Sunday 28 September 2014

The target principal name is incorrect DC not replicating in AD 2008

Today i Start two DCs in a site which were down from couple of weeks and after checking their health found that both DCs have replication issues with DCs in other sites.

Now my steps to resolve this issue were as bellow.

(1) First i check network configuration and also check the required ports to be opened and Found OK
(2) Then i compare time of faulty DCs with PDC and found OK
(3) Then i went to AD sites and services and tried from there replication but got the following error.
"The following error occurred during the attempt to synchronize naming context CN=Configuration, DC=abc, DC=com from domain controller dc1 to domain controller dc2:
the target principal name is incorrect
"

(4) Then i went to commandprompt and tried "Repadmin/showrepl and Repadmin/syncall etc"
but got the following error
"AD Replication error -2146893022: The target principal name is incorrect"

(5) I use the procedure in (http://nawazblogger.blogspot.com/2013/09/the-trust-relationship-between-this.html) and now came to know that I have to reset the password of both faulty DCs as in ADSI
edit of faulty DC and functional DCs it was different in pwdlastset in faulty and functional DCs .
To resolve this issue i went AD users and computer and then DCs OU and try right click on both DCs and select reset but got the following error.

"Server "DC1" is a domain controller you cannot reset the password of this object"

(6) Then i try the following command to reset but before this went to Services on this DC and stop the KDC service and set the startup type to manual and restart the server and after completion of this command restart this service as was before.
netdom resetpwd /s:DomainControler /ud:domain\user1 /pd:*
it asked for password and after typing the password and hitting enter key i got the bellow error while using DomainController of other site.
"The machine account password for the local machine could not be reset.
The network path was not found.
The command failed to complete successfully."
Then i went
Then i try to use "DomainController" as its own name as this server is domain controller and command was successful got this message.
The machine account password for the local machine has been successfully reset.
 The command completed successfully
(7) Then i check from ADSIEDIT of faulty and functional DCs and found that pwdlastset date was same.
(8) Now went to AD site and Services and also from command prompt with "Repadmin /showrepl and Repadmin /syncall etc"

and every thing was OK. all errors gone

1 comment:

  1. Hello Nawaz,
    I am using logging with Domain Administrator (default account) so in that case which accounts password I should change ?

    ReplyDelete