Windows NT Domain Controller Synchronization fails - recovering from LSA corruption

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

If you see Windows NT event ID 5714

The full synchronization request from the server "bdc" failed with the following error: error text

on the primary domain controller (PDC), or event ID 5716

The partial synchronization replication of the SAM database from the primary domain controller name failed with the following error: Cannot perform this operation on built-in accounts

on one or more backup domain controllers (BDCs), indicating that replication of the LSA database failed. The kb article lists method to manually find and delete corrupted LSA secret or by using checked version of netlogon.dll to detect the corrupted secret in the LSA : Q199071

Once you have correct the BDC problems, to force a domain synchronization, use the commandline:

net accounts /sync

Equivalent to BDC selecting Synchronize with Primary Domain Controller from Server Manager.

Featured Links