Microsoft KB Archive/249140

= Active Directory Replication May Not Work Using Windows NT 4.0 Server Manager in Windows 2000 Domain =

Article ID: 249140

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a

-



This article was previously published under Q249140



SYMPTOMS
You can use Server Manager (Srvmgr.exe) to synchronize the user account database of a Windows NT 4.0 or Windows 2000 domain. If you use the Windows NT 4.0 version of Server Manager to trigger synchronization in a domain with a Windows 2000 primary domain controller (PDC), Active Directory replication may not work.

You can use Replmon.exe to search for all domain controllers with unsuccessful replication. An example output follows:   Active Directory Replication Domain Controller Replication Failure Output Printed at 12/3/1999 6:03:41 AM

Below are the replication failures detected on Domain Controllers for this domain:

Domain Controller Name: DCNAME00 Directory Partition:   DC=domain,DC=corp Replication Partner:   Domain\DCNAME01 Failure Code:          5 Failure Reason:        Access is denied. Additionally, the Internet Service Manager (ISM) service on the server may not start and may display an SEC_E_LOGON_DENIED error code.



CAUSE
This behavior occurs because the synchronization request generated by the Windows NT 4.0 version of Server Manager triggers a computer account password reset operation. After the password is changed, the PDC cannot establish a secure replication channel between itself and its partner domain controllers.



RESOLUTION
A new version of Srvmgr.exe is available for use in mixed-mode domains, with Windows NT 4.0 and Windows 2000 domain controllers. This version of Srvmgr.exe checks to see if the PDC is a Windows 2000 domain controller. If it is a Windows 2000 domain controller, the password reset operation is not triggered.

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English-language version of this fix should have the following file attributes or later:   Date        Time     Size      File name     Platform -  12/23/1999  12:50p   211,216   Srvmgr.exe    I386 12/23/1999 12:50p   305,936   Srvmgr.exe    Alpha



STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0.

Additional query words: fail fails dc

Keywords: kbhotfixserver kbqfe kbbug kbfix kbnetwork KB249140

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.