Logon failure the target account name is incorrect

We are currently running two servers, configured as below:

1 x SBS 2011 Main Server (192.168.16.3) NAME - SERVER1

1 x Win 2008 R2 Server - Remote Site Connected (192.168.15.2) NAME - SERVER 2

DOMAIN - domain.local

4 Workstations at the remote site can access the SBS server by using IP, but not by name resolution. Error when connecting to SBS server is 

Have tried the normal, flush dns, also tried the below:

sandeshdubey.wordpress.com/2011/10/02/secure-channel-between-the-dcs-broken

But when using netdom resetpwd with the domain administrator account it returns the target account name cannot be identified. 

Please advise what is needed to resolve the issue. 

SERVER 2 is the problematic DC, and event viewer is showing there is a Kerberos Event 4 error, detailed below.

Log Name:      System
Source:        Microsoft-Windows-Security-Kerberos
Date:          11/08/2015 11:10:11
Event ID:      4
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ONEUP.ctn.local
Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server SERVER1$. The target name used was host/SERVER1. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
Event Xml:
<Event xmlns=
  <System>
    <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
    <EventID Qualifiers="16384">4</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-11T10:10:11.000000000Z" />
    <EventRecordID>295858</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SERVER2.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Server">server1$</Data>
    <Data Name="TargetRealm">DOMAIN.LOCAL</Data>
    <Data Name="Targetname">host/SERVER1</Data>
    <Data Name="ClientRealm">DOMAIN.LOCAL</Data>
    <Binary>
    </Binary>
  </EventData>
</Event>