This article was previously published under Q131366
This article has been archived. It is offered "as is" and will no longer be updated.
When a Windows NT PDC (Primary Domain Controller) is rebooted, event 5712warnings appear in the event log, indicating that BDC's (Backup DomainController's) attempts to synchronize have failed. The Detail Descriptionof the error log is:
The partial synchronization request from the server <BDC_server_name> failed with the following error: Access is denied.
The Detail Data of the error log is:
NOTE: c0000022 is defined as Status_Access_Denied.
When the Netlogon service starts on the rebooted PDC, it sends a pulse tothe BDC indicating that it needs to synchronize with the accounts databaseson the PDC. The BDC responds with a partial synch request. However, asecure channel with the PDC is required to complete the request. Becausethe BDC had a secure channel with the PDC before the PDC was rebooted, itattempts to submit the partial synch request without establishing a newsecure channel. The request fails with Access Denied. After receiving theAccess Denied status from the PDC, the BDC requests a new secure channeland completes the partial synch request successfully.
Event 5712 messages due to Access Denied are common immediately afterthe reboot of a PDC. They are not necessarily harmful, and do not mean thatthe BDC is unable to synchronize with the PDC.
As a test to see if the 5712 warning is important, force a synchronizationwith the PDC from the BDC and check the event log on the BDC. If theNetlogon messages in the BDC event log indicate that the synchronizationattempt with the PDC was successful, then the warnings on the PDC can beignored.
NOTE: This article discusses a single cause of 5712 errors. If your BDC isunable to synchronize with the PDC when you force it to in Server Manager,then the Secure Channel account on the BDC may have an invalid password.