Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Active Directory Replication Issue between two DC's

Posted on 2008-10-28
Medium Priority
Last Modified: 2012-06-21
We have two domain controllers (W2K8) and when performing a manual AD replication between them the following error is detailed;
The following error occured during the attempt to synchronize context. The target principle name is incorrect.
On DC1 when you manually replicate AD reports the connections as OK to DC2, on DC2 the error appears. Checking AD Users and computers on DC1 shows it as the operations master. Checking on DC2 shows error. Checking in AD sites/svcs shows the same. DC3 is fine to all others except going from DC2 to DC1.
DC2 has Exchange 2007 installed, Symantec BU Exec 12 required the install of the Exchange Management Console yesterday on DC1 which hosts Backup Exec. Restarting AD Services is to no avail. Checking Logs on DC1 don't list any issues. Checking the logs on DC2 showlots of 1308 KCC errors having issues. DC1 also has had Network Policy Server installed 3 days ago.
Question by:Anthony_Rich
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 63

Expert Comment

ID: 22828293
RUn dcdiag and netdiag on all servers and see what shows up.

Also see if there is a Best practices analyzer for exchange and or win 2008.

I hope this helps !
LVL 15

Expert Comment

ID: 22828981
theres no BPA for win 2008 AD.... but there is for exchange.

Its likely to be a DNS issue, but if you check the directory services log on the DC thats having the issue, it will tell you what the issue is.... and if you cant interpret it, post it here...
LVL 33

Expert Comment

ID: 22831255
Please have the following reports run to provide us some better information. Also, can you paste those KCC errors here - thanks.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint



Accepted Solution

Anthony_Rich earned 0 total points
ID: 22863325
Okay state of play at the moment, ran DCDiag and it reported that all servers were failing replication. Restarted DNS on all servers and Active Directory services. Re built active directory sites and services. (Identical to what it was) and commenced to do manual replication between sites. Is now working. DCDiag reports minimul errors.
C:\Users\Administrator>dcdiag /test:replications
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = TCCI-SVR1
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Hobart\TCCI-SVR1
      Starting test: Connectivity
    ............... TCCI-SVR1 passed test Connectivity
Doing primary tests
   Testing server: Hobart\TCCI-SVR1
    Starting test: Replications
     .... TCCI-SVR1 passed test Replications
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : tcci
   Running enterprise tests on : tcci.local
Don't know on this one.....
LVL 63

Expert Comment

ID: 22863689
SO when you run  the DCDIAG again, does it say that it is replicating ?


Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question