Lanman BDC Synchronization Problems in Windows NT Domains

Last reviewed: September 9, 1996
Article ID: Q125995
The information in this article applies to:
  • Microsoft Windows NT Advanced Server version 3.1
  • Microsoft Windows NT Server version 3.5
  • Microsoft LAN Manager version 2.1x and 2.2x

SYMPTOMS

When a user accounts database on a LAN Manager backup domain controller (BDC) does not receive updates from the Windows NT domain controller, you encounter any one of the following problems:

  • You are unable to access shares on a LAN Manager Server. They receive an Access Denied or Invalid Username Or Password error message.
  • Attempts by administrators to remotely administer LAN Manager Servers result in "Access Denied" error messages.
  • The Windows NT Domain Controller Event Viewer reports "Full Synchronization with the server \\LANMAN_Server failed."
  • The error log on the LAN Manager Server reports the error message "Full Synchronization with the Primary Domain Controller \\NTAS failed."

MORE INFORMATION

Use the troubleshooting steps to determine the cause of these errors:

  1. Determine if the Lan Manager BDC can access the Windows NT domain controller using the "NET VIEW" or "NET USE" command. If it cannot, the network connection has failed; troubleshoot the problem as a connectivity issue.

  2. Verify that the LAN Manager Server is actually configured as a BDC.

  3. Verify that the NETLOGON service is running on the LAN Manager BDC. If the NETLOGON service is not running, run NET START NETLOGON at the command prompt to start it. If an error message appears, run NET HELPMSG #### to get more information on the the error message.

  4. Verify that the Windows NT Domain controller has a Servers user group. If it does not, create one.

  5. Verify that the LAN Manager BDC machine account is a member of the Servers group. If it is not, add the LAN Manager BDC machine account to the group.

  6. Verify that Windows NT Server Manager lists the LAN Manager BDC as a member of the domain with a description of "Lan Manager Server." If it does not, add a domain account for the LAN Manager BDC using the Computer menu Add To Domain option.

  7. If the protocol in use is a routable protocol, verify that the there is some provision for NetBIOS name resolution for the domain name. For example, on a TCP/IP network, verify that the LMHOSTS file contains an entry similar to the following

          102.54.94.97     <domcontroller>     #PRE     #DOM:domainname
    
       where <domcontroller> is the NetBIOS name of the Windows NT Domain
       Controller.
    
    

  8. In the Windows NT Server Manager, select the LAN Manager BDC machine name and then select Synchronize with Domain Controller from the Computer menu. After the synchronization is complete, check the error log on the LAN Manager BDC for messages generated by the NETLOGON service. You should see a report of the outcome of the synchronization of the user account database. If the NETLOGON service reports an error, note that error and any hex code associated with it. The error will probably be Net3226, with one of a few possible hex codes.

  9. Translate the hex code to decimal to get a net error message by inverting the digits, then converting them to decimal. For example, EA00 becomes 00EA after being inverted, and then 234 after being converted to decimal. Type NET HELPMSG 234 at the command prompt to get an explanation of the error message.

    If the hex code is 05 00, the problem is Access Denied. The Windows NT domain controller is unable to establish a connection with the BDC. To correct this problem, follow the instructions in Knowledge Base article Q120930: How to Re-sync a LAN Manager Server in a Windows NT Domain.

    If the hex code is EA 00, the problem is "More Data is available." The Windows NT Domain controller is attempting to send more data to the LAN Manager BDC than the BDC is able to accommodate. This problem is most likely the result of having too many groups defined in the domain. A LAN Manager can support no more than 256 groups.

    To troubleshoot any other hex codes associated with the Net3226 message, query on Microsoft Knowledge Base article Q99255: Troubleshooting NET3226 Errors, here in the Microsoft Knowledge Base.


KBCategory: kbnetwork kb3rdparty
KBSubcategory: ntdomain ntinterop
Additional reference words: 3.10 3.50 2.20 2.1 2.1a 2.2 replication prodnt



THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 9, 1996
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.