Event IDs 1645, 1655, and 1126 on 2008 R2 DC
Posted on 2011-03-15
I have 3 DCs in a domain (see related question for more info). On my DC that holds 4 of the 5 FSMO roles, I am getting the 3 errors below in the order listed. We had an old DC that has been removed from the domain but I have verified its removal in all aspects of DNS and AD.
Event ID 1645:
Active Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.
Destination directory server:
Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server?s account data to replicate to the KDC before this directory server can be authenticated.
Event ID 1655:
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
1396 Logon Failure: The target account name is incorrect.
Event ID 1126:
Active Directory Domain Services was unable to establish a connection with the global catalog.
8430 The directory service encountered an internal failure.
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
The error messages above appear once per hour starting 15 minutes after AD DS is restarted. When I force replication using the Sites & Services snap-in, everything looks fine and I get no error messages. repladmin shows all replication completed successfully. dcdiag shows everything is OK except for the errors listed above and Event ID 1055 saying that the processing of group policy failed and Event ID 40961 saying that the Security System could not establish a secured connection with the server <name of local server>. No authentication protocol was available. The only odd thing I've encountered is that when I ping the server from itself, it returns the IPv6 address instead of the IPv4 address. I tried forcing it to return IPv4 by using the hosts file but I received the same errors after restarting AD DS.