Active Directory Replication Issue between two DC's

Posted on 2008-10-28
Last Modified: 2012-06-21
We have two domain controllers (W2K8) and when performing a manual AD replication between them the following error is detailed;
The following error occured during the attempt to synchronize context. The target principle name is incorrect.
On DC1 when you manually replicate AD reports the connections as OK to DC2, on DC2 the error appears. Checking AD Users and computers on DC1 shows it as the operations master. Checking on DC2 shows error. Checking in AD sites/svcs shows the same. DC3 is fine to all others except going from DC2 to DC1.
DC2 has Exchange 2007 installed, Symantec BU Exec 12 required the install of the Exchange Management Console yesterday on DC1 which hosts Backup Exec. Restarting AD Services is to no avail. Checking Logs on DC1 don't list any issues. Checking the logs on DC2 showlots of 1308 KCC errors having issues. DC1 also has had Network Policy Server installed 3 days ago.
Question by:Anthony_Rich
LVL 63

Expert Comment

ID: 22828293
RUn dcdiag and netdiag on all servers and see what shows up.

Also see if there is a Best practices analyzer for exchange and or win 2008.

I hope this helps !
LVL 15

Expert Comment

ID: 22828981
theres no BPA for win 2008 AD.... but there is for exchange.

Its likely to be a DNS issue, but if you check the directory services log on the DC thats having the issue, it will tell you what the issue is.... and if you cant interpret it, post it here...
LVL 33

Expert Comment

ID: 22831255
Please have the following reports run to provide us some better information. Also, can you paste those KCC errors here - thanks.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint



Accepted Solution

Anthony_Rich earned 0 total points
ID: 22863325
Okay state of play at the moment, ran DCDiag and it reported that all servers were failing replication. Restarted DNS on all servers and Active Directory services. Re built active directory sites and services. (Identical to what it was) and commenced to do manual replication between sites. Is now working. DCDiag reports minimul errors.
C:\Users\Administrator>dcdiag /test:replications
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = TCCI-SVR1
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Hobart\TCCI-SVR1
      Starting test: Connectivity
    ............... TCCI-SVR1 passed test Connectivity
Doing primary tests
   Testing server: Hobart\TCCI-SVR1
    Starting test: Replications
     .... TCCI-SVR1 passed test Replications
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : tcci
   Running enterprise tests on : tcci.local
Don't know on this one.....
LVL 63

Expert Comment

ID: 22863689
SO when you run  the DCDIAG again, does it say that it is replicating ?


Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question