No announcement yet.

DC's failing to replicate across two sites.

  • Filter
  • Time
  • Show
Clear All
new posts

  • DC's failing to replicate across two sites.

    I've got 4 DC's, 2 in each site for DR purposes.
    Replication is failing from server A in subnet 1 to server B in subnet 2 with the following error:

    Event ID 1411:
    Active Directory Domain Services failed to construct a mutual authentication service principal name (SPN) for the following directory service.

    Directory service:

    The call was denied. Communication with this directory service might be affected.

    Additional Data
    Error value:
    8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.

    repadmin /showreps show 'The target principal name is incorrect'.

    I've looked at
    however, this related to Server 2003 or Server 2000, has anyone had any luck in Server 2008 or any ideas?

    I'm thinking of demoting the DC and dcpromo, What are your thoughts?

  • #2
    Re: DC's failing to replicate across two sites.

    tried dcdiag /fix ?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: DC's failing to replicate across two sites.

      So, is the inter site replication not working between any peers or the issue is only with on DC?
      What about the internal site replication?
      Csaba Papp
      MCSA+messaging, MCSE, CCNA
      Remember to give credit where credit is due and leave reputation points where appropriate


      • #4
        Re: DC's failing to replicate across two sites.


        I've tried dcdiag /fix, this had no affect unfortunately.

        The issue is replication from one DC from one site to another DC located in another site.
        Both DC's in each site can replicate fine with the DC's which are in the same site.

        I forgot to post this but these errors also occur.

        Error Event ID 1311:
        The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

        Directory partition:
        There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.

        User Action
        Perform one of the following actions:
        - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
        - Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.

        If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.

        and also warning Event ID: 1865
        The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.

        CN=Domain-Production,CN=Sites,CN=Configuration,DC=domain,DC= local

        and also getting
        Error Message "Target Principal Name is Incorrect" When Manually Replicating Data Between Domain Controllers. Not sure if KB below will help in 2008.