Error Message "Target Principal Name is Incorrect" When Manually Replicating Data Between Domain Controllers
Event Category: NoneEvent ID: 3210
User: N/AEvent Description:
Failed to authenticate with \\DOMAINDC, a Windows NT domain controller fordomain DOMAIN.
Event ID: 5722
Event Category: NoneUser: N/AEvent Description:
The session setup from the computer 1 failed to authenticate. The name of the account referenced in the security database is 2. The following error occurred: n3
- Install the Netdom.exe utility from Windows 2000 Support Tools, and then run the following command:netdom query fsmo
- Start the Active Directory Users and Computers snap-in, right-click the domain, and then click Operations Masters. Click the PDC tab; the current role holder is displayed in the Operations Master window. On this tab, you can change the operations master role to the current computer in the second window (if this computer is not the current holder).
- Use the Ntdsutil.exe utility (that is included in Windows 2000), and the Resource Kit command-line utility. However, these interfaces are recommended for more advanced users.
- Click Start, point to Programs, click Administrative Tools, and then click Services.
- Double-click KDC, set the startup type to Disabled, and then restart the computer.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
If only the PDC Emulator operations master role holder is running, the KDC forces the other domain controllers to resynchronize with this computer, instead of issuing themselves a new Kerberos ticket.
After the computers have finished restarting, start the Services program, restart the KDC service, and then attempt replication again.
In some cases, when you use the net view \\computername to attempt to connect to the domain controller that has the PDC Emulator operations master role from another domain controller, you may receive an "Access denied" error message. However, if you use the Internet protocol (IP) address, the command may succeed.
When this problem occurs, numerous errors may be reported in the event logs. These errors vary depending on any of the following conditions:
- The domain controller was not fully functional before the problem occurred.
- The domain controller did not successfully completed the Active Directory Installation Wizard process.
- The Sysvol folder on the domain controller was not shared out.
- The domain controller did not have the full file structure under the Domain_name folder and the Policies folder that is located in %SystemRoot%\Sysvol\Sysvol\Domain_name\Policies.
Description: The redirector was unable to initialize security context or query context attributes.
Artikli ID: 288167 – viimati läbi vaadatud: 06/19/2014 12:39:00 – redaktsioon: 5.0
- kbenv kberrmsg kbprb KB288167