Replication issue

Our Domain controller seems to have some replication issues.

I've inherited this domain & my daily work with windows domains is very limited.

We have one DC & the rest are showing as Global Catalogs.

For some reason the DC itself has 2 names in the active directory (1. "Backup" - this is the real "computer name" & it's listed as DC on the active directory. 2. "DC" - I'm not sure where this name is configured on the server itself but if you look at our DNS server this name is marked as "Static". this name is listed as a GC at the AD).

If I ran the command repadmin /showrepl at any of the GCs you get this message regarding this "DC": "The target principal name is incorrect".

Please help
Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
Server5 getting target. Principle incorrect issue
Mail is your pdc server and having most of fsmo roles
Actually I suggest that remove server5 and do metadata cleanup
Then move your infrastructure master server role on "mail" dc and demote "backup" dc as it's not able to replicate with others due to lingering objects, also remove any metadata left
Try demotion of servers normally by running dc promo, if fails run dcpromo /forceremoval command and then do metadata cleanup
U will get articles on Google about dc metadata cleanup
Then check ad Heath again and Later on u can build new dc servers if required
how you figure out that there is only single DC with two hostnames?

DC cannot have two hostnames

You must be having DC named as "backup" which is tomb stoned long ago and now you simply need to cleanup metadata for same

Can you run "repadmin /showrepl" from elevated command prompt on your PDC master server and post back complete results, not partial screen shot
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
This contains more than 3 years that aren't talking to each other,
I'm pretty sure that they've lost the trust relationship between each other,
the solution will be to get one as "main" , regain the roles (if required), and re-deploy all the rest.
Since they are just doing validation locally and they aren't sharing anything for 3 years from now.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

meirgilAuthor Commented:
Thanks guys! My knowledge in AD is limited & I'm very happy to receive your help!

Here is the printout of the PDC to this same command (repadmin /showrepl)
meirgilAuthor Commented:
I also attach the dns record from that pdc showing both names under the same server.
it seems that server05 and DCyard have serious issues, probably DCYARD I already out of network and you need metadata cleanup of that server object
also same issue with server05
to confirm issue further, from PDC master server run "dcdiag /v" and post complete output here
meirgilAuthor Commented:
Thanks Mahesh,

The SERVER05 was a virtual server that was turned off for a long time & when the problems started we turned it back on to see if there was more information there. I believe it's required to be on, as apart from Backup/DC (the PDC) on this same network (network 10) there's only the MAIL server as a GC & from what I remember there should be at least 2 non mail servers as GC/DC on the same network (SERVER05 is also on network 10).

Sorry if this is confusing.

I attach the printout of the dcdiag,

A big thank you in advance!
meirgilAuthor Commented:
DCYARD is on a different network (network 16)

BACKUP\DC is the only server that sees SERVER05 as a GC under domain controllers, all other GCs don't list it under domain controllers.

Also it seems all the other GCs replicate between them (except for this newly introduced SERVER05..) - this is why I believed the issue is with BACKUP/DC (the PDC) - it's the only one that doesn't update changes we put in the AD..
meirgilAuthor Commented:
And all other GCs say the same thing about "BACKUP" & "DC" with the repadmin /showrepl command - they all say something about "The target principal name is incorrect" regarding "DC" & "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime" regarding "BACKUP"..
you should not take server online which is turned off for long period, this is very true in case of domain controllers

I suggest that turn off server05 permanently, remove its metadata from AD and then check how replication is going on.

Also it seems that DC named "backup" is not your PDC server and also not an GC
Can you check output of 'netdom query fsmo" command on all alive servers and post back results here, does output is same on all servers or it is different? the output of this commands will decide next Couse of actions
For me it seems that dcyard, server05 are tombstoned DCs and "backup" is not GC and don't own FSMO roles

The issue of target principal name is different issue and you can reset domain controller account where you face this issue but before that you need to remove servers which you have turned on after long period
Also what about server02 ?

meirgilAuthor Commented:
I attach the printout for SERVER02, SERVER05, MAIL & BACUP/DC - all on the same network 10.

SERVER02 seems to be syncing well with the others (a computer name created on DCYARD for example would update both in MAIL & in SERVER02 just not on BACKUP/DC & the zombie SERVER05).

I'll upload the printout for DCYARD (which is on network 16) tomorrow morning (don't have access to it now).

meirgilAuthor Commented:
Can a mail server running Exchange (the server named MAIL) be promoted to be a PDC? I thought that's something you shouldn't do no?
yes, that's right but that is not an problem at this point of time....?
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Mahesh (https:#a42463189)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.