بروز خطا در AD Replication
سلام من تو شبکم Additional DC دارم ولی حالا یه مدت سرور ادیشنال خاموش بود تازگی روشن کردم و خواستم دستی رپلیکیت کنم خطا میده ممنون میشم راهنمایی کنید
البته پسورد سرور اصلیه هم عوض کردم
---------------------------
Replicate Now
---------------------------
The following error occurred during the attempt to synchronize naming context CN=Configuration,DC=kdet,DC=local from Domain Controller OFFICE-SERVER to Domain Controller ADDITIONAL-DOMA:
The target principal name is incorrect.
This operation will not continue.
---------------------------
OK
---------------------------
4 پاسخ
سلام هر2سرور پینگ همو دارن
dns هم درست ست کردم.
فایروال و ساعت هم درسته
خروجی Primary:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>repadmin /syncall
CALLBACK MESSAGE: The following replication is in progress:
From: f1c1c978-1852-41b5-969e-a1d31b39126f._msdcs.kurdvet.local
To : b8b0f7c5-f970-4e48-b5d8-3312d01a9589._msdcs.kurdvet.local
CALLBACK MESSAGE: The following replication completed successfully:
From: f1c1c978-1852-41b5-969e-a1d31b39126f._msdcs.kurdvet.local
To : b8b0f7c5-f970-4e48-b5d8-3312d01a9589._msdcs.kurdvet.local
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = office-server
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\OFFICE-SERVER
Starting test: Connectivity
......................... OFFICE-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\OFFICE-SERVER
Starting test: Advertising
......................... OFFICE-SERVER passed test Advertising
Starting test: FrsEvent
......................... OFFICE-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... OFFICE-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... OFFICE-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... OFFICE-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... OFFICE-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... OFFICE-SERVER passed test MachineAccount
Starting test: NCSecDesc
......................... OFFICE-SERVER passed test NCSecDesc
Starting test: NetLogons
......................... OFFICE-SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... OFFICE-SERVER passed test ObjectsReplicated
Starting test: Replications
......................... OFFICE-SERVER passed test Replications
Starting test: RidManager
......................... OFFICE-SERVER passed test RidManager
Starting test: Services
......................... OFFICE-SERVER passed test Services
Starting test: SystemLog
......................... OFFICE-SERVER passed test SystemLog
Starting test: VerifyReferences
......................... OFFICE-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : kurdvet
Starting test: CheckSDRefDom
......................... kurdvet passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... kurdvet passed test CrossRefValidation
Running enterprise tests on : kurdvet.local
Starting test: LocatorCheck
......................... kurdvet.local passed test LocatorCheck
Starting test: Intersite
......................... kurdvet.local passed test Intersite
C:\Users\Administrator>
خروجی ادیشنال:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\ad.domain>repadmin /syncall
CALLBACK MESSAGE: Error contacting server b8b0f7c5-f970-4e48-b5d8-3312d01a9589._
msdcs.kurdvet.local (network error): -2146893022 (0x80090322):
The target principal name is incorrect.
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error contacting server b8b0f7c5-f970-4e48-b5d8-3312d01a9589._msdcs.kurdvet.loca
l (network error): -2146893022 (0x80090322):
The target principal name is incorrect.
C:\Users\ad.domain>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = additional-domain
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ADDITIONAL-DOMA
Starting test: Connectivity
......................... ADDITIONAL-DOMA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ADDITIONAL-DOMA
Starting test: Advertising
......................... ADDITIONAL-DOMA passed test Advertising
Starting test: FrsEvent
......................... ADDITIONAL-DOMA passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADDITIONAL-DOMA failed test DFSREvent
Starting test: SysVolCheck
......................... ADDITIONAL-DOMA passed test SysVolCheck
Starting test: KccEvent
......................... ADDITIONAL-DOMA passed test KccEvent
Starting test: KnowsOfRoleHolders
[OFFICE-SERVER] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: OFFICE-SERVER is the Schema Owner, but is not responding to
DS RPC Bind.
[OFFICE-SERVER] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: OFFICE-SERVER is the Schema Owner, but is not responding to
LDAP Bind.
Warning: OFFICE-SERVER is the Domain Owner, but is not responding to
DS RPC Bind.
Warning: OFFICE-SERVER is the Domain Owner, but is not responding to
LDAP Bind.
Warning: OFFICE-SERVER is the PDC Owner, but is not responding to DS
RPC Bind.
Warning: OFFICE-SERVER is the PDC Owner, but is not responding to LDAP
Bind.
Warning: OFFICE-SERVER is the Rid Owner, but is not responding to DS
RPC Bind.
Warning: OFFICE-SERVER is the Rid Owner, but is not responding to LDAP
Bind.
Warning: OFFICE-SERVER is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: OFFICE-SERVER is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... ADDITIONAL-DOMA failed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADDITIONAL-DOMA passed test MachineAccount
Starting test: NCSecDesc
......................... ADDITIONAL-DOMA passed test NCSecDesc
Starting test: NetLogons
[ADDITIONAL-DOMA] User credentials does not have permission to perform
this operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... ADDITIONAL-DOMA failed test NetLogons
Starting test: ObjectsReplicated
......................... ADDITIONAL-DOMA passed test
ObjectsReplicated
Starting test: Replications
[Replications Check,ADDITIONAL-DOMA] A recent replication attempt
failed:
From OFFICE-SERVER to ADDITIONAL-DOMA
Naming Context: DC=ForestDnsZones,DC=kurdvet,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2019-05-07 09:22:41.
The last success occurred at 2019-01-17 09:23:53.
498 failures have occurred since the last success.
[Replications Check,ADDITIONAL-DOMA] A recent replication attempt
failed:
From OFFICE-SERVER to ADDITIONAL-DOMA
Naming Context: DC=DomainDnsZones,DC=kurdvet,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2019-05-07 09:22:41.
The last success occurred at 2019-01-17 09:23:53.
498 failures have occurred since the last success.
[Replications Check,ADDITIONAL-DOMA] A recent replication attempt
failed:
From OFFICE-SERVER to ADDITIONAL-DOMA
Naming Context: CN=Schema,CN=Configuration,DC=kurdvet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-05-07 09:22:41.
The last success occurred at 2019-01-17 09:23:53.
498 failures have occurred since the last success.
[Replications Check,ADDITIONAL-DOMA] A recent replication attempt
failed:
From OFFICE-SERVER to ADDITIONAL-DOMA
Naming Context: CN=Configuration,DC=kurdvet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-05-07 09:22:41.
The last success occurred at 2019-01-17 09:23:53.
502 failures have occurred since the last success.
[Replications Check,ADDITIONAL-DOMA] A recent replication attempt
failed:
From OFFICE-SERVER to ADDITIONAL-DOMA
Naming Context: DC=kurdvet,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2019-05-07 09:22:41.
The last success occurred at 2019-01-17 09:38:32.
503 failures have occurred since the last success.
......................... ADDITIONAL-DOMA failed test Replications
Starting test: RidManager
......................... ADDITIONAL-DOMA failed test RidManager
Starting test: Services
Could not open NTDS Service on ADDITIONAL-DOMA, error 0x5
"Access is denied."
......................... ADDITIONAL-DOMA failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 05072019 09:22:41
Event String:
The Kerberos client received a KRBAPERR_MODIFIED error from the se
rver office-server$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DC
D2b8b0f7c5-f970-4e48-b5d8-3312d01a9589kurdvet.local@kurdvet.local. This indica
tes that the target server failed to decrypt the ticket provided by the client.
This can occur when the target server principal name (SPN) is registered on an a
ccount other than the account the target service is using. Ensure that the targe
t SPN is only registered on the account used by the server. This error can also
happen if the target service account password is different than what is configur
ed on the Kerberos Key Distribution Center for that target service. Ensure that
the service on the server and the KDC are both configured to use the same passwo
rd. If the server name is not fully qualified, and the target domain (KURDVET.LO
CAL) is different from the client domain (KURDVET.LOCAL), check if there are ide
ntically named server accounts in these two domains, or use the fully-qualified
name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05072019 09:39:49
Event String:
The Kerberos client received a KRBAPERR_MODIFIED error from the se
rver office-server$. The target name used was DNS/office-server.kurdvet.local. T
his indicates that the target server failed to decrypt the ticket provided by th
e client. This can occur when the target server principal name (SPN) is register
ed on an account other than the account the target service is using. Ensure that
the target SPN is only registered on the account used by the server. This error
can also happen if the target service account password is different than what i
s configured on the Kerberos Key Distribution Center for that target service. En
sure that the service on the server and the KDC are both configured to use the s
ame password. If the server name is not fully qualified, and the target domain (
KURDVET.LOCAL) is different from the client domain (KURDVET.LOCAL), check if the
re are identically named server accounts in these two domains, or use the fully-
qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05072019 09:57:28
Event String:
The Kerberos client received a KRBAPERR_MODIFIED error from the se
rver office-server$. The target name used was ldap/office-server.kurdvet.local.
This indicates that the target server failed to decrypt the ticket provided by t
he client. This can occur when the target server principal name (SPN) is registe
red on an account other than the account the target service is using. Ensure tha
t the target SPN is only registered on the account used by the server. This erro
r can also happen if the target service account password is different than what
is configured on the Kerberos Key Distribution Center for that target service. E
nsure that the service on the server and the KDC are both configured to use the
same password. If the server name is not fully qualified, and the target domain
(KURDVET.LOCAL) is different from the client domain (KURDVET.LOCAL), check if th
ere are identically named server accounts in these two domains, or use the fully
-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 05072019 10:00:31
Event String:
The Kerberos client received a KRBAPERR_MODIFIED error from the se
rver office-server$. The target name used was LDAP/b8b0f7c5-f970-4e48-b5d8-3312d
01a9589._msdcs.kurdvet.local. This indicates that the target server failed to de
crypt the ticket provided by the client. This can occur when the target server p
rincipal name (SPN) is registered on an account other than the account the targe
t service is using. Ensure that the target SPN is only registered on the account
used by the server. This error can also happen if the target service account pa
ssword is different than what is configured on the Kerberos Key Distribution Cen
ter for that target service. Ensure that the service on the server and the KDC a
re both configured to use the same password. If the server name is not fully qua
lified, and the target domain (KURDVET.LOCAL) is different from the client domai
n (KURDVET.LOCAL), check if there are identically named server accounts in these
two domains, or use the fully-qualified name to identify the server.
......................... ADDITIONAL-DOMA failed test SystemLog
Starting test: VerifyReferences
......................... ADDITIONAL-DOMA passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : kurdvet
Starting test: CheckSDRefDom
......................... kurdvet passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... kurdvet passed test CrossRefValidation
Running enterprise tests on : kurdvet.local
Starting test: LocatorCheck
......................... kurdvet.local passed test LocatorCheck
Starting test: Intersite
......................... kurdvet.local passed test Intersite
C:\Users\ad.domain>
سلام دوست عزیز ، خوشحالم از اینکه مشکلتون برطرف شده. ممنون میشم اگه بفرمایید چجوری مشکل برطرف شد اینجوری سایر دوستان هم اگه به این مشکل برخوردن میتونن از این مطلب استفاده کنن. سپاسگذارم
سلام مهندس با یک بار ریستارت حل نشد ولی 2بار ریستارت کردم حل شد
ممنون از کمک جنابعالی
سلام ، از Additional DC به Primary DC میتونید Replicate کنید ؟
هر دو DC میتونن همدیگرو Ping کنند ؟
DNS اول (Preferred DNS Server) هر یک از DC ها به DC بعدی اشاره می کنه و آدرس Alternate DNS Server هر یک از DC ها روی 127.0.0.1 تنظیم شده ؟
ساعت و تاریخ و منطقه زمانی هر دو DC با هم یکی هست ؟
فایروال هر دو DC رو خاموش کنید و مجددا تست کنید.
خروجی دستورات زیر رو در قالب کد ( لطفا کلید های Ctrl+K رو بزنید ) اینجا ارسال کنید :
repadmin /syncall
dcdiag
روی هر دو DC این دستورات رو اجرا کنید و خروجی رو اینجا بزارید.