JSI Tip 1156. Event ID 5714 on PDC or 5716 on BDC.

In tips 0632 and 0669, I described some possible causes of Event ID 5716.

If you receive an Event 5714 on the PDC:

   The full synchronization request from the server "BDC" failed with the   following error: 

or a 5716 on a BDC:

   The partial synchronization replication of the SAM database from the primary   domain controller  failed with the following error: Cannot   perform this operation on built-in accounts

you may have a corrupt LSA Secrets entry in the registry.

This can happen due to power failure or improper shutdown.

To determine if this is the cause, use Regedt32 on the PDC, to navigate to:

HKEY_LOCAL_MACHINESecurity

Use the Security/Permissions menu to grant:

Administrators: Full Control
System: Full Control

to this key and all sub-keys.

NOTE: Ignore all errors while changing permissions.

Navigate to:

HKEY_LOCAL_MACHINESecurityPolicySecrets

where is the corrupt secret, identified because it starts with G$ and only has one sub-key, probably PolMod. Most secrets will have 5 sub-keys.

Delete the corrupt secret and its' sub-keys.

Reset the permissions on HKEY_LOCAL_MACHINESecurity and its' sub-keys to:

Administrators: Special... (only Read Control and Write DAC)
System: Full Control

If you delete G$$, you will need to re-establish the trust in User Manager for Domains.