Issue
Domain Controllers Replication Failed
The showrepl showing the DC replication failed due to the - The target principal name is incorrect (example as below):
| repadmin /showrepl |
This is due to the destination domain controller (the DC that you run the showrepl command) receives a service ticket from a Kerberos Key Distribution Center (KDC) that has an old version of the password for the source domain controller.
Environment
ASTRO
Domain Controller (DC)
Active Directory (AD)
Kerberos Key Distribution Center (KDC)
Resolution
1. Stop the KDC service on the destination domain controller. To do this, run the following command at a command prompt (with administrative right):
| net stop KDC |
2. Proceed to do the replication between the DCs by typing the repadmin command for each of the naming context that is failed:
| repadmin /replicate destinationDC sourceDC "naming_context"/force |
| destinationDC = the DC that you are on and ran the showrepl |
| sourceDC = the DC that is failing to replication in the showrepl output |
| naming_context = get this from the showrepl output (refer below) |
example: repamin /replicate Z001DC01 UCS-DC01 "DC=zone1,DC=mot,DC=sz0a65"/force
3. Start the Kerberos KDC service on the destination domain controller. To do this, run the following command:
| net start KDC |
4. Check the replication status by running the repadmin command below:
| repadmin /showrepl |
| repadmin /replsum |