The information in this article applies to:
SYMPTOMS
The NetLogon service fails to start on a backup domain controller (BDC)
with NetLogon error 3210 or 5721, whereas, in the system event logs of the
primary domain controller (PDC) the NetLogon service logs errors 5722 or
5723.
CAUSEWhen NetLogon starts on PDC, it enumerates all computer accounts and for each BDC builds a structure that is used to establish the secure channel. NetLogon enumerates a maximum of 250 accounts on each call to the SAM, but due to a problem in NetLogon, NetLogon is missing one account between each set of 250. If that account is a workstation account, you do not experience any problems. However, if that account is a BDC account, you experience the problem mentioned above. RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, please see the following article in the
Microsoft Knowledge Base: Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack MORE INFORMATION
For each BDC, there is a discrete communication channel (the secure
channel) with the PDC. The secure channel is used by the NetLogon service
on the BDC and on the PDC in order to communicate.
The output looks similar to the following:
NOTE: If you receive the error message below, please see the following article in the Microsoft Knowledge Base: The computer account for \\BDCNAME doesn't exist or has an invalid password. Q150518 NetLogon Service Fails when Secure Channel Not Functioning STATUSMicrosoft has confirmed this to be a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4. Additional query words: 4.00 prodnt
Keywords : kbtool NT4SP4Fix kbbug4.00 kbfix4.00.sp4 NTSrv ntutil |
Last Reviewed: January 20, 2000 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |