DOCUMENT:Q125995 08-AUG-2001 [crossnet] TITLE :Lanman BDC Synchronization Problems in Windows NT Domains PRODUCT :Windows for Workgroups and Windows NT Networking Issues PROD/VER::2.1,2.1a,2.2x,3.5 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Advanced Server - Microsoft Windows NT Server version 3.5 - Microsoft LAN Manager, versions 2.1, 2.1a, 2.2x ------------------------------------------------------------------------------- SYMPTOMS ======== When a user accounts database on a LAN Manager backup domain controller (BDC) does not receive updates from the Windows NT domain controller, you encounter any one of the following problems: - You are unable to access shares on a LAN Manager Server. They receive an Access Denied or Invalid Username Or Password error message. - Attempts by administrators to remotely administer LAN Manager Servers result in "Access Denied" error messages. - The Windows NT Domain Controller Event Viewer reports "Full Synchronization with the server \\LANMAN_Server failed." - The error log on the LAN Manager Server reports the error message "Full Synchronization with the Primary Domain Controller \\NTAS failed." MORE INFORMATION ================ Use the troubleshooting steps to determine the cause of these errors: 1. Determine if the Lan Manager BDC can access the Windows NT domain controller using the "NET VIEW" or "NET USE" command. If it cannot, the network connection has failed; troubleshoot the problem as a connectivity issue. 2. Verify that the LAN Manager Server is actually configured as a BDC. 3. Verify that the NETLOGON service is running on the LAN Manager BDC. If the NETLOGON service is not running, run NET START NETLOGON at the command prompt to start it. If an error message appears, run NET HELPMSG #### to get more information on the the error message. 4. Verify that the Windows NT Domain controller has a Servers user group. If it does not, create one. 5. Verify that the LAN Manager BDC machine account is a member of the Servers group. If it is not, add the LAN Manager BDC machine account to the group. 6. Verify that Windows NT Server Manager lists the LAN Manager BDC as a member of the domain with a description of "Lan Manager Server." If it does not, add a domain account for the LAN Manager BDC using the Computer menu Add To Domain option. 7. If the protocol in use is a routable protocol, verify that the there is some provision for NetBIOS name resolution for the domain name. For example, on a TCP/IP network, verify that the LMHOSTS file contains an entry similar to the following 102.54.94.97 #PRE #DOM:domainname where is the NetBIOS name of the Windows NT Domain Controller. 8. In the Windows NT Server Manager, select the LAN Manager BDC machine name and then select Synchronize with Domain Controller from the Computer menu. After the synchronization is complete, check the error log on the LAN Manager BDC for messages generated by the NETLOGON service. You should see a report of the outcome of the synchronization of the user account database. If the NETLOGON service reports an error, note that error and any hex code associated with it. The error will probably be Net3226, with one of a few possible hex codes. 9. Translate the hex code to decimal to get a net error message by inverting the digits, then converting them to decimal. For example, EA00 becomes 00EA after being inverted, and then 234 after being converted to decimal. Type NET HELPMSG 234 at the command prompt to get an explanation of the error message. If the hex code is 05 00, the problem is Access Denied. The Windows NT domain controller is unable to establish a connection with the BDC. To correct this problem, follow the instructions in Knowledge Base article Q120930: How to Re-sync a LAN Manager Server in a Windows NT Domain. If the hex code is EA 00, the problem is "More Data is available." The Windows NT Domain controller is attempting to send more data to the LAN Manager BDC than the BDC is able to accommodate. This problem is most likely the result of having too many groups defined in the domain. A LAN Manager can support no more than 256 groups. To troubleshoot any other hex codes associated with the Net3226 message, query on Microsoft Knowledge Base article Q99255: Troubleshooting NET3226 Errors, here in the Microsoft Knowledge Base. Additional query words: 3.10 2.20 2.1 2.1a 2.2 replication prodnt ====================================================================== Keywords : Technology : kbWinNTsearch kbWinNT350search kbWinNTSsearch kbWinNTS350 kbWinNTAdvSerSearch kbWinNTS350search kbAudDeveloper kbLanManSearch kbLanMan210 kbLanMan210a kbLanMan220xSearch Version : :2.1,2.1a,2.2x,3.5 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.