Solved

Why Machine account password can be out of sync?

Posted on 2008-11-02
13
1,053 Views
Last Modified: 2013-12-05
Why Machine account password can be out of sync? I have 2 DCs in my single domain environment. One is running windows 2000 and the other one is windows 2003. I got access denied when doing replication through site and service. I know I have to reset the machine account password. But why it can be out of sync??? And on which DC I have to reset the password?
0
Comment
Question by:wuitsung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 22864578
Are using the correct account to do replication.
0
 

Author Comment

by:wuitsung
ID: 22864657
Can you explain in more detail? Thank you
0
 
LVL 13

Accepted Solution

by:
brent_caskey earned 100 total points
ID: 22864693
Around this time of year, the most common reason that I see domain controllers get out of sync is because of daylight savings time and the time not being correct on both domain controllers. I would check that the proper DST updates are on both computers.

mboppe is also correct - if you are not logged in with a user with the domain admin privileges, you will get an access is denied error.

As far as resetting the machine account password, here is a KB article that explains how to do this in detail: http://support.microsoft.com/kb/325850.

Whichever DC is the PDC emulator has a correct machine account password. You would need to run the command on the other one.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:wuitsung
ID: 22864713
Thank you very much brent_caskey!!
My situation is like this...
I have an old DC running win2000 server/AD-integrated in my single domain. It's quiet slow, so I decided to built a new DC. I built the new DC and successfully done dcpromo. now it's also AD-integrated. I also just successfully transferred  the 5 FSMO roles to the new DC. But when I tried to do replication from site and service (Both DC are GCs), I got "The following error occurred during the attempt to synchronize the domain controllers: Access is denied"....

I also run DCDIAG /FIX on new DC, I got one of the fail message: Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So you think I have to reset password on the old DC?
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 50 total points
ID: 22864730
Check the eventviewer on both the DCs.You should have repliction errors. can you paste the errors are warnings over here.
0
 

Author Comment

by:wuitsung
ID: 22864922
I am not at the DC now. I will try to post the error message here next time.
Just another question.
C:\>netdom resetpwd /server:<servername> /userd:<username>\Administrator /passwordd:*

Do I enter the password of the domain administrator password here? or just anything?
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22864958
with the *, it will prompt for a password
You would enter the password for the account listed - which is the Administrator password.
0
 

Author Comment

by:wuitsung
ID: 22864962
you mean I type * in the command line and I will get something popup to enter password? and for my last post, which DC should I reset the password? any idea? Thanx!!
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 150 total points
ID: 22869524
Run it on the server which is not holding PDCe FSMO role and reference the other server with /server-parameter.
The /passwordd:* gives you a password prompt on next line and will be hiding the typing of password from being echoed onscreen.
0
 

Author Comment

by:wuitsung
ID: 22869564
Thanx henjoh09!! But I just read a post and the guy successfully done by this way...... Does what he done not correct?

http://www.tek-tips.com/viewthread.cfm?qid=756697

His solution is at the last post.
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 150 total points
ID: 22870702
I read through that post and he restarted the server, but I didn't understand it as he resetted the password on the server holding the PDCe FSMO.

I wouldn't do it on a server holding PDCe role without ensuring that I can move the FSMOs away from the server before doing it. It can otherwise end up with necessary FSMO-hijacking and other cleanup.

See KB for MS instructions about resetting computer password:
http://support.microsoft.com/kb/260575
0
 

Author Comment

by:wuitsung
ID: 22870870
Ok. I see. But I already moved all 5 FSMO roles to new DC. but the thing is when I run netdiag /fix, I got Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC....

So do you still suggest I reset pasword on old DC? Or it's better that I moved just PDC role back to old DC and reset password on new DC?
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22882169
All FSMOs should be on working DCs.
What kind of errors do you have? Anything in eventlog?
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question