Error 1645 Active Directory
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: ntds replication 1645 Active Directory Replication Errors - help and advice please... Windows Server event id 1645 ntds replication windows 2003 > Directory Services Question 0 Sign in to vote Hi All, We seem to have developed quite
1396 Logon Failure The Target Account Name Is Incorrect
a major fault in our Active Directory Services. Picking on one server for starters, which was recently re-installed, we have the following errors: EVENT ID 1645 Active
Event Id 1925
Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN. Destination directory server: 1b2c197f-d976-4e02-b830-99afd75c7bbc._msdcs.mydomain.local SPN: E3514235-4B06-11D1-AB04-00C04FC2DCD2/1b2c197f-d976-4e02-b830-99afd75c7bbc/mydomain.local@mydomain.local User Action Verify that the names of the the attempt to establish a replication link for the following writable directory partition failed destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated. EVENT ID 2042 It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these p
Monitor an unlimited number of servers with $49/year With the current low prices for servers and the need for processing power, even
Setspn Command
a small company may end up with quite a few of the target principal name is incorrect them. If ten years ago it was still common to see an entire company using just one server, these days that's no longer the case. New computers are added to the network with the understanding that they will be taken care of by the admins. https://social.technet.microsoft.com/Forums/windowsserver/en-US/4a84f94d-3839-44d2-b541-f29925c9de9c/active-directory-replication-errors-help-and-advice-please?forum=winserverDS Keeping an eye on these servers is a tedious, time-consuming process. Even with 5 minutes per server (to check the logs and other parameters), it may take an hour to make sure that everything is ok and no "red lights" are blinking on any of the servers. read more... Event ID: 1645 Source: NTDS Replication Source: http://www.eventid.net/display-eventid-1645-source-NTDS%20Replication-eventno-351-phase-1.htm NTDS Replication Type: Error Description:The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is afb720fd-38c7-4505-aa9f-b658ca124773._msdcs.MyDomain.com. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/afb720fd-38c7-4505-aa9f-b658ca124773/mydomain.com@mydomain.com. Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated. English: Request a translation of the event description in plain English. Concepts to understand: What is the role of the KDC? What is NTDS and what are the roles of its components? What is a directory service? Comments: EventID.Net See ME810089, ME939820 and the link to "EventID 1645 from source
NTDS REPLICATION 1645. (Active Directory did not perform an authenticated remote procedure call (RPC) to another domain http://www.networksteve.com/forum/topic.php/AD_Replication_issue_-_NTDS_Replication_-_error_1645/?TopicId=28920&Posts=2 controller because the desired service principal name (SPN) for the destination https://damn.technology/replication-errors-after-adding-a-2008-r2-dc domain controller is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.) The configuration is as follows. I have one domain forest, one parent and four child domains on multiple sites. The problem begun when I added parent domain ntds replication RODC to remote site (actual AD site), that hosts child domain with two WRDC (Server 2003) for child domain. (I have added the RODC because this is the only domain controller that will remain in the future. Child domain will be migrated to parent domain and domain controllers will be demoted.) All replications and authentications name is incorrect seem to work fine. RepAdmin /SyncAll on all involved DC are completed without errors. RepAdmin /ShowRepl is completed on all without errors. DcDiag is completed on RODC without errors. DcDiag on WRDCs for child domain is completed successfully for all but kccevent. I would be grateful for any suggestions on how to solve this problem (remove errors). My guess for this problem is that RWDCs are not allowed to sync/replicate from RODC and are constantly trying to sync from RODC because they are in the same AD SITE. Thanks. BR, Luka February 29th, 2012 4:20am NTDS Replication Error Event Type: Error Event Source: NTDS Replication Event Category: DS RPC Client Event ID: 1645 Date: 11/29/2010 Time: 10:04:26 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: Server Name Description: Active Directory did not perform an authenticated remote procedure call (RPC) to another domain controller because the desired service principal name (SPN) for the destination domain controller is not registered on the Key Distribution Center (KDC)
a wider plan to upgrade them all in the next 12 months or so. As soon as I added the first DC I noticed something was up, replication wasn't working. The Event log on the new 2008 R2 DC was filled with Event ID 1645: Active Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN. Destination directory server: vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz._msdcs.domain.com SPN: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz/domain.com@domain.com User Action Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated. And Event ID 1925: The attempt to establish a replication link for the following writable directory partition failed. Directory partition: DC=DOMAIN,DC=com Source directory service: CN=NTDS Settings,CN=SERVERNAME,CN=Servers,CN=MORDOR,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com Source directory service address: vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz._msdcs.domain.com Intersite transport (if any): This directory service will be unable to replicate with the source directory service until this problem is corrected. User Action Verify if the source directory service is accessible or network connectivity is available. Additional Data Error value: 1396 Logon Failure: The target account name is incorrect. I'm not ashamed to admit it, this had me stumped, until I spotted the following entry in the event log: The Security System could not establish a secured connection with the server LDAP/DCNAME.DOMAIN.com/DOMAIN.com@DOMAIN.COM. No authentication protocol was available. That lead me to Microsoft KB939820, which seemed somewhat related. Some more research and I located a post from 2007 talking about another iss