You can follow along here.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hey,
I have a domain where is 2 DC with Windows Server 2012 os.
Before demoting secondary DC, commands DCDIAG and REPADMIN showed that is everything ok.
After promoting the new DC with Windows Server 2019 os I see in Events that:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server plpwprod01d$. The target name used was RPCSS/plpwparys02l.contoso.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (contoso.LOCAL) is different from the client domain (contoso.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
The above error is only on DC with WS2012, not on DC with WS2019.
This is something wrong? Can I demote old primary DC(WS2012) and promote the new DC in his place?
You can follow along here.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--