Cannot connect to Replication partner

2 DC's in a very small home network. I went down so I restored it from backup. Now replication is failing.


C:\Users\Administrator>dcdiag /test:checksecurityerror /replsource:DC2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: CheckSecurityError
         Source DC DC2 was requested for a manual security error check.
          Diagnosing...
               Time skew error between client and 1 DCs!  ERROR_ACCESS_DENIED
               or down machine received by:
                        DC2
         [DC2] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         Ignoring DC DC2 in the convergence test of object
         CN=DC1,OU=Domain Controllers,DC=domainNet,DC=local, because we
         cannot connect!
         ......................... DC1 failed test CheckSecurityError


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domainNet

   Running enterprise tests on : domainNet.local

_---------------------------------------------------------

Get similar message when done on the other DC


_---------------------------------------------------------


C:\Users\administrator>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  fe80::a00:1

_-----------------------------------------------------------

If it passed I deleted it

C:\Users\administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC1
     
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC1 failed test DFSREvent
     
      Starting test: KccEvent
         A warning event occurred.  EventID: 0x8000082C
            Time Generated: 07/18/2015   18:20:43
            Event String:
         A warning event occurred.  EventID: 0x8000082C
            Time Generated: 07/18/2015   18:21:07
            Event String:
         ......................... DC1 passed test KccEvent
     
      Starting test: Replications
         [Replications Check,DC1] A recent replication attempt failed:
            From DC2 to DC1
            Naming Context: DC=ForestDnsZones,DC=domainNet,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2015-07-18 17:49:43.
            The last success occurred at 2015-06-09 01:57:35.
            4 failures have occurred since the last success.
         [DC2] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,DC1] A recent replication attempt failed:
            From DC2 to DC1
            Naming Context: DC=DomainDnsZones,DC=domainNet,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2015-07-18 17:49:43.
            The last success occurred at 2015-06-09 01:51:53.
            4 failures have occurred since the last success.
         [Replications Check,DC1] A recent replication attempt failed:
            From DC2 to DC1
            Naming Context: CN=Schema,CN=Configuration,DC=domainNet,DC=local
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2015-07-18 17:49:43.
            The last success occurred at 2015-06-09 01:51:53.
            4 failures have occurred since the last success.
         [Replications Check,DC1] A recent replication attempt failed:
            From DC2 to DC1
            Naming Context: CN=Configuration,DC=domainNet,DC=local
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2015-07-18 17:49:43.
            The last success occurred at 2015-06-09 01:51:52.
            4 failures have occurred since the last success.
         [Replications Check,DC1] A recent replication attempt failed:
            From DC2 to DC1
            Naming Context: DC=domainNet,DC=local
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2015-07-18 17:49:43.
            The last success occurred at 2015-06-09 02:01:48.
            4 failures have occurred since the last success.
         ......................... DC1 failed test Replications
      Starting test: RidManager
         The DS has corrupt data: rIDPreviousAllocationPool value is not valid
         No rids allocated -- please check eventlog.
         ......................... DC1 failed test RidManager
      Starting test: Services
         ......................... DC1 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   17:38:46
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x40000004
            Time Generated: 07/18/2015   17:39:48
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was domainNET\DC2$. This indic
ates that the target server failed to decrypt the ticket provided by the client.
 This can occur when the target server principal name (SPN) is registered on an
account other than the account the target service is using. Please ensure that t
he target SPN is registered on, and only registered on, the account used by the
server. This error can also happen when the target service is using a different
password for the target service account than what the Kerberos Key Distribution
Center (KDC) has for the target service account. Please ensure that the service
on the server and the KDC are both updated to use the current password. If the s
erver name is not fully qualified, and the target domain (domainNET.LOCAL) is
different from the client domain (domainNET.LOCAL), check if there are identic
ally named server accounts in these two domains, or use the fully-qualified name
 to identify the server.
         An error event occurred.  EventID: 0x40000004
            Time Generated: 07/18/2015   17:43:47
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was cifs/DC2.domainNet.local.
This indicates that the target server failed to decrypt the ticket provided by t
he client. This can occur when the target server principal name (SPN) is registe
red on an account other than the account the target service is using. Please ens
ure that the target SPN is registered on, and only registered on, the account us
ed by the server. This error can also happen when the target service is using a
different password for the target service account than what the Kerberos Key Dis
tribution Center (KDC) has for the target service account. Please ensure that th
e service on the server and the KDC are both updated to use the current password
. If the server name is not fully qualified, and the target domain (domainNET.
LOCAL) is different from the client domain (domainNET.LOCAL), check if there a
re identically named server accounts in these two domains, or use the fully-qual
ified name to identify the server.
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   17:43:47
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   17:48:47
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x40000004
            Time Generated: 07/18/2015   17:49:43
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2
/68753daf-7c2c-4a0b-aa0c-f8f55c1ed48b/domainNet.local@domainNet.local. This
indicates that the target server failed to decrypt the ticket provided by the cl
ient. This can occur when the target server principal name (SPN) is registered o
n an account other than the account the target service is using. Please ensure t
hat the target SPN is registered on, and only registered on, the account used by
 the server. This error can also happen when the target service is using a diffe
rent password for the target service account than what the Kerberos Key Distribu
tion Center (KDC) has for the target service account. Please ensure that the ser
vice on the server and the KDC are both updated to use the current password. If
the server name is not fully qualified, and the target domain (domainNET.LOCAL
) is different from the client domain (domainNET.LOCAL), check if there are id
entically named server accounts in these two domains, or use the fully-qualified
 name to identify the server.
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   17:53:48
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   17:58:49
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:03:49
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:08:50
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:13:50
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:18:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:23:51
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:28:52
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x40000004
            Time Generated: 07/18/2015   18:31:01
            Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
rver DC2$. The target name used was LDAP/68753daf-7c2c-4a0b-aa0c-f8f55c1
ed48b._msdcs.domainNet.local. This indicates that the target server failed to
decrypt the ticket provided by the client. This can occur when the target server
 principal name (SPN) is registered on an account other than the account the tar
get service is using. Please ensure that the target SPN is registered on, and on
ly registered on, the account used by the server. This error can also happen whe
n the target service is using a different password for the target service accoun
t than what the Kerberos Key Distribution Center (KDC) has for the target servic
e account. Please ensure that the service on the server and the KDC are both upd
ated to use the current password. If the server name is not fully qualified, and
 the target domain (domainNET.LOCAL) is different from the client domain (GREE
NLEENET.LOCAL), check if there are identically named server accounts in these tw
o domains, or use the fully-qualified name to identify the server.
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/18/2015   18:33:52
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\domainNet.local\sysvol\domainNet.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         ......................... DC1 failed test SystemLog

July 18th, 2015 8:00pm

you are doing non-authoritative restore?
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2015 8:24pm

Not sure why you would do a restore. You should just demote the DC that you have restored and then re-promote. That way you can allow fresh replication to start from the working DC. This would also be a much faster approach as well.

Will.

July 18th, 2015 9:14pm

I agree with Will on this. A repromotion would be the fastest way to get things up and running.

It's unclear however what went down and what was restored though (1 of 2 DCs), the OS and the details of the backup.

If troubleshooting is your game, the following article could be of use:

Troubleshooting AD Replication error -2146893022: The target principal name is incorrect.-https://support.microsoft.com/en-us/kb/2090913

Free Windows Admin Tool Kit Click here and download it now
July 19th, 2015 3:41am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics