Unable to login Secondary Domain Controller. The username or password is incorrect

Hi,

 
Previously my secondary DC (server name is "sdc")  was down so I boot up the image backup of the same server as a virtualized server in another computer.

Once I fixed my secondary DC server, I shut down the virtualized server, and let the actual secondary DC run.

I can log in with no problem. The Primary DC (server name is "pdc") and Secondary DC can ping each other.

Everything went well until the next morning, I found out I couldn't log into the secondary DC anymore. The error message says "The username or password is incorrect". The Primary DC and Secondary DC can ping each other though. Both my servers are running Window Server 2008

 

Below are an extract from the dcdiag command  :


      " Starting test: Replications


        [Replications Check, PDC] A recent replication attempt failed:
          From SDC to PDC

          Naming Context: DC=ForestDnsZones,DC=xyz,DC=com,DC=my

            The replication generated an error (1256):

            The remote system is not available. For information about network troubleshooting, see    Windows Help.

            The failure occurred at 2018-07-19 09:56:07.

            The last success occurred at 2018-07-18 12:10:24.

            24 failures have occurred since the last success.

        [SDC] DsBindWithSpnEx() failed with error -2146893022,

        The target principal name is incorrect..

 

        [Replications Check,PDC] A recent replication attempt failed:

            From SDC to PDC

            Naming Context: DC=DomainDnsZones,DC=xyz,DC=com,DC=my

            The replication generated an error (1256):

            The remote system is not available. For information about network troubleshooting, see 
            Windows Help.

            The failure occurred at 2018-07-19 09:56:07.

            The last success occurred at 2018-07-18 12:11:41.

            28 failures have occurred since the last success.

 

        [Replications Check,PDC] A recent replication attempt failed:

            From SDC to PDC

            Naming Context:

            CN=Schema,CN=Configuration,DC=xyz,DC=com,DC=my

            The replication generated an error (-2146893022):

            The target principal name is incorrect.

            The failure occurred at 2018-07-19 09:56:07.

            The last success occurred at 2018-07-17 16:51:50.

            43 failures have occurred since the last success.

 

        [Replications Check, PDC] A recent replication attempt failed:

            From SDC to PDC

            Naming Context: CN=Configuration,DC=xyz,DC=com,DC=my

            The replication generated an error (-2146893022):

            The target principal name is incorrect.

            The failure occurred at 2018-07-19 09:56:07.

            The last success occurred at 2018-07-17 16:51:50.

            42 failures have occurred since the last success.

 

        [Replications Check, PDC] A recent replication attempt failed:

            From SDC to PDC

            Naming Context: DC=xyz,DC=com,DC=my

            The replication generated an error (-2146893022):

            The target principal name is incorrect.

            The failure occurred at 2018-07-19 09:56:07.

            The last success occurred at 2018-07-18 12:12:46.

            23 failures have occurred since the last success.

 

        ......................... PDC failed test Replications

      Starting test: RidManager

        ......................... PDC passed test RidManager

      Starting test: Services

        ......................... PDC passed test Services

      Starting test: SystemLog

 

        An Error Event occurred.  EventID: 0x40000004

            Time Generated: 07/19/2018  09:54:36

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server sdc$. The                   target name used was cifs/Sdc.xyz.com.my. This indicates that the target server failed to               decrypt the ticket provided by the client. This can occur when the target server principal                 name (SPN) is registered on an account other than the account the target service is using.             Please ensure that the target SPN is registered on, and only registered on, the account                 used by the server. This error can also happen when the target service is using a different             password for the target service account than what the Kerberos Key Distribution Center                (KDC) has for the target service account. 
             Please ensure that the service on the server and the KDC are both updated to use the                 current password. If the server name is not fully qualified, and the target domain                            (XCZ.COM.MY) is different from the client domain (XYZ.COM.MY), check if there are identically             named server accounts in these two domains, or use the fully-qualified name to identify                 the server.

 

        An Error Event occurred.  EventID: 0x40000004
        Time Generated: 07/19/2018  09:56:07

          Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server sdc$. The                   target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/e92efb8d-1c9d-4412-            9766-09eae008a05c/xyz.com.my@xyz.com.my. This indicates that the target server failed               to decrypt the ticket provided by the client. This can occur when the target server principal             name (SPN) is registered on an account other than the account the target service is using.             Please ensure that the target SPN is registered on, and only registered on, the account                 used by the server. This error can also happen when the target service is using a different             password for the target service account than what the Kerberos Key Distribution Center                 (KDC) has for the target service account. Please ensure that the service on the server and             the KDC are both updated to use the current password. If the server name is not fully                     qualified, and the target domain (XYZ.COM.MY) is different from the client domain                           (XYZ.COM.MY), check if there are identically named server accounts in these two domains,               or use the fully-qualified name to identify the server.

 

        An Error Event occurred.  EventID: 0x40000004

            Time Generated: 07/19/2018  10:11:21

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server sdc$. The                   target name used was LDAP/e92efb8d-1c9d-4412-9766-9eae008a05c._msdcs.xyz.com.my.            This indicates that the target server failed to decrypt the ticket provided by the client. This             can occur when the target server principal name (SPN) is registered on an account other                 than the account the target service is using. Please ensure that the target SPN is                           registered on, and only registered on, the account used by the server. This error can also               happen when the target service is using a different password for the target service                        account than what the Kerberos Key Distribution Center (KDC) has for the target service                 account. Please ensure that the service on the server and the KDC are both updated to                 use the current password. If the server name is not fully qualified, and the target domain               (XYZ.COM.MY) is different from the client domain (XYZ.COM.MY), check if there are                             identically named server  accounts in these two domains, or use the fully-qualified name 
            to identify the server.

 

        ......................... PDC failed test SystemLog    "

 

As I am a novice, I hope you guys can help me out here.

 

Thank you all.