Event Id | 3210 |
Source | Netlogon |
Description | Failed to authenticate with <computer name>, a Windows NT domain controller for domain <domain name>. Data word: c0000022 |
Event Information | After a Windows NT backup domain controller (BDC) has been offline for some time, it may fall out of synchronization with the primary domain controller (PDC). When you attempt to bring the BDC back online, you may get the above error in the BDCs Event Viewer. CAUSE : Domain controllers maintain a password-protected channel between each other. When a BDC is brought into a domain, the PDC gives the BDC the current password to use when connecting to the PDC for authentication, account database replication, and other system activities. This password changes automatically on a regular basis. If the BDC is offline when the password changes, or if a BDC is restored from a backup that has an old password, the BDC will not be able to authenticate with the PDC, and Netlogon will fail. RESOLUTION : In the simplest case, all that has happened is that the domain password has changed. To resolve the behavior, do the following: Start the BDC, and open Server Manager Select the BDCs name, and select Synchronize with Primary Domain Controller. If this procedure is successful, you will get a message that the LSA Database has been updated and Netlogon will start automatically. No other action is necessary. However, if synchronizing with the PDC does not work on the first attempt, try carrying out the same command again. Often, a second attempt will succeed. However, if the BDC will not synchronize and Netlogon fails to start after three attempts, you should create a new machine account for the BDC. These instructions are taken from a related article, 137987: Using Server Manager, create a new computer name. Synchronize entire domain (check another BDCs event viewer to see if it synchronized). At the problem BDC, use the Network tool in Control Panel to change the name to the new name c |
Reference Links | How to Re-Sync PDC/BDC Trust After Event IDs 3210 and 7023 NET VIEW May Cause Semaphore Time Out and Event ID 3210 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.