resetting domain controller password

I am getting the following error on one on my domain controllers
"The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site." I read that the problem my be the domain controller password needs reset using netdom. I do't know what the original password was because the prior sys admin left and didn't document it. can I reset to anything or does it have to match the other domain controllers in the network password?
jfhollowaySr. Systems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad GrouxSenior Manager (Wintel Engineering)Commented:
I don't believe this to be password related. It is either replication or time related.

1. Make sure that all of your domain controllers are currently accessible.
2. Make sure that your site topology is still intact, run the following from command prompt:
dcdiag /test:connectivity
repadmin /showrepl
3. If you're getting time errors in repadmin, perform the following from a command prompt on all DCs currently not replicating:
Net stop w32time
W32tm /unregister
W32tm /register
Net start w32time
jfhollowaySr. Systems AdministratorAuthor Commented:
I verified that the time is correct and repadmin /showrepl shows all tests were successful. The issue that originally caught my attention is that DNS zones aren't replicating from the DC that I made the changes on. The DC is in another site and I verified that DC having issues has a site link to the DC that I made the change on.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

jfhollowaySr. Systems AdministratorAuthor Commented:
the dcdiag /test:connectivity test came back successful as well. I am getting error 1865, 1311 and 1565 in the directory service log
Brad GrouxSenior Manager (Wintel Engineering)Commented:
I too believe that this is a replication issue.

Do you have manual connection objects setup? If so, I'd go ahead and delete those and let the KCC regenerate them automatically as needed... You are Not Smarter than the KCC is a great resource.
Chad FranksSenior System EngineerCommented:
I believe its probably an AD replication issue.  Have you confirmed the DC's can communicate with each other?  1865, 1311 are all DRS errors.

This question has been answered on EE before.  Please look at this link:

user talks about using  etc..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jfhollowaySr. Systems AdministratorAuthor Commented:
The odd thing is that everything else appears to be replicating. I removed a server from sites and services and the removal replicated quickly. I removed and added user accounts in ADUC and they replicated. The problem seems to be isolated to DNS replication. The zones aren't replicating correctly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.