I have a domain separated into four sites. In one of my remote sites, I have promoted a new DC and will be decommissioning the existing DC in a few weeks. I didn't receive any errors when I did the dcpromo but I had to delay rebooting the server after the promotion for a few days.
After the reboot, it appears there are some serious problems on this new DC:
The directory service log is full of events 1864
This directory server has not recently received replication information from a number of directory servers.
This directory partition has not been backed up since at least the following number of days.
The remote server which is the owner of a FSMO role is not responding. This server has not replicated with the FSMO role owner recently.
The system log contains many events 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Info from the details tab is as follows:
ErrorDescription Invalid Credentials
As well as error 4:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server kelethdc01$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2firstname.lastname@example.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.COM) is different from the client domain (DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.), and error 5782 (Dynamic registration or deregistration of one or more DNS records failed with the following error: TCP/IP network protocol not installed.
Can anyone suggest what might have happened here, and how to correct?