JSI Tip 7927. The Windows 2000 Active Directory Replication Monitor reports replications errors?

When you manually replicate the domain using the Active Directory Replication Monitor in Windows 2000, you receive:

Could not find the domain controller for this domain.


If you use the net use command from a CMD.EXE window or batch file, you receive:

        There are currently no logon servers available to service the logon request.

if you use the net time or net view command from a CMD.EXE window or batch file, you receive:

        System error 5 has occurred. Access is denied.

If you try to replicate domain controllers from different domains, you receive:

        The Active Directory Object could not be displayed. A referral was returned from the server.

If you run nltest /sc_query:<child>.<root>.<com>, you receive:

        Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS

This behavior will result if your firewall incorrectly truncates UDP (User Datagram Protocol) packets.

To resolve this problem, fix your firewall. If you can't, force Kerberos to use TCP instead of UDP, and set the MaxPacketSize Value Name, a REG_DWORD data type, to a data value of 2000.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.