Microsoft KB Archive/131366

= Event Error 5712 with Status Access Denied =

Article ID: 131366

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Server 3.5
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q131366



SYMPTOMS
When a Windows NT PDC (Primary Domain Controller) is rebooted, event 5712 warnings appear in the event log, indicating that BDC's (Backup Domain Controller's) attempts to synchronize have failed. The Detail Description of the error log is:

The partial synchronization request from the server  failed with the following error: Access is denied.

The Detail Data of the error log is:

  0000: c0000022

NOTE: c0000022 is defined as Status_Access_Denied.



CAUSE
When the Netlogon service starts on the rebooted PDC, it sends a pulse to the BDC indicating that it needs to synchronize with the accounts databases on the PDC. The BDC responds with a partial synch request. However, a secure channel with the PDC is required to complete the request. Because the BDC had a secure channel with the PDC before the PDC was rebooted, it attempts to submit the partial synch request without establishing a new secure channel. The request fails with Access Denied. After receiving the Access Denied status from the PDC, the BDC requests a new secure channel and completes the partial synch request successfully.



RESOLUTION
Event 5712 messages due to Access Denied are common immediately after the reboot of a PDC. They are not necessarily harmful, and do not mean that the BDC is unable to synchronize with the PDC.

As a test to see if the 5712 warning is important, force a synchronization with the PDC from the BDC and check the event log on the BDC. If the Netlogon messages in the BDC event log indicate that the synchronization attempt with the PDC was successful, then the warnings on the PDC can be ignored.

NOTE: This article discusses a single cause of 5712 errors. If your BDC is unable to synchronize with the PDC when you force it to in Server Manager, then the Secure Channel account on the BDC may have an invalid password.

Additional query words: prodnt

Keywords: kbnetwork KB131366

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.