<div>
Not sure why this is posted under Exchange. This is an Active Directory issue. Seems like you need to synchronize the time between your two domain controllers.
</div>


<div>
On DC2 run below command in elevated command prompt:<br />
<br />
net time \\DC1_hostname /set /y<br />
<br />
This will sync dc2 time with dc1 and then you can replicate between them<br />
<br />
On DC1, just check below article and ensure that time synchronization is appropriate across domain<br />
<a href="http://support.microsoft.com/kb/816042" rel="ugc">http://support.microsoft.com/kb/816042</a><br />
<br />
Mahesh
</div>


<div>
The error given indicates that the time difference between the two servers is greater than one minute. Make sure that NLPCPFA-DC2 is in the same time zone and that the time is the same.<br />
<br />
For the DNS error, make sure IP version 6 is enabled and that the firewall is disabled then run dcpromo again.<br />
<br />
I am assuming sever 2008.
</div>


<div>
they are both win server 2003
</div>


<div>
Have you made the necessary changes and dcpromo again. If still issue, please give errors and warnings in event viewer. And what done so far.
</div>


<div>
I have ran<br />
1.NET TIME \\TIMESRV /SET /YES<br />
2. the Event Error from DC2(With Replication Error) is given below :<br />
Event viewer<br />
<br />
&gt;&gt;Application<br />
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba). &nbsp;The RPC server is unavailable.<br />
Directory Service<br />
t has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. <br />
The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted. <br />
Time of last successful replication:<br />
2012-11-26 09:43:30 <br />
Invocation ID of source: <br />
03cdf6c8-f6b8-03cd-0100-00<wbr />0000000000<wbr /> <br />
Name of source: <br />
ee90ff2e-5950-492a-b1ef-1c<wbr />2dfe0cd56d<wbr />._msdcs.nl<wbr />pcpfa.com <br />
Tombstone lifetime (days): <br />
60 <br />
&nbsp;<br />
The replication operation has failed.<br />
&nbsp;<br />
User Action:<br />
&nbsp;<br />
Determine which of the two machines was disconnected from the forest and is now out of date. You have three options: <br />
&nbsp;<br />
1. Demote or reinstall the machine(s) that were disconnected. <br />
2. Use the &quot;repadmin /removelingeringobjects&quot; tool to remove inconsistent deleted objects and then resume replication. <br />
3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection. <br />
&nbsp;Registry Key:<br />
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\NTDS\Pa<wbr />rameters\A<wbr />llow Replication With Divergent and Corrupt Partner<br />
<br />
<br />
For more information, see Help and Support Center at <br />
<br />
DNS<br />
<br />
i.The DNS server was unable to open Active Directory. &nbsp;This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. &nbsp;Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.<br />
<br />
2.The DNS server received a bad TCP-based DNS message from 172.31.28.5. &nbsp;The packet was rejected or ignored. The event data contains the DNS packet.<br />
<br />
&gt;&gt;File Replication<br />
<br />
he File Replication Service is having trouble enabling replication from NLPCPFA-DC1 to NLPCPFA-DC2 for c:\windows\sysvol\domain using the DNS name nlpcpfa-dc1.nlpcpfa.com. FRS will keep retrying. <br />
&nbsp;Following are some of the reasons you would see this warning. <br />
&nbsp;<br />
&nbsp;[1] FRS can not correctly resolve the DNS name nlpcpfa-dc1.nlpcpfa.com from this computer. <br />
&nbsp;[2] FRS is not running on nlpcpfa-dc1.nlpcpfa.com. <br />
&nbsp;[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. <br />
&nbsp;<br />
&nbsp;This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.<br />
<br />
For more information, see Help and Support Center at
</div>


<div>
The DC2 is not replicated with DC1 since last one year<br />
<br />
You need to demote this DC forcefully with <b>dcpromo /forceremoval</b> switch and also need to clean-up server metadata from active directory<br />
<br />
Once that done you can promote server again to DC<br />
<br />
<a href="http://www.petri.co.il/delete_failed_dcs_from_ad.htm" rel="ugc">http://www.petri.co.il/delete_failed_dcs_from_ad.htm</a><br />
<a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff531e4f-4034-4770-bf0a-46c854884724/repromote-dc-with-same-name-after-dcpromo-forceremoval" rel="ugc nofollow">http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff531e4f-4034-4770-bf0a-46c854884724/repromote-dc-with-same-name-after-dcpromo-forceremoval</a><br />
<br />
Mahesh
</div>


<div>
Refer<br />
<a href="http://blogs.technet.com/b/essentialbusinessserver/archive/2009/04/02/active-directory-replication-problems-solved-with-preparation-wizard.aspx" rel="ugc">http://blogs.technet.com/b/essentialbusinessserver/archive/2009/04/02/active-directory-replication-problems-solved-with-preparation-wizard.aspx</a>
</div>


<div>
i am trying to promote the server back as &nbsp;DC2 using the configure your &nbsp;wizard but it came back with an error that the server already exit. On checking the DC1 i found out that the DC is still listed under Domain Controllers in Active Directory; attempt to 'physically' delete the server (DC2) failed. The failure reports are attached.<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w11/839476/ErrorII.bmp" target="_blank" class="file-inline" title="Error while Deleting The second Domain Controller(DC2) server from AD (1.3 MB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ErrorII.bmp</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w11/839477/Error.bmp" target="_blank" class="file-inline" title="Prompt at Deleting The second Domain Controller(DC2) server from AD. This after clicking on reset to allow deletion (403 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Error.bmp</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w11/839492/DC2-AD-Promotion-Error.png" target="_blank" class="file-inline" title="Error while using Wizard to Promote DC2 to SDC (47 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>DC2-AD-Promotion-Error.png</a>
</div>


Error while Deleting The second Domain Controller(DC2) server from AD

ErrorII.bmp

Prompt at Deleting The second Domain Controller(DC2) server from AD. This after clicking on reset to allow deletion

Error.bmp

Error while using Wizard to Promote DC2 to SDC

DC2-AD-Promotion-Error.png

<div>
Have you already removed \ demoted server DC2 from domain ?<br />
<br />
You need to select last option in wizard (This domain controller is permanently offline) if you want to use wizard<br />
<br />
OR<br />
<br />
You can use dcpromo /forceremoval, then you must clear DC2 metadata with ntdsutil <br />
<br />
The steps are already outlined in my earlier comment articles<br />
<br />
Once you removed metadata and clear all old records , then you can promote it again to ADC<br />
<br />
Mahesh
</div>


<div>
Yes, I have done that.. but it appears no smooth. i am getting this error while using &nbsp;the wizard to promo the DC2 back<br />
<br />
The operation failed because:<br />
<br />
The attempt to join this computer to the nlpcpfa.com domain failed.<br />
<br />
&quot;The specified user already exists.&quot;
</div>


<div>
I finally reset the system and delete &nbsp;from Domain Controller container. Thereafter &nbsp;use the Wizard to promote the second server to domain controller.
</div>


<div>
<div class="content wysiwyg-content">
I have this timimg and Dns issue &nbsp;issue for AD diagnostic<br />
<br />
<br />
omain Controller Diagnosis<br />
<br />
Performing initial setup:<br />
&nbsp; &nbsp;* Verifying that the local machine nlpcpfa-dc1, is a DC. <br />
&nbsp; &nbsp;* Connecting to directory service on server nlpcpfa-dc1.<br />
&nbsp; &nbsp;* Collecting site info.<br />
&nbsp; &nbsp;* Identifying all servers.<br />
&nbsp; &nbsp;* Identifying all NC cross-refs.<br />
&nbsp; &nbsp;* Found 2 DC(s). Testing 2 of them.<br />
&nbsp; &nbsp;Done gathering initial info.<br />
<br />
Doing initial required tests<br />
&nbsp; &nbsp;<br />
&nbsp; &nbsp;Testing server: nlpcpfa\NLPCPFA-DC2<br />
&nbsp; &nbsp; &nbsp; Starting test: Connectivity<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;* Active Directory LDAP Services Check<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;[NLPCPFA-DC2] LDAP bind failed with error 8341,<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;A directory service error has occurred..<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;The clock difference between the home server NLPCPFA-DC1 and target<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;server NLPCPFA-DC2 is greater than one minute. This may cause Kerberos<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;authentication failures. Please check that the time service is working<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;properly. You may need to resynchonize the time between these servers.<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;......................... NLPCPFA-DC2 failed test Connectivity<br />
&nbsp; &nbsp;<br />
&nbsp; &nbsp;Testing server: nlpcpfa\NLPCPFA-DC1<br />
&nbsp; &nbsp; &nbsp; Starting test: Connectivity<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;* Active Directory LDAP Services Check<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;* Active Directory RPC Services Check<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;......................... NLPCPFA-DC1 passed test Connectivity<br />
<br />
<br />
AND Also <br />
Summary of DNS test results:<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Auth Basc Forw Del &nbsp;Dyn &nbsp;RReg Ext &nbsp;<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;__________________________<wbr />__________<wbr />__________<wbr />__________<wbr />________<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Domain: nlpcpfa.com<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nlpcpfa-dc2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PASS FAIL n/a &nbsp;n/a &nbsp;n/a &nbsp;n/a &nbsp;n/a &nbsp;<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nlpcpfa-dc1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PASS PASS FAIL PASS PASS PASS n/a
</div>
</div>


I have this timimg and Dns issue  issue for AD diagnostic


omain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine nlpcpfa-dc1, is a DC. 
   * Connecting to directory service on server nlpcpfa-dc1.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 2 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: nlpcpfa\NLPCPFA-DC2
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         [NLPCPFA-DC2] LDAP bind failed with error 8341,
         A directory service error has occurred..
         The clock difference between the home server NLPCPFA-DC1 and target

         server NLPCPFA-DC2 is greater than one minute. This may cause Kerberos

         authentication failures. Please check that the time service is working

         properly. You may need to resynchonize the time between these servers.

         ......................... NLPCPFA-DC2 failed test Connectivity
   
   Testing server: nlpcpfa\NLPCPFA-DC1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... NLPCPFA-DC1 passed test Connectivity


AND Also 
Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: nlpcpfa.com
               nlpcpfa-dc2                  PASS FAIL n/a  n/a  n/a  n/a  n/a  
               nlpcpfa-dc1                  PASS PASS FAIL PASS PASS PASS n/a

AD Repication Problem

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.