Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1061
  • Last Modified:

Why Machine account password can be out of sync?

Why Machine account password can be out of sync? I have 2 DCs in my single domain environment. One is running windows 2000 and the other one is windows 2003. I got access denied when doing replication through site and service. I know I have to reset the machine account password. But why it can be out of sync??? And on which DC I have to reset the password?
0
wuitsung
Asked:
wuitsung
  • 6
  • 3
  • 2
  • +1
4 Solutions
 
Malli BoppeCommented:
Are using the correct account to do replication.
0
 
wuitsungAuthor Commented:
Can you explain in more detail? Thank you
0
 
brent_caskeyCommented:
Around this time of year, the most common reason that I see domain controllers get out of sync is because of daylight savings time and the time not being correct on both domain controllers. I would check that the proper DST updates are on both computers.

mboppe is also correct - if you are not logged in with a user with the domain admin privileges, you will get an access is denied error.

As far as resetting the machine account password, here is a KB article that explains how to do this in detail: http://support.microsoft.com/kb/325850.

Whichever DC is the PDC emulator has a correct machine account password. You would need to run the command on the other one.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
wuitsungAuthor Commented:
Thank you very much brent_caskey!!
My situation is like this...
I have an old DC running win2000 server/AD-integrated in my single domain. It's quiet slow, so I decided to built a new DC. I built the new DC and successfully done dcpromo. now it's also AD-integrated. I also just successfully transferred  the 5 FSMO roles to the new DC. But when I tried to do replication from site and service (Both DC are GCs), I got "The following error occurred during the attempt to synchronize the domain controllers: Access is denied"....

I also run DCDIAG /FIX on new DC, I got one of the fail message: Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So you think I have to reset password on the old DC?
0
 
Malli BoppeCommented:
Check the eventviewer on both the DCs.You should have repliction errors. can you paste the errors are warnings over here.
0
 
wuitsungAuthor Commented:
I am not at the DC now. I will try to post the error message here next time.
Just another question.
C:\>netdom resetpwd /server:<servername> /userd:<username>\Administrator /passwordd:*

Do I enter the password of the domain administrator password here? or just anything?
0
 
brent_caskeyCommented:
with the *, it will prompt for a password
You would enter the password for the account listed - which is the Administrator password.
0
 
wuitsungAuthor Commented:
you mean I type * in the command line and I will get something popup to enter password? and for my last post, which DC should I reset the password? any idea? Thanx!!
0
 
Henrik JohanssonSystems engineerCommented:
Run it on the server which is not holding PDCe FSMO role and reference the other server with /server-parameter.
The /passwordd:* gives you a password prompt on next line and will be hiding the typing of password from being echoed onscreen.
0
 
wuitsungAuthor Commented:
Thanx henjoh09!! But I just read a post and the guy successfully done by this way...... Does what he done not correct?

http://www.tek-tips.com/viewthread.cfm?qid=756697

His solution is at the last post.
0
 
Henrik JohanssonSystems engineerCommented:
I read through that post and he restarted the server, but I didn't understand it as he resetted the password on the server holding the PDCe FSMO.

I wouldn't do it on a server holding PDCe role without ensuring that I can move the FSMOs away from the server before doing it. It can otherwise end up with necessary FSMO-hijacking and other cleanup.

See KB for MS instructions about resetting computer password:
http://support.microsoft.com/kb/260575
0
 
wuitsungAuthor Commented:
Ok. I see. But I already moved all 5 FSMO roles to new DC. but the thing is when I run netdiag /fix, I got Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So do you still suggest I reset pasword on old DC? Or it's better that I moved just PDC role back to old DC and reset password on new DC?
0
 
Henrik JohanssonSystems engineerCommented:
All FSMOs should be on working DCs.
What kind of errors do you have? Anything in eventlog?
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now