Home > IT Answers > Microsoft Windows > AD Replication problem
BB11MAI
0 pts.
 AD Replication problem
Microsoft Windows
Hi, Any idea of the following error ? I demoted an old server and turned it off and then promoted a new server with the same name/IP as the original in SITE1. Error message in popping up on a DC in SITE2. The GUID (below) belong to the server which is turned off. Intersite replication in SITE1 seems to work OK. Any help appreciated. Rgds Bab Event Type: Error Event Source: NTDS Replication Event Category: DS RPC Client Event ID: 1411 Date: 10/10/2006 Time: 10:16:10 AM User: NT AUTHORITYANONYMOUS LOGON Computer: MASTER Description: Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. Domain controller: be787d0a-ee7e-5f5e-4585-3e247cb4ccaa._msdcs.b.local The call was denied. Communication with this domain controller might be affected. Additional Data Error value: 8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Software/Hardware used:
ASKED: October 11, 2006  10:40 AM
UPDATED: October 13, 2006  10:53 AM
RELATED QUESTIONS
Answer Wiki:
Yes I have a few ideas ... You cannot take a server offline and bring a new server on-line using the same name. The SID and GUID will not match in AD. You can do the following. 1. Demote the new server 2. Remove the new server from the domain. 3. Take the new server offline. 4. Reset the machine account in AD. 5. Bring the new server online. 6. Join the new server to the domain using the reset account. 7. DCPromo the machine again. Follow these steps and it should work. If not repeat 1-3 then delete the machine account. Use ADSI edit to manually remove any metadata left from the old account. Wait for replication and the contimue with steps 5-7. Let us know how it turns out. Marcola
Last Wiki Answer Submitted:  October 11, 2006  11:05 am  by  Marcola   0 pts.
All Answer Wiki Contributors:  Marcola   0 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Marcola,
Thx for your reply, but the procedure I followed almost most as you outlined. Here is the followed procedure:
1. Made the new server ready (installed W2k3, named NEWDC, joined domain)business hours.
2. Yesterday night (in off business hour) Ran DCpromo and depromoted the old server (which was named DC2).
3. Turned it off.
4. Deleted the Computer object(DC2)from AD and let 30 min for replication.
5. Now, Renamed NEWDC to DC2 and restarted.
6. Reconfigured IP setting as DC2 had and restarted.
7. Verified the DNS registration.
8. Ran DCPromo and promoted the new server
9. Verified the DNS registration of NewGUID._msdcs.b.local
10. Verified the server replication in inter and intra site replication. (Checked the USN and dateness vector)Looked OK. (still OK!)

There is NO error reported on the new server (DC2)
Hoverver on three other DCs (two intersite and one intrasite) the refered error is being reported.

My question is how can I get rid of this error being reported. How & Where I do the cleanup ?

Would be greateful if you/someone put me in the correct direction.

Babu

BB11MAI
 0 pts.
 
Spadasoe
 5,130 pts.