Microsoft KB Archive/249261

From BetaArchive Wiki
Knowledge Base

Replication Does Not Work After Upgrading to Windows 2000

Article ID: 249261

Article Last Modified on 2/28/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

This article was previously published under Q249261


After you upgrade from Microsoft Windows NT 4.0 to Windows 2000 and promote the domain controllers, the domain controllers may not replicate properly after you restart them.

When you run DCDIAG /test:Replications on a domain controller, you may receive the following error message:

Testing server: DOMAIN\SERVER1
Starting test: Replications

  • Replications Check

[Replications Check,SERVER1] A recent replication attempt failed:
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 1999-12-23 19:54.37.
The last success occurred at 1999-12-23 15:31.59.
7 failures have occurred since the last success.

You may receive other error messages that are a consequence of the failed replication.


This behavior may occur if you revoke the Access this computer from the network right for the Everyone group before you upgrade the computer.

If this is the case, the domain controllers are unable to replicate.


To resolve this issue:

In Windows NT 4.0, use User Manager for Domains to give the Everyone group the Access this computer from the network permission, and then upgrade your computer to Windows 2000.

If you have already upgraded to Windows 2000, follow these steps:

  • Start the Active Directory Users and Computers snap-in.
  • Right-click Domain Controllers, and then click Properties.
  • Click Group Policy, click Default Domain Controllers Policy, and then click Edit.
  • In Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
  • Double-click Access this computer from the network.
  • Add Enterprise Domain Controllers to the list.

NOTE: You can add any other group that contains domain controller computer accounts, including the Everyone group. You should avoid using Domain Controllers because this global group cannot contain domain controllers from other domains.

Replication resumes after the group policy object is in effect.


Microsoft has confirmed this to be a problem in Microsoft Windows 2000.

Keywords: kbbug kbnetwork kbnofix kbsetup KB249261