?
Solved

NT4 Domain sync errors, need help !!!

Posted on 2003-02-23
10
Medium Priority
?
670 Views
Last Modified: 2013-12-28
Hi,

Its my first time posting here.

I have a problem syncronizing my domain, 1 PDC and 5 BDCs all running NT4 SP6a. I can't create users and computer accounts anymore and when I try to sync the domain I get these errors on the PDC and the BDCs.

1- ERRORS for the PDC MTL-QUEEN:

Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5714
Date:          2/23/2003
Time:          2:43:01 PM
User:          N/A
Computer:     MTL-QUEEN
Description:
The full synchronization request from the server MTL-JESTER failed with the following error:
The specified user does not exist.  
Data:
0000: 64 00 00 c0               d..@

The error above only happens between the PDC and this BDC (MTL-JESTER)


Event Type:     Error
Event Source:     NETLOGON
Event Category:     None
Event ID:     5722
Date:          2/23/2003
Time:          2:13:31 PM
User:          N/A
Computer:     MTL-QUEEN
Description:
The session setup from the computer WORKSTATION NAME failed to authenticate. The name of the account referenced in the security database is WORKSTATION NAME$.  The following error occurred:
Access is denied.  
Data:
0000: 22 00 00 c0               "..@

This happens with workstations on PDC and BDCs.

2- SAME ERROR ON 4 OF THE BDCs

Event Type:     Error
Event Source:     NETLOGON
Event Category:     None
Event ID:     3224
Date:          2/23/2003
Time:          3:03:54 PM
User:          N/A
Computer:     DBDEV
Description:
Changing machine account password for account DBDEV$ failed with the following error:
The transaction state of a Registry subtree is incompatible with the requested operation.  
Data:
0000: 1c 01 00 c0               ...@    

3- ERROR ON THE SPECIFIC BDC MTL-JESTER

Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5718
Date:          2/23/2003
Time:          3:12:02 AM
User:          N/A
Computer:     MTL-JESTER
Description:
The full synchronization replication of the SAM database from the primary domain controller \\MTL-QUEEN failed with the following error:
The specified user does not exist.  
Data:
0000: 64 00 00 c0               d..@

I've run DOMMON tool from ressource kit and all BDCs seems to be in sync and working except with the MTL-JESTER BDC were the replication status seems to be stuck in InProgress.

Can anyone provide any help.

thanks in advance.
0
Comment
Question by:dreamkass
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 1

Expert Comment

by:NT_XP_Godfather
ID: 8006589
Bad News: Both of your PDCs and BDCs have corruptions in their registry. I am not sure what happened, bad you are in kind of a bad shape. The good news is that there is a fix.

1- If PDC has event ID 5722 and BDC 5718, your BDC's SAM is corrupt. You need to install a second copy of NT on that machine and make sure you pick a different directory for the install or even better a different partition altogether. Boot to the alternate install and open a command prompt. Switch to the System32\Config folder in the newly installed NT and delete the original SAM and SAM.log. You may want to create a backup copy of the original files first. Restart your server and login as domain administrator with a blank password. Modify INI file back to what it was and do a sync with PDC and you are done.

2- Now your PDC with the event ID 5714 might have a small corruption also in its registry. Launch regedt32 not regedit. Go to HKEY_LOCAL_MACHINE\Security\Policy\Secrets. In order for you to go past the security branch, you need to change the permissions on HKEY_LOCAL_MACHINE\Security by adding administrator "full controll" to it. Now under the secrets branch you will find a few entries that should have five entries each underneath. Something Like "CupdTime", "CurrVal", "OldVal", "OupdTime", "SecDesc". If one of them starts with G$ and does not have all the necessary subentries then most likely that is the corrupt entry. Delete it. Reset the permissions back for HKEY_LOCAL_MACHINE\Security and its subkeys to read only for administrator but leave system at full controll.

Go on with all this and if there is anything else it should be simpler to fic from now on.
0
 
LVL 1

Expert Comment

by:chwan
ID: 8008401
0
 

Author Comment

by:dreamkass
ID: 8017084
My WINNT partitions are FAT and I have all SAM files from all servers on BackUp Tapes, can I restore the SAM files on a different directory and boot from a boot disk and backup all the SAM in use and copy the restored SAM files on the BDC?

I checked the registry on the PDC and this HKEY_LOCAL_MACHINE\Security\Policy\Secrets key seems to be all in order, I have one $MACHINE.ACC and NL$1, NL$2, NL$3, NL$4, NL$5, NL$6, NL$7, NL$8, NL$9 and NL$10 keys, all have those subkeys CupdTime", "CurrVal", "OldVal",
"OupdTime", "SecDesc".
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:chwan
ID: 8017246
I think you cannot do like this because this is not the proper way.

OK lets do it like this. Try to use SERVER MANAGER to remove BDC. Afte that try to add back the BDC the try to run to sync again.
0
 

Author Comment

by:dreamkass
ID: 8018688
I notice there was Bad block on the WINNT HD of the PDC this might of caused the sync problems, I'm gonna ghost the disk to another one and see what happens.
0
 

Author Comment

by:dreamkass
ID: 8018836
I notice there was Bad block on the WINNT HD of the PDC this might of caused the sync problems, I'm gonna ghost the disk to another one and see what happens.
0
 
LVL 1

Expert Comment

by:chwan
ID: 8021885
OK
0
 

Author Comment

by:dreamkass
ID: 8030369
Its seem that the HD switch work fine, everything is back to normal for now... ;)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11249402
PAQed, with points refunded (50)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question