Replication issue

Our Domain controller seems to have some replication issues.

I've inherited this domain & my daily work with windows domains is very limited.

We have one DC & the rest are showing as Global Catalogs.

For some reason the DC itself has 2 names in the active directory (1. "Backup" - this is the real "computer name" & it's listed as DC on the active directory. 2. "DC" - I'm not sure where this name is configured on the server itself but if you look at our DNS server this name is marked as "Static". this name is listed as a GC at the AD).

If I ran the command repadmin /showrepl at any of the GCs you get this message regarding this "DC": "The target principal name is incorrect".

Please help
1.JPG
2.JPG
meirgilAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
how you figure out that there is only single DC with two hostnames?

DC cannot have two hostnames

You must be having DC named as "backup" which is tomb stoned long ago and now you simply need to cleanup metadata for same

Can you run "repadmin /showrepl" from elevated command prompt on your PDC master server and post back complete results, not partial screen shot
0
Jose Gabriel Ortega CastroCEOCommented:
This contains more than 3 years that aren't talking to each other,
I'm pretty sure that they've lost the trust relationship between each other,
the solution will be to get one as "main" , regain the roles (if required), and re-deploy all the rest.
Since they are just doing validation locally and they aren't sharing anything for 3 years from now.
0
meirgilAuthor Commented:
Thanks guys! My knowledge in AD is limited & I'm very happy to receive your help!

Here is the printout of the PDC to this same command (repadmin /showrepl)
PDC-Showrepl-printout.txt
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

meirgilAuthor Commented:
I also attach the dns record from that pdc showing both names under the same server.
dns-records-on-pdc.jpg
0
MaheshArchitectCommented:
it seems that server05 and DCyard have serious issues, probably DCYARD I already out of network and you need metadata cleanup of that server object
also same issue with server05
to confirm issue further, from PDC master server run "dcdiag /v" and post complete output here
0
meirgilAuthor Commented:
Thanks Mahesh,

The SERVER05 was a virtual server that was turned off for a long time & when the problems started we turned it back on to see if there was more information there. I believe it's required to be on, as apart from Backup/DC (the PDC) on this same network (network 10) there's only the MAIL server as a GC & from what I remember there should be at least 2 non mail servers as GC/DC on the same network (SERVER05 is also on network 10).

Sorry if this is confusing.

I attach the printout of the dcdiag,

A big thank you in advance!
dcdiag-printout.txt
0
meirgilAuthor Commented:
DCYARD is on a different network (network 16)

BACKUP\DC is the only server that sees SERVER05 as a GC under domain controllers, all other GCs don't list it under domain controllers.

Also it seems all the other GCs replicate between them (except for this newly introduced SERVER05..) - this is why I believed the issue is with BACKUP/DC (the PDC) - it's the only one that doesn't update changes we put in the AD..
0
meirgilAuthor Commented:
And all other GCs say the same thing about "BACKUP" & "DC" with the repadmin /showrepl command - they all say something about "The target principal name is incorrect" regarding "DC" & "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime" regarding "BACKUP"..
0
MaheshArchitectCommented:
you should not take server online which is turned off for long period, this is very true in case of domain controllers

I suggest that turn off server05 permanently, remove its metadata from AD and then check how replication is going on.

Also it seems that DC named "backup" is not your PDC server and also not an GC
Can you check output of 'netdom query fsmo" command on all alive servers and post back results here, does output is same on all servers or it is different? the output of this commands will decide next Couse of actions
For me it seems that dcyard, server05 are tombstoned DCs and "backup" is not GC and don't own FSMO roles

The issue of target principal name is different issue and you can reset domain controller account where you face this issue but before that you need to remove servers which you have turned on after long period
Also what about server02 ?

Mahesh.
0
meirgilAuthor Commented:
I attach the printout for SERVER02, SERVER05, MAIL & BACUP/DC - all on the same network 10.

SERVER02 seems to be syncing well with the others (a computer name created on DCYARD for example would update both in MAIL & in SERVER02 just not on BACKUP/DC & the zombie SERVER05).

I'll upload the printout for DCYARD (which is on network 16) tomorrow morning (don't have access to it now).

Thanks!
MAIL---fsmo-printout.txt
SERVER02---fsmo-printout.txt
PDC-BAKUP-DC---fsmo-printout.txt
SERVER05---fsmo-printout.txt
0
MaheshArchitectCommented:
Server5 getting target. Principle incorrect issue
Mail is your pdc server and having most of fsmo roles
Actually I suggest that remove server5 and do metadata cleanup
Then move your infrastructure master server role on "mail" dc and demote "backup" dc as it's not able to replicate with others due to lingering objects, also remove any metadata left
Try demotion of servers normally by running dc promo, if fails run dcpromo /forceremoval command and then do metadata cleanup
U will get articles on Google about dc metadata cleanup
Then check ad Heath again and Later on u can build new dc servers if required
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
meirgilAuthor Commented:
Can a mail server running Exchange (the server named MAIL) be promoted to be a PDC? I thought that's something you shouldn't do no?
0
MaheshArchitectCommented:
yes, that's right but that is not an problem at this point of time....?
0
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Mahesh (https:#a42463189)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.