Go Premium for a chance to win a PS4. Enter to Win


Active Directory Replication Issue between two DC's

Posted on 2008-10-28
Medium Priority
Last Modified: 2012-06-21
We have two domain controllers (W2K8) and when performing a manual AD replication between them the following error is detailed;
The following error occured during the attempt to synchronize context. The target principle name is incorrect.
On DC1 when you manually replicate AD reports the connections as OK to DC2, on DC2 the error appears. Checking AD Users and computers on DC1 shows it as the operations master. Checking on DC2 shows error. Checking in AD sites/svcs shows the same. DC3 is fine to all others except going from DC2 to DC1.
DC2 has Exchange 2007 installed, Symantec BU Exec 12 required the install of the Exchange Management Console yesterday on DC1 which hosts Backup Exec. Restarting AD Services is to no avail. Checking Logs on DC1 don't list any issues. Checking the logs on DC2 showlots of 1308 KCC errors having issues. DC1 also has had Network Policy Server installed 3 days ago.
Question by:Anthony_Rich
LVL 63

Expert Comment

ID: 22828293
RUn dcdiag and netdiag on all servers and see what shows up.

Also see if there is a Best practices analyzer for exchange and or win 2008.

I hope this helps !
LVL 15

Expert Comment

ID: 22828981
theres no BPA for win 2008 AD.... but there is for exchange.

Its likely to be a DNS issue, but if you check the directory services log on the DC thats having the issue, it will tell you what the issue is.... and if you cant interpret it, post it here...
LVL 33

Expert Comment

ID: 22831255
Please have the following reports run to provide us some better information. Also, can you paste those KCC errors here - thanks.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint

Ref: http://www.techtalkz.com/windows-server-2003/459203-ntds-kcc-1308-a.html


Accepted Solution

Anthony_Rich earned 0 total points
ID: 22863325
Okay state of play at the moment, ran DCDiag and it reported that all servers were failing replication. Restarted DNS on all servers and Active Directory services. Re built active directory sites and services. (Identical to what it was) and commenced to do manual replication between sites. Is now working. DCDiag reports minimul errors.
C:\Users\Administrator>dcdiag /test:replications
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = TCCI-SVR1
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Hobart\TCCI-SVR1
      Starting test: Connectivity
    ............... TCCI-SVR1 passed test Connectivity
Doing primary tests
   Testing server: Hobart\TCCI-SVR1
    Starting test: Replications
     .... TCCI-SVR1 passed test Replications
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : tcci
   Running enterprise tests on : tcci.local
Don't know on this one.....
LVL 63

Expert Comment

ID: 22863689
SO when you run  the DCDIAG again, does it say that it is replicating ?


Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question