2 DC's in a very small home network. I went down so I restored it from backup. Now replication is failing.
C:\Users\Administrator>dcdiag /test:checksecurityerror /replsource:DC2
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: CheckSecurityError
Source DC DC2 was requested for a manual security error check.
Diagnosing...
Time skew error between client and 1 DCs! ERROR_ACCESS_DENIED
or down machine received by:
DC2
[DC2] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Ignoring DC DC2 in the convergence test of object
CN=DC1,OU=Domain Controllers,DC=domainNet,DC=local, because we
cannot connect!
......................... DC1 failed test CheckSecurityError
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domainNet
Running enterprise tests on : domainNet.local
_---------------------------------------------------------
Get similar message when done on the other DC
_---------------------------------------------------------
C:\Users\administrator>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: fe80::a00:1
_-----------------------------------------------------------
If it passed I deleted it
C:\Users\administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test DFSREvent
Starting test: KccEvent
A warning event occurred. EventID: 0x8000082C
Time Generated: 07/18/2015 18:20:43
Event String:
A warning event occurred. EventID: 0x8000082C
Time Generated: 07/18/2015 18:21:07
Event String:
......................... DC1 passed test KccEvent
Starting test: Replications
[Replications Check,DC1] A recent replication attempt failed:
From DC2 to DC1
Naming Context: DC=ForestDnsZones,DC=domainNet,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2015-07-18 17:49:43.
The last success occurred at 2015-06-09 01:57:35.
4 failures have occurred since the last success.
[DC2] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,DC1] A recent replication attempt failed:
From DC2 to DC1
Naming Context: DC=DomainDnsZones,DC=domainNet,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2015-07-18 17:49:43.
The last success occurred at 2015-06-09 01:51:53.
4 failures have occurred since the last success.
[Replications Check,DC1] A recent replication attempt failed:
From DC2 to DC1
Naming Context: CN=Schema,CN=Configuration,DC=domainNet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-07-18 17:49:43.
The last success occurred at 2015-06-09 01:51:53.
4 failures have occurred since the last success.
[Replications Check,DC1] A recent replication attempt failed:
From DC2 to DC1
Naming Context: CN=Configuration,DC=domainNet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-07-18 17:49:43.
The last success occurred at 2015-06-09 01:51:52.
4 failures have occurred since the last success.
[Replications Check,DC1] A recent replication attempt failed:
From DC2 to DC1
Naming Context: DC=domainNet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-07-18 17:49:43.
The last success occurred at 2015-06-09 02:01:48.
4 failures have occurred since the last success.
......................... DC1 failed test Replications
Starting test: RidManager
The DS has corrupt data: rIDPreviousAllocationPool value is not valid
No rids allocated -- please check eventlog.
......................... DC1 failed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 17:38:46
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 07/18/2015 17:39:48
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was domainNET\DC2$. This indic
ates that the target server failed to decrypt the ticket provided by the client.
This can occur when the target server principal name (SPN) is registered on an
account other than the account the target service is using. Please ensure that t
he target SPN is registered on, and only registered on, the account used by the
server. This error can also happen when the target service is using a different
password for the target service account than what the Kerberos Key Distribution
Center (KDC) has for the target service account. Please ensure that the service
on the server and the KDC are both updated to use the current password. If the s
erver name is not fully qualified, and the target domain (domainNET.LOCAL) is
different from the client domain (domainNET.LOCAL), check if there are identic
ally named server accounts in these two domains, or use the fully-qualified name
to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 07/18/2015 17:43:47
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was cifs/DC2.domainNet.local.
This indicates that the target server failed to decrypt the ticket provided by t
he client. This can occur when the target server principal name (SPN) is registe
red on an account other than the account the target service is using. Please ens
ure that the target SPN is registered on, and only registered on, the account us
ed by the server. This error can also happen when the target service is using a
different password for the target service account than what the Kerberos Key Dis
tribution Center (KDC) has for the target service account. Please ensure that th
e service on the server and the KDC are both updated to use the current password
. If the server name is not fully qualified, and the target domain (domainNET.
LOCAL) is different from the client domain (domainNET.LOCAL), check if there a
re identically named server accounts in these two domains, or use the fully-qual
ified name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 17:43:47
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 17:48:47
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 07/18/2015 17:49:43
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2
/68753daf-7c2c-4a0b-aa0c-f8f55c1ed48b/domainNet.local@domainNet.local. This
indicates that the target server failed to decrypt the ticket provided by the cl
ient. This can occur when the target server principal name (SPN) is registered o
n an account other than the account the target service is using. Please ensure t
hat the target SPN is registered on, and only registered on, the account used by
the server. This error can also happen when the target service is using a diffe
rent password for the target service account than what the Kerberos Key Distribu
tion Center (KDC) has for the target service account. Please ensure that the ser
vice on the server and the KDC are both updated to use the current password. If
the server name is not fully qualified, and the target domain (domainNET.LOCAL
) is different from the client domain (domainNET.LOCAL), check if there are id
entically named server accounts in these two domains, or use the fully-qualified
name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 17:53:48
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 17:58:49
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:03:49
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:08:50
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:13:50
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:18:51
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:23:51
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:28:52
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 07/18/2015 18:31:01
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was LDAP/68753daf-7c2c-4a0b-aa0c-f8f55c1
ed48b._msdcs.domainNet.local. This indicates that the target server failed to
decrypt the ticket provided by the client. This can occur when the target server
principal name (SPN) is registered on an account other than the account the tar
get service is using. Please ensure that the target SPN is registered on, and on
ly registered on, the account used by the server. This error can also happen whe
n the target service is using a different password for the target service accoun
t than what the Kerberos Key Distribution Center (KDC) has for the target servic
e account. Please ensure that the service on the server and the KDC are both upd
ated to use the current password. If the server name is not fully qualified, and
the target domain (domainNET.LOCAL) is different from the client domain (GREE
NLEENET.LOCAL), check if there are identically named server accounts in these tw
o domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 07/18/2015 18:33:52
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
......................... DC1 failed test SystemLog