We have a client with 3 DCs. AD1 is W2003, AD2 and AD3 are W2008. Replication works fine between AD1 and AD3. AD2 never updates. When I attempt to replicate from AD1 using Active Directory Sites and Services, I receive an error. It reads: "Title Bar:Replicate Now. Window: The following error occurred during the attempt to contact the Domain Controller AD2: Access is denied." I don't see anything that corresponds to the same time in the Event Viewer. Under the system log, there are
numerous Source: GroupPolicy Event ID 1006 errors that read: "The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. " The error code and description in the details tab is ErrorCode 82 and ErrorDescription Local Error.
There are also many Security-Kerberos Event ID 4 errors that read: "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the serversrv-ad0 $. The target name used was LDAP/srv-ad02. company. local/company.local. This indicates that the target server failed to decrypt the ticket provided by the client.
This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the
KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (company.LOCAL) is different from the client domain (company.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server."
I would love to have someone point me in the right direction.
DC Replication - 2003 and 2008!
3 posts • Page 1 of 1
DC Replication - 2003 and 2008!
by grestone » December 17th, 2009, 1:49 pm
- grestone
- Posts: 41
- Joined: July 15th, 2009, 10:42 pm
Re: DC Replication - 2003 and 2008!
by boris » December 17th, 2009, 1:50 pm
Just to make sure it isn't something simple, the time isn't off on your AD2 server is it?
- boris
- Posts: 91
- Joined: June 16th, 2009, 11:47 pm
Re: DC Replication - 2003 and 2008!
by boris » December 17th, 2009, 1:51 pm
i.e are the clocks synchronized?
- boris
- Posts: 91
- Joined: June 16th, 2009, 11:47 pm
3 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest