Active Directory replication gone bad. Really bad

Hi Experts

I've gone in deep with a DC not replicating, for a global organization. In HQ they have 4 DCs and approximately another 50 world-wide, som in root and others in subdomains.

The problem DC is DC3
The thing is that one 2008 SP2 (was SP1 when problems started) will not replicate in. Changes made on that server replicates out, but changes on other DCs are not replicating in to this server.
Changes made on DC3 are replicating to other DC

We've tried repadmin to look for lingering objects, none found.
we had some time issues, fixed now - all DCs are syncing with DC4 (Which is PDC) and DC4 is syncing with external source.

So to some of the error messages.

Event 1481 - ActiveDirectory_DomainServices
Additional Data
Error value:
1 00002074: AtrErr: DSID-03120527, #1:
      0: 00002074: DSID-03120527, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 907ab (msDS-SupportedEncryptionTypes)


and this

Internal error: The operation on the object failed.
 
Additional Data
Error value:
2 000020EF: NameErr: DSID-03250105, problem 2001 (NO_OBJECT), data -1603, best match of:

and this

Internal error: The operation on the object failed.
 
Additional Data
Error value:
2 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data 0, best match of:
      ''
and this

Internal error: The operation on the object failed.
 
Additional Data
Error value:
4 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

All Event 1481


Here's Event ID 1173 (every 18th sec)

Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
 
Exception:
e0010004
Parameter:
0
 
Additional Data
Error value:
-1603
Internal ID:
205036b

and this

 
Exception:
e0010002
Parameter:
210c
 
Additional Data
Error value:
8442
Internal ID:
1080d1a



In AD Object for domain controller - msDS-SupportedEncryptionTypes is set to 31

The thing is that DC2 is working.
DC2 is same OS as DC3 (Windows 2008 SP2) and that one also have msDS-SupportedEncryptionTypes set to 31

We've tried restarted KDC service on all domain controllers

repadmin /replsum gives this for DC3  (2148074306) The encryption type requested is not supported by the KDC.
LVL 22
Jakob DigranesSenior ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jakob DigranesSenior ConsultantAuthor Commented:
No --- but there's no solution in this. Trust me --- rebooted several times :)
0
it_saigeDeveloperCommented:
Could you post a DCDIAG?  One from DC3 and another from DC2.

-saige-
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you have this many issues with DC3, I personally would be demoting it, do a fresh install and then re-promote this DC into your environment.

The longer you have a DC like this in your environment the more issues it is going to create.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jakob DigranesSenior ConsultantAuthor Commented:
demote promote --- fixed for now. Will have to see if this problem arise again later on
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.