jpletcher1
asked on
Active Directory DC out of sync after hard drive failure
Had a hard drive fail in one of our remote DC servers. It was a mirrored config, and one drive went bad two months ago, then the other today. Then it rebooted itself and booted from the one that went bad two months ago, so all the AD info is out of date and it cannot communicate with all the other DCs. I get Event ID 4 Errors like this on the good DCs:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/SERVERNAME. The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAINNAME), and the client realm. Please contact your system administrator.
I'm not sure if at this point I should remove this DC out of AD, get new drive and rebuld from scratch, then set it up as a DC again? If I do, what steps do I use to pull it out and when I reinstall, should I use the same name?
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/SERVERNAME. The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAINNAME), and the client realm. Please contact your system administrator.
I'm not sure if at this point I should remove this DC out of AD, get new drive and rebuld from scratch, then set it up as a DC again? If I do, what steps do I use to pull it out and when I reinstall, should I use the same name?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. i actually called MS on this one and we are basically doing these things listed above. It was over 60 days out of date, so it was tombstoned.
zenvenky - thanks for your comments too. If not tombstoned then this might have worked.
zenvenky - thanks for your comments too. If not tombstoned then this might have worked.
Fix Secure Channle: Stop and disable KDC from services.msc. use netdom to fix secure channel (netdom resetpwd /server:DC_name /userd:Domain\admin /passwordd:admin_pwd). Now recheck UNC path access and reboot the server, now start KDC service.
LingeringObjects Link:
http://support.microsoft.com/kb/870695