| Admin Tip #135: Windows NT Domain Synchronization fails - recovering from LSA corruption |
Hits: Failed to execute CGI : Win32 Error Code = 3
|
The full synchronization request from the server "bdc" failed with the following error: error text
on the primary domain controller (PDC), or event ID 5716
The partial synchronization replication of the SAM database from the primary domain controller name failed with the following error: Cannot perform this operation on built-in accounts
on one or more backup domain controllers (BDCs), indicating that replication of the LSA database failed. The kb article lists method to manually find and delete corrupted LSA secret or by using checked version of netlogon.dll to detect the corrupted secret in the LSA : Q199071
Once you have correct the BDC problems, to force a domain synchronization, use the commandline:
net accounts /sync
Equivalent to BDC selecting Synchronize with Primary Domain Controller from Server Manager.