Link to home
Start Free TrialLog in
Avatar of jpletcher1
jpletcher1Flag for United States of America

asked on

Active Directory DC out of sync after hard drive failure

Had a hard drive fail in one of our remote DC servers.  It was a mirrored config, and one drive went bad two months ago, then the other today.  Then it rebooted itself and booted from the one that went bad two months ago, so all the AD info is out of date and it cannot communicate with all the other DCs.  I get Event ID 4 Errors like this on the good DCs:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/SERVERNAME.  The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAINNAME), and the client realm.   Please contact your system administrator.

I'm not sure if at this point I should remove this DC out of AD, get new drive and rebuld from scratch, then set it up as a DC again?  If I do, what steps do I use to pull it out and when I reinstall, should I use the same name?  
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Venkat Suresh
Venkat Suresh
Flag of United States of America image
You need to check 2 possible options... First try to ping using UNC path C:\start \\DC1, if this get resolves then DC is fine. Thne just remove lingering opbjects using following KB link. That will fix the issue. If not fix the broken secure channel and download resource kit tools from microsoft site and use Kerbtray to purge Kerbaros tickets.

Fix Secure Channle: Stop and disable KDC from services.msc. use netdom to fix secure channel (netdom resetpwd /server:DC_name /userd:Domain\admin /passwordd:admin_pwd). Now recheck UNC path access and reboot the server, now start KDC service.

LingeringObjects Link:
http://support.microsoft.com/kb/870695
ASKER CERTIFIED SOLUTION
Avatar of Sandesh Dubey
Sandesh Dubey
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jpletcher1
jpletcher1
Flag of United States of America image

ASKER

Thanks.  i actually called MS on this one and we are basically doing these things listed above.  It was over 60 days out of date, so it was tombstoned.  

zenvenky - thanks for your comments too.  If not tombstoned then this might have worked.