We have 2 domain controllers DC1(win 2003) and Mail1(win 2008). A week or so ago I started having problems with users who could not connect to Mapped drives \\dc1\xyz. if I change DC1 to the IP they can connect fine. Looked at the event logs on the computers and there are Replication errors. Dcdiag gets arrors on both machines too. from what I can see Mail1 is not seeing DC1 I can nslookup fine from both machines to each other, I can ping each machine from the other. But Mail1 DC just wont replicate. Not sure where to go from here.
Mail1 DC Diag
Directory Server Diagnosis
Performing initial setup: Trying to find home server... Home Server = mail1 * Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\MAIL1 Starting test: Connectivity ......................... MAIL1 passed test Connectivity Doing primary tests
Testing server: Default-First-Site\MAIL1 Starting test: Advertising ......................... MAIL1 passed test Advertising Starting test: FrsEvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... MAIL1 passed test FrsEvent Starting test: DFSREvent ......................... MAIL1 passed test DFSREvent Starting test:
SysVolCheck ......................... MAIL1 passed test SysVolCheck Starting test: KccEvent ......................... MAIL1 passed test KccEvent Starting
test: KnowsOfRoleHolders [DC1] DsBindWithSpnEx() failed with error -2146893022, The target principal name is incorrect..
Warning: DC1 is the Schema Owner, but is not responding to DS RPC Bind. [DC1] LDAP bind failed with error 8341, A directory
service error has occurred..
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind. Warning: DC1 is the Domain Owner, but is not responding to DS RPC Bind. Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind. Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind. Warning: DC1 is the PDC Owner,
but is not responding to LDAP Bind. Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind. Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind. Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind. Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind. ......................... MAIL1 failed test KnowsOfRoleHolders Starting test: MachineAccount ......................... MAIL1 passed test MachineAccount Starting test: NCSecDesc Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set
access rights for the naming context: DC=DomainDnsZones,DC=CityOfYucaipa,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set
access rights for the naming context: DC=ForestDnsZones,DC=CityOfYucaipa,DC=local
......................... MAIL1 failed test NCSecDesc Starting test: NetLogons ......................... MAIL1 passed test NetLogons Starting test:
ObjectsReplicated ......................... MAIL1 passed test ObjectsReplicated Starting test: Replications [Replications Check,MAIL1] A recent replication attempt failed: From DC1 to MAIL1 Naming Context: DC=DomainDnsZones,DC=CityOfYucaipa,DC=local The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2012-11-28 11:04:46. The last success occurred at 2012-11-26 17:48:30. 73 failures have occurred since the last success. [Replications Check,MAIL1] A recent replication attempt failed: From DC1 to MAIL1 Naming Context: DC=ForestDnsZones,DC=CityOfYucaipa,DC=local The replication generated an error (1256): The remote system is not available. For information
about network troubleshooting, see Windows Help. The failure occurred at 2012-11-28 10:57:25. The last success occurred at 2012-11-26
17:42:57. 42 failures have occurred since the last success. [Replications Check,MAIL1] A recent replication attempt failed: From DC1 to MAIL1 Naming Context: CN=Schema,CN=Configuration,DC=CityOfYucaipa,DC=local The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2012-11-28 10:57:25. The last success occurred at 2012-11-26 17:42:54. 42 failures have occurred since the last success. [Replications Check,MAIL1] A recent replication attempt failed: From DC1 to MAIL1 Naming Context: CN=Configuration,DC=CityOfYucaipa,DC=local The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2012-11-28 10:57:25. The last success occurred at 2012-11-26 17:42:54. 44 failures have occurred since the last success. [Replications Check,MAIL1] A recent replication attempt failed: From DC1 to MAIL1 Naming Context: DC=CityOfYucaipa,DC=local The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2012-11-28 11:16:28. The last success occurred at 2012-11-19 13:42:49. 3312 failures have occurred since the last success. ......................... MAIL1 failed test Replications Starting test: RidManager ......................... MAIL1 failed test RidManager Starting test: Services ......................... MAIL1 passed test
Services Starting test: SystemLog An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:23:30 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain
controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:26:20 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:28:32 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:33:35 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:38:37 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:43:39 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 10:43:41 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was CITYOFYUCAIPA\DC1$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur
when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen
when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the
current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified
name to identify the server. An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 10:44:15 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was cifs/DC1.CityOfYucaipa.local. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used
by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if there are identically named server accounts
in these two domains, or use the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 10:46:30 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was ldap/DC1.CityOfYucaipa.local. This indicates
that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered
on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if
there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x00000422 Time Generated:
11/28/2012 10:48:41 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 10:53:43 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 10:57:46 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/db888d6e-4aaa-4e02-82a7-2033b417e167/CityOfYucaipa.local@CityOfYucaipa.local. This indicates
that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered
on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if
there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x00000422 Time Generated:
11/28/2012 10:58:45 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 10:59:33 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was DNS/dc1.cityofyucaipa.local. This indicates that the target server failed to decrypt the ticket provided by the client. This
can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can
also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated
to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if there are identically named server accounts in these two domains, or use
the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 11:03:47
Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller
and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 11:08:50 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x00000422 Time Generated: 11/28/2012 11:13:52 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 11:15:25 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was LDAP/db888d6e-4aaa-4e02-82a7-2033b417e167._msdcs.CityOfYucaipa.local. This indicates that the target server failed to decrypt
the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account
used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the
server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if there are identically named server accounts
in these two domains, or use the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x40000004 Time Generated: 11/28/2012 11:15:25 Event String: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.cityofyucaipa.local. The target name used was ldap/dc1.CityOfYucaipa.local. This indicates
that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered
on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CITYOFYUCAIPA.LOCAL) is different from the client domain (CITYOFYUCAIPA.LOCAL), check if
there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. An Error Event occurred. EventID: 0x00000422 Time Generated:
11/28/2012 11:18:54 Event String: The processing of Group Policy failed. Windows attempted to read the file \\CityOfYucaipa.local\sysvol\CityOfYucaipa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
......................... MAIL1 failed test SystemLog Starting test: VerifyReferences ......................... MAIL1 passed test VerifyReferences
Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation
Running partition tests on : CityOfYucaipa Starting test: CheckSDRefDom ......................... CityOfYucaipa passed test CheckSDRefDom Starting test: CrossRefValidation ......................... CityOfYucaipa passed test CrossRefValidation
Running enterprise tests on : CityOfYucaipa.local Starting test: LocatorCheck ......................... CityOfYucaipa.local passed test LocatorCheck Starting test: Intersite ......................... CityOfYucaipa.local passed test Intersite
Thanks for any advice offered!