Menu

HeelpBook

Slick Tutorials.

Menu
Facebook Twitter Feed

Primary Menu

Skip to content
  • Profile & Favorites
  • Glossary
  • Forum
  • Downloads
  • Manuals
  • Tags
  • Tools
  • Contact Us
  • About
Search

Secondary Menu

Skip to content
  • Tutorials
  • Microsoft
  • Apple
  • Linux
  • Security
  • Programming
  • Miscellaneous
  • Difficulty
    • Easy
    • Medium
    • Hard

Active Directory – The Target Principal Name is Incorrect

Posted onAugust 19, 2019August 19, 2019AuthorHeelpBook


To totally unlock this section you need to Log-in

Login

During an Active Directory domain controller upgrade or after deploying a new VM of Windows Server (then promoted to Domain Controller), we could observe replication issues on the Domain Controller which also owned the PDC emulator role. It is always a good idea to ensure replication and event logs are healthy before performing Active Directory changes and upgrades to avoid situations like this.

The following procedure will show how to get some clues about this issue and how to solve it. Let's begin with repadmin tool:

repadmin /replsummary 

It shows, for example, the following error:

Source DSA largest delta fails/total %% error
DC-01 15m:05s 0 / 10 0
DC-02 41m:15s 0 / 10 0
DC-03 06d.05h:43m:01s 4 / 10 40 (2148074274) The target principal name is incorrect.

You can see DC-01 and DC-02 are fine but DC-03 has replication errors and shows the error message "The target principal name is incorrect".

Resetting the domain controllers computer account using the following steps should resolve the replication issues.

Identify the DC which owns the PDC role:

netdom query fsmo

On the domain controller, disable the Kerberos Key Distribution Center service (KDC).

  • Click Start, point to Programs, click Administrative Tools, and then click Services.
  • Double-click KDC, set the startup type to Disabled, and then restart the computer (Restarting is required or else you will get an error on the next step).
  • Login to the DC again and run the following command to reset the computer account.
netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password

NOTE: This can not be done in Active Directory Users and Computers for Domain Controllers.

Set the KDC service to "Automatic" and restart the affected domain controller again.

Run the following commands to ensure there are no replication issues.

repadmin /syncall
repadmin /replsummary

A clean replication summary looks like this:

Source DSA largest delta fails/total %% error
DC-01 16m:08s 0 / 10 0
DC-02 12m:40s 0 / 10 0
DC-03 14m:35s 0 / 10 0

More Information

If there are multiple domain controllers in the domain, the error message that you receive when this issue occurs varies depending on which way replication is being attempted, and if one of the domain controllers that is involved is also the PDC Emulator operations master role holder.

In some cases, when you use the net view \\computername to attempt to connect to the domain controller that has the PDC Emulator operations master role from another domain controller, you may receive an "Access denied" error message. However, if you use the Internet protocol (IP) address, the command may succeed.

When this problem occurs, numerous errors may be reported in the event logs. These errors vary depending on any of the following conditions:

  • The domain controller was not fully functional before the problem occurred.
  • The domain controller did not successfully completed the Active Directory Installation Wizard process.
  • The Sysvol folder on the domain controller was not shared out.
  • The domain controller did not have the full file structure under the Domain_name folder and the Policies folder that is located in %SystemRoot%\Sysvol\Sysvol\Domain_name\Policies.

Source
Go to source!

Language
English

CategoriesEnglish, How-Tos, Medium, Microsoft, Windows ServerTagsaccount, active, administration, communication, computer, directory, english, error, guide, how to, howto, incorrect, medium, microsoft, name, netdom, password, pwd, replication, reset, server, target, tutorial, utility, windows server

Post navigation

← Previous Previous post: WSUS – Upgrading to Windows 10 1903
Next → Next post: Powershell – Check and find the product GUID of an installed MSI setup

Quick Links

  • Glossary
  • Search By Years
  • Search By Difficulty
  • Search By Category
  • Questions
  • Profile & Favorites
  • About

Most Viewed Articles

  1. Powershell – Substring() from the end of the string
  2. Destination Host Unreachable – Reasons and Fixes
  3. “Alla cortese attenzione del Sig.” si scrive nell’oggetto di una mail?
  4. Che cosa è uno storno a pagamento? Cosa è uno storno di addebito?
  5. Powershell – Check and find the product GUID of an installed MSI setup
Copyright © 2022 HeelpBook. All Rights Reserved. | Catch Responsive by Catch Themes
Scroll Up
  • Profile & Favorites
  • Glossary
  • Forum
  • Downloads
  • Manuals
  • Tags
  • Tools
  • Contact Us
  • About
  • Tutorials
  • Microsoft
  • Apple
  • Linux
  • Security
  • Programming
  • Miscellaneous
  • Difficulty
    • Easy
    • Medium
    • Hard