You are currently offline, waiting for your internet to reconnect

Error message when you replicate an Active Directory-integrated zone from a Windows Server 2003-based domain controller: "The zone cannot be replicated to all DNS servers in the (null) Active Directory domain"

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
You create a new Domain Name System (DNS) zone, or you replicate an Active Directory directory service-integrated DNS zone from a Microsoft Windows Server 2003-based domain controller. After you do this, you may receive an error message that resembles the following:
The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application does not exist. Only Enterprise administrators have the appropriate permissions to create an application directory partition. To store this zone in a domain container until the partition is created, close this message, and then replicate to all domain controllers in the active directory domain option.
CAUSE
This issue may occur if Active Directory replication fails. Active Directory replication may fail because of a DNS lookup failure or because the security channel is broken.

If you verify Active Directory replication by using the Active Directory sites and Services Microsoft Management Console (MMC) snap-in, you may receive one of the following error messages:

Error message 1
Target Principal Name is incorrect
Error message 2
DNS lookup failure
When you reset the security channel, you may receive an error message that resembles the following:
Target Principal Account name is incorrect
RESOLUTION
To resolve this issue, follow these steps:
  1. Change the DNS server to another DNS server that is available in the domain. To do this, follow these steps:
    1. Right-click My Network Places, and then click Properties.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Internet Protocol (TCP/IP), and then click Properties.
    4. Type the IP address of any other DNS server in the Preferred DNS server box, and then click OK two times.
    5. Click Close to close the Local Area Connection Status dialog box.
  2. Disable the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Disabled, click Stop, click Apply, and then click OK.
    4. Close the Services MMC snap-in.
  3. Restart the domain controller.
  4. Start the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.
    4. Close the Services MMC snap-in.
Properties

Article ID: 938459 - Last Review: 07/06/2007 16:30:09 - Revision: 1.2

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition

  • kberrmsg kbtshoot kbexpertiseadvanced kbprb KB938459
Feedback
/html>me='ms.dqp0';m.content='true';document.getElementsByTagName('head')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> y>ody>body>