The information in this article applies to:
- Microsoft Windows NT Advanced Server version 3.1
- Microsoft Windows NT Server version 3.5
- Microsoft LAN Manager version 2.1x and 2.2x
SYMPTOMS
When a user accounts database on a LAN Manager backup domain controller
(BDC) does not receive updates from the Windows NT domain controller, you
encounter any one of the following problems:
- You are unable to access shares on a LAN Manager Server. They receive an
Access Denied or Invalid Username Or Password error message.
- Attempts by administrators to remotely administer LAN Manager Servers
result in "Access Denied" error messages.
- The Windows NT Domain Controller Event Viewer reports "Full
Synchronization with the server \\LANMAN_Server failed."
- The error log on the LAN Manager Server reports the error message "Full
Synchronization with the Primary Domain Controller \\NTAS failed."
MORE INFORMATION
Use the troubleshooting steps to determine the cause of these errors:
- Determine if the Lan Manager BDC can access the Windows NT domain
controller using the "NET VIEW" or "NET USE" command. If it cannot,
the network connection has failed; troubleshoot the problem as a
connectivity issue.
- Verify that the LAN Manager Server is actually configured as a BDC.
- Verify that the NETLOGON service is running on the LAN Manager BDC.
If the NETLOGON service is not running, run NET START NETLOGON at the
command prompt to start it. If an error message appears, run NET
HELPMSG #### to get more information on the the error message.
- Verify that the Windows NT Domain controller has a Servers user group.
If it does not, create one.
- Verify that the LAN Manager BDC machine account is a member of the
Servers group. If it is not, add the LAN Manager BDC machine account to
the group.
- Verify that Windows NT Server Manager lists the LAN Manager BDC as a
member of the domain with a description of "Lan Manager Server."
If it does not, add a domain account for the LAN Manager BDC using the
Computer menu Add To Domain option.
- If the protocol in use is a routable protocol, verify that the
there is some provision for NetBIOS name resolution for the domain
name. For example, on a TCP/IP network, verify that the LMHOSTS
file contains an entry similar to the following
102.54.94.97 <domcontroller> #PRE #DOM:domainname
where <domcontroller> is the NetBIOS name of the Windows NT Domain
Controller.
- In the Windows NT Server Manager, select the LAN Manager BDC machine
name and then select Synchronize with Domain Controller from the
Computer menu. After the synchronization is complete, check the error
log on the LAN Manager BDC for messages generated by the NETLOGON
service. You should see a report of the outcome of the synchronization
of the user account database. If the NETLOGON service reports an error,
note that error and any hex code associated with it. The error will
probably be Net3226, with one of a few possible hex codes.
- Translate the hex code to decimal to get a net error message by
inverting the digits, then converting them to decimal. For example,
EA00 becomes 00EA after being inverted, and then 234 after being
converted to decimal. Type NET HELPMSG 234 at the command prompt
to get an explanation of the error message.
If the hex code is 05 00, the problem is Access Denied. The Windows NT
domain controller is unable to establish a connection with the BDC. To
correct this problem, follow the instructions in Knowledge Base article
Q120930: How to Re-sync a LAN Manager Server in a Windows NT Domain.
If the hex code is EA 00, the problem is "More Data is available." The
Windows NT Domain controller is attempting to send more data to the LAN
Manager BDC than the BDC is able to accommodate. This problem is most
likely the result of having too many groups defined in the domain. A LAN
Manager can support no more than 256 groups.
To troubleshoot any other hex codes associated with the Net3226 message,
query on Microsoft Knowledge Base article Q99255: Troubleshooting
NET3226 Errors, here in the Microsoft Knowledge Base.
|