Skip to main content

Active Directory Replication failed with “Target principal name is incorrect”

By November 14, 2016September 11th, 2020Best Practices, Blog, Hot Technology Topics
Azure Active Directory logo Microsoft

Recently we had a client with a site down issue. DNS was wrong, profiles were wrong, pretty much everything he could test was not working properly.  Listening to him explain the details,  I realized this error was looking more and more like a replication issue.  I opened sites and services and sure enough I wasn’t able to force a replication. The following helped me get him on track.

If you have an issue with the computer account of the domain controller then you may receive target principal name is incorrect or access denied error while the time of replication. To check the computer account run the below command from affected domain controller where you receive the error:

net view \\DC Name

or

net use \\DC Name

If you receive access denied error then it’s confirm computer account issue, to resolve this issue, you have to reset the computer account, reset the secure channels between these domain controllers and the PDC.

Run the below command to reset the computer account,

Before running this command, disables the Kerberos Key Distribution Center service (KDC).

And this command should be run from the domain controller in which you are going to reset the password, server_name should be PDC or the replication partner.

netdom resetpwd /server:server_name /userd:domain_nameadministrator /passwordd:administrator_password

After running this command,  reboot the Domain Controller and start the KDC Service.

Myke Schwartz, PEI

Leave a Reply