Desired authentication protocol for DSA fail after DC-reboot

Hi!

We have experienced authentication and replication problems after restart of our Domain Controllers for a quite long period (1-2 years). Replication problems is almost always solved with an extra reboot of the DC, which has been anembarrassing workaround. 

The DC-event that consequently is logged is the following:

Log Name:     Directory Service

Source:       Microsoft-Windows-ActiveDirectory_DomainService

Event ID:     2513

Task Category: DS RPC Client

Level:        Error

Keywords:     Classic

User:         ANONYMOUS LOGON

Computer:     DC2.domain.xx

Description:

Attempting to set the desired authentication protocol for a connection to the following DSA failed.

 DSA: 23bc2939-abc9-44ab-883e-1390e9cdb024._msdcs.domain.xx

 Additional Data:

 Error:

 1747 The authentication service is unknown.

We have performed troubleshooting with focus on DNS name resolution for the domain controllers. Also DCDIAG, repadmin, ADBPA, nltest (netlogon debugging) etc. The last action we did, was to promote a 3rd domain controller. After this, the replication problems seem to havedisappeared. But the DSA-authentication error reoccurrs on this DC as well. (The authentication problem is random on, and against all three DCs)

Domain enviroment:

3 DCs,  2008 R2

Domain and Forest functional level: 2008 R2

Previous replication problems (before 3rd DC promoted) that was logged, and that most of the times were solved by another restart of the DC:

Event ID:     1085

Task Category: Replication

Level:        Warning

User:         ANONYMOUS LOGON

Computer:     DC2.domain.xx

Description:

Internal event: Active Directory Domain Services could not synchronize the following directory partition with the directory service at the following network address.

Directory partition:

DC=loginmpa,DC=mpa,DC=se

Network address: 23bc2939-abc9-44ab-883e-1390e9cdb024._msdcs.domain.xx

If this error continues, the Knowledge Consistency Checker (KCC) will reconfigure the replication links and bypass the directory service.

User Action

Verify that the network address can be resolved with a DNS query.

Additional Data

Error value:2148074274 The target principal name is incorrect.

Anotherreoccurring error after reboot is delayed registration of the GC-records for all DCs. This problem solvesautomatically after about 15 minutes, which also is strange.

Any ideas what could be the cause of this, and suggestions for further troubleshooting?

Regards
Marcus