Solved

Why Machine account password can be out of sync?

Posted on 2008-11-02
13
1,049 Views
Last Modified: 2013-12-05
Why Machine account password can be out of sync? I have 2 DCs in my single domain environment. One is running windows 2000 and the other one is windows 2003. I got access denied when doing replication through site and service. I know I have to reset the machine account password. But why it can be out of sync??? And on which DC I have to reset the password?
0
Comment
Question by:wuitsung
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 22864578
Are using the correct account to do replication.
0
 

Author Comment

by:wuitsung
ID: 22864657
Can you explain in more detail? Thank you
0
 
LVL 13

Accepted Solution

by:
brent_caskey earned 100 total points
ID: 22864693
Around this time of year, the most common reason that I see domain controllers get out of sync is because of daylight savings time and the time not being correct on both domain controllers. I would check that the proper DST updates are on both computers.

mboppe is also correct - if you are not logged in with a user with the domain admin privileges, you will get an access is denied error.

As far as resetting the machine account password, here is a KB article that explains how to do this in detail: http://support.microsoft.com/kb/325850.

Whichever DC is the PDC emulator has a correct machine account password. You would need to run the command on the other one.
0
 

Author Comment

by:wuitsung
ID: 22864713
Thank you very much brent_caskey!!
My situation is like this...
I have an old DC running win2000 server/AD-integrated in my single domain. It's quiet slow, so I decided to built a new DC. I built the new DC and successfully done dcpromo. now it's also AD-integrated. I also just successfully transferred  the 5 FSMO roles to the new DC. But when I tried to do replication from site and service (Both DC are GCs), I got "The following error occurred during the attempt to synchronize the domain controllers: Access is denied"....

I also run DCDIAG /FIX on new DC, I got one of the fail message: Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So you think I have to reset password on the old DC?
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 50 total points
ID: 22864730
Check the eventviewer on both the DCs.You should have repliction errors. can you paste the errors are warnings over here.
0
 

Author Comment

by:wuitsung
ID: 22864922
I am not at the DC now. I will try to post the error message here next time.
Just another question.
C:\>netdom resetpwd /server:<servername> /userd:<username>\Administrator /passwordd:*

Do I enter the password of the domain administrator password here? or just anything?
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22864958
with the *, it will prompt for a password
You would enter the password for the account listed - which is the Administrator password.
0
 

Author Comment

by:wuitsung
ID: 22864962
you mean I type * in the command line and I will get something popup to enter password? and for my last post, which DC should I reset the password? any idea? Thanx!!
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 150 total points
ID: 22869524
Run it on the server which is not holding PDCe FSMO role and reference the other server with /server-parameter.
The /passwordd:* gives you a password prompt on next line and will be hiding the typing of password from being echoed onscreen.
0
 

Author Comment

by:wuitsung
ID: 22869564
Thanx henjoh09!! But I just read a post and the guy successfully done by this way...... Does what he done not correct?

http://www.tek-tips.com/viewthread.cfm?qid=756697

His solution is at the last post.
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 150 total points
ID: 22870702
I read through that post and he restarted the server, but I didn't understand it as he resetted the password on the server holding the PDCe FSMO.

I wouldn't do it on a server holding PDCe role without ensuring that I can move the FSMOs away from the server before doing it. It can otherwise end up with necessary FSMO-hijacking and other cleanup.

See KB for MS instructions about resetting computer password:
http://support.microsoft.com/kb/260575
0
 

Author Comment

by:wuitsung
ID: 22870870
Ok. I see. But I already moved all 5 FSMO roles to new DC. but the thing is when I run netdiag /fix, I got Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So do you still suggest I reset pasword on old DC? Or it's better that I moved just PDC role back to old DC and reset password on new DC?
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22882169
All FSMOs should be on working DCs.
What kind of errors do you have? Anything in eventlog?
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
automatic login 1 12
Unknown AD user under VMWare OU 4 29
AD reporting and update tool 9 53
Need to test AD authentication 3 24
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now