Solved

Replication Issue

Posted on 2011-02-22
11
340 Views
Last Modified: 2012-05-11
Client reports that AD replication between PDC and another DC always fails
with error "Access Denied". When forcing replication using ADSS on the DC, error
"The target principal name is incorrect"; secondly when forcing replication from
PDC console, error is "access is denied"
What needs to be check in this case & should be done to resolve?
A. Reset secure channel with the PDC may fix this issue
B. Check SPN related errors using dcdiag
C. Check DNS related errors using dcdiag
D. Check time difference between 2 domain controllers

/////////////////////////////////

I do not agree with the above to be very clear I do not know SPN related errors, also dns errors canot cause it. I believe that it is d) reason the time difference because if the time difference is not agreeing then the replication cannot be done.
0
Comment
Question by:kunalclk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 20

Accepted Solution

by:
woolnoir earned 250 total points
ID: 34950503
http://support.microsoft.com/kb/288167

followed this one ? specifically the netdom resetpwd part ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950505
Ive seen the situation as you describe above exactly on EE before, and in my environment and the link above fixed it, so its worth a look.
0
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 34950510
I would say D - when you point a PC\Client to authenticate to the BDC while it has a wrong time you will not be able to log in, thus the time difference is the culprit. After you change the time it will then allow authentication because it is now able to communicate with the PDC.


0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34950542
I would say A, reset secure channel to PDC :) Access Denied would suggest that there is problem with secure channel

Regards,
Krzysztof
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950579
Yep, A is the option which my link above fixes - give it a try and let us know.
0
 
LVL 2

Author Comment

by:kunalclk
ID: 34950596
Then why The target principal name is incorrect is the error and what is SPN error. Why the time difference cannot cause it. I have tried it on client server the same error comes acces denied.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34950597
@woolnoir: it's difficult to check because it's a test question from 290 exam :)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950599
In that case, i'd pick A :) 100%
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950601
check the link above, its from a MS knowledge-base article and those derive a lot of the Exam Q's :)
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 250 total points
ID: 34950624
In domain environment all DCs are synchronizing time with forest root PDC, so if time difference is present there is problem with PDC. So, then you know that there is another issue. DNS error would reply with different error messages like cannot contact to <domain name> or something like that.

SPN is related with user rather than DC.

Krzysztof
0
 
LVL 2

Author Closing Comment

by:kunalclk
ID: 34950687
tnx
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question