Replication Does Not Work After Upgrading to Windows 2000 (249261)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

This article was previously published under Q249261

SYMPTOMS

After you upgrade from Microsoft Windows NT 4.0 to Windows 2000 and promote the domain controllers, the domain controllers may not replicate properly after you restart them.

When you run DCDIAG /test:Replications on a domain controller, you may receive the following error message:
Testing server: DOMAIN\SERVER1
Starting test: Replications
* Replications Check
[Replications Check,SERVER1] A recent replication attempt failed:
From SERVER2 to SERVER1
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 1999-12-23 19:54.37.
The last success occurred at 1999-12-23 15:31.59.
7 failures have occurred since the last success.
You may receive other error messages that are a consequence of the failed replication.

CAUSE

This behavior may occur if you revoke the Access this computer from the network right for the Everyone group before you upgrade the computer.

If this is the case, the domain controllers are unable to replicate.

RESOLUTION

To resolve this issue:

In Windows NT 4.0, use User Manager for Domains to give the Everyone group the Access this computer from the network permission, and then upgrade your computer to Windows 2000.

If you have already upgraded to Windows 2000, follow these steps:
  • Start the Active Directory Users and Computers snap-in.
  • Right-click Domain Controllers, and then click Properties.
  • Click Group Policy, click Default Domain Controllers Policy, and then click Edit.
  • In Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
  • Double-click Access this computer from the network.
  • Add Enterprise Domain Controllers to the list.
NOTE: You can add any other group that contains domain controller computer accounts, including the Everyone group. You should avoid using Domain Controllers because this global group cannot contain domain controllers from other domains.

Replication resumes after the group policy object is in effect.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Windows 2000.

Modification Type:MajorLast Reviewed:11/20/2003
Keywords:kbbug kbnetwork kbnofix kbsetup KB249261