We have an issue here, let me explian all happen
We have 18 branches, 21 domain controllers, the primary DC system board crashed, HP dispatched a tech to replace the board, when the server come back online fine, other DCs start to receive Kerberos error ID 4, which indecated the PDC machine password userd to encrpypt the Kerberos service ticket is different than that on the target server. The result of this is branch DC is not sync with this PDC, the replication topology is set up all branch DC sync with this PDC and vice vise. And now helpdesk start to receiving calls about user changed password at branch , but not able to access portal and Citrix farm at datacenter, unless they use old password.
What I have been done
1) use netdom resetpwd to reset this PDC password against another DC See MS KB http://support.microsoft.com/kb/325850
2) these two DC can talk each other , but the reset password fail to sync to all other DCs, since other DC only talks to the PDC which is the one changed machine password.
3) try to create a new replication set between the one can talk to PDC with other branch DCs, but it not replicate ( error " the naming context is in the process of being removed or is not replicated from the specified server)
4) ReplMon shows all replication are failing , except these two DC ( the PDC and reset password on other DC)
I am stuck here right now.
good backup of PDC before it went down.
Any advice will be very appreciated.