Active Directory Replication Issues

Question

We are experiencing what appears to be replication issues with our on-premise Active Directory domain. On the RID, PDC and Infrastructure tabs on our two ADC systems, it displays the word ERROR. On the PDC, this still displays the primary controller's name. Manually attempting to sync an ADC from the PDC results in the error: The target principal name is incorrect.

Command repadmin /showreps displays error code -2146893022. Also use netdom resetpwd to reset the link password, but it did not help. I can nslookup and ping one dc from another using dc name and ip.

Any suggestions as to how can the replication links be restored or fixed?

Answer 1

Hi Carlos,

Based on the information you have provided, it appears that there may be an issue with the secure channel between the domain controllers. This can cause replication issues and prevent the domain controllers from communicating with each other.

To resolve this issue, you can try resetting the secure channel between the domain controllers using the following steps:

1. Open Command Prompt as an administrator on the domain controller that is displaying the error.
2. Type the following command and press Enter: nltest /sc_reset:<domain_name>\<domain_controller_name>
3. Wait for the command to complete and then restart the domain controller.

If the issue persists, you can also try resetting the computer account password for the domain controller using the following steps:

1. Open Command Prompt as an administrator on the domain controller that is displaying the error.
2. Type the following command and press Enter: netdom resetpwd /server:<domain_controller_name> /userd:<domain_name>\<domain_administrator> /passwordd:*
3. Wait for the command to complete and then restart the domain controller.

If neither of these steps resolves the issue, you may need to investigate further to determine the root cause of the replication issue. You can use tools such as repadmin and dcdiag to help diagnose and troubleshoot the issue.

Best regards,

Qiuyang

Answer 2

Qiuyang,

Thanks for your response and help. I executed the nltest /sc_reset command on the PDC and it failed giving a "1355 0x54b ERROR_NO_SUCH_DOMAIN". I also executed the netdom resetpwd on the PDC and it error it wasn't able to reset the password giving "The specified network name is no longer available" and the command failed.

I tried the same commands on another domain controller and the nltest /sc_reset command gave the error "1311 0x51f ERROR_NO_LOGON_SERVERS". I also executed the netdom resetpwd command on this controller and it was able to successfully reset the password, but it hasn't help with the issue.

I will run the dcdiag. We also are seeing errors with devices not finding the domain or an authentication agent for user authentication. Could DNS services or DNS objects require for authentication be missing if devices are not locating the domain on the network?

Answer 3

Hi Carlos,

Based on the errors you have provided, it seems like there may be an issue with the domain controller's ability to communicate with the domain or with the domain's DNS configuration.

Running the dcdiag command is a good next step to help diagnose the issue. This command will perform a series of tests on the domain controller's configuration and provide detailed information on any errors or warnings that are found.

Regarding your question about DNS services and objects, it is possible that missing or misconfigured DNS records could cause issues with devices locating the domain on the network. It is important to ensure that all necessary DNS records are present and correctly configured for the domain.

I recommend reviewing the results of the dcdiag command and checking the DNS configuration for the domain to help identify and resolve any issues.

Best regards,

Qiuyang