Skip navigation

JSI Tip 1156. Event ID 5714 on PDC or 5716 on BDC.

In tips 0632 and 0669, I described some possible causes of Event ID 5716.

If you receive an Event 5714 on the PDC:

   The full synchronization request from the server "BDC" failed with the
   following error: <error text>
or a 5716 on a BDC:

   The partial synchronization replication of the SAM database from the primary
   domain controller  failed with the following error: Cannot
   perform this operation on built-in accounts
you may have a corrupt LSA Secrets entry in the registry.

This can happen due to power failure or improper shutdown.

To determine if this is the cause, use Regedt32 on the PDC, to navigate to:


Use the Security/Permissions menu to grant:

Administrators: Full Control
System: Full Control

to this key and all sub-keys.

NOTE: Ignore all errors while changing permissions.

Navigate to:


where <secretname> is the corrupt secret, identified because it starts with G$ and only has one sub-key, probably PolMod. Most secrets will have 5 sub-keys.

Delete the corrupt secret and its' sub-keys.

Reset the permissions on HKEY_LOCAL_MACHINE\Security and its' sub-keys to:

Administrators: Special... (only Read Control and Write DAC)
System: Full Control

If you delete G$$<DOMAINNAME>, you will need to re-establish the trust in User Manager for Domains.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.