC) for an extended period of time. This may be the first indication to a remote administrator with BDCs that the Windows 2000 domain was switched to native mode.

CAUSE

This behavior can occur on a Windows NT-based BDC if it is participating in a Windows 2000-based domain that has been placed in Native mode.

MORE INFORMATION

Windows 2000 supports the following 2 modes of operation:
  • Mixed
  • Native
Mixed mode supports SAM replication of both Windows 2000 and down level domain controllers such as Windows NT 4.0 or 3.51-based domain controllers.

Native mode does not support SAM replication to Windows NT-based down level domain controllers.

NOTE: Windows 2000 only supports going from Mixed Mode (default) to Native mode. You cannot switch a Windows 2000 domain controller back to Mixed mode once it has been switched to Native mode.

The down level Windows NT-based BDCs that are in the domain prior, during, and after the Windows 2000 domain has been switched to Native mode are still active domain controllers in the domain. The Windows NT-based BDC can still add new users, groups, or computer accounts, as these changes are written to the Windows 2000 PDC Flexible Single Master Operation (FSMO) Active Directory database. The Windows NT-based BDC "sees" the Windows 2000-based PDC to be the writable copy of the SAM database.

The main issue is that the new accounts will not be replicated back to the Windows NT-based BDC; these users can only log on when authenticated by a Windows 2000-based domain controller. Existing users with accounts prior to the switch to Native Mode will be allowed to log into the Windows NT-based BDC. If their password is changed, it will not be synchronized between the Windows 2000-based Domain controllers with the new password and the Windows NT-based BDCs with the old password.
Modification Type:MajorLast Reviewed:10/10/2002
Keywords:kberrmsg kbnetwork kbprb kbui KB240305
©2002 Microsoft Corporation. All rights reserved.