Luckily I have moved FMSO roles from a primary DC that was failing. It decided to die at the weekend and I now have replication errors. I'm trying to edit a GPO that is no longer replicating. I can't even get in to the GPO to edit it error is
Error (0x80070574) occured parsing file
Logon Failure: The target account name is incorrect
I'm assuming this is because of replication issues any help on how to fix would be helpful.
It's a 2008R2 server the old primary was 2003
Here is a dcdiag output
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ABF-DC-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ABF-DC-01
Starting test: Connectivity
......................... ABF-DC-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ABF-DC-01
Starting test: Advertising
......................... ABF-DC-01 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ABF-DC-01 passed test FrsEvent
Starting test: DFSREvent
......................... ABF-DC-01 passed test DFSREvent
Starting test: SysVolCheck
......................... ABF-DC-01 passed test SysVolCheck
Starting test: KccEvent
......................... ABF-DC-01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ABF-DC-01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ABF-DC-01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=AFABZ,DC=Aberdeenfoyer,DC=com
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=AFABZ,DC=Aberdeenfoyer,DC=com
......................... ABF-DC-01 failed test NCSecDesc
Starting test: NetLogons
......................... ABF-DC-01 passed test NetLogons
Starting test: ObjectsReplicated
......................... ABF-DC-01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ABF-DC-01] A recent replication attempt failed:
From AFDC1 to ABF-DC-01
Naming Context: DC=DomainDnsZones,DC=AFABZ,DC=Aberdeenfoyer,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-06-03 16:59:59.
The last success occurred at 2013-06-01 06:48:18.
55 failures have occurred since the last success.
[AFDC1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,ABF-DC-01] A recent replication attempt failed:
From AFDC1 to ABF-DC-01
Naming Context: DC=ForestDnsZones,DC=AFABZ,DC=Aberdeenfoyer,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-06-03 16:59:59.
The last success occurred at 2013-06-01 06:48:18.
55 failures have occurred since the last success.
[Replications Check,ABF-DC-01] A recent replication attempt failed:
From AFDC1 to ABF-DC-01
Naming Context:
CN=Schema,CN=Configuration,DC=AFABZ,DC=Aberdeenfoyer,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2013-06-03 16:59:59.
The last success occurred at 2013-06-01 06:47:57.
55 failures have occurred since the last success.
[Replications Check,ABF-DC-01] A recent replication attempt failed:
From AFDC1 to ABF-DC-01
Naming Context: CN=Configuration,DC=AFABZ,DC=Aberdeenfoyer,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2013-06-03 16:59:59.
The last success occurred at 2013-06-01 06:47:57.
55 failures have occurred since the last success.
[Replications Check,ABF-DC-01] A recent replication attempt failed:
From AFDC1 to ABF-DC-01
Naming Context: DC=AFABZ,DC=Aberdeenfoyer,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2013-06-03 16:59:59.
The last success occurred at 2013-06-01 07:46:53.
55 failures have occurred since the last success.
......................... ABF-DC-01 failed test Replications
Starting test: RidManager
......................... ABF-DC-01 passed test RidManager
Starting test: Services
......................... ABF-DC-01 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:03:43
Event String:
The Remote Desktop license server cannot update the license attributes for user "grahamm" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:04:35
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:09:36
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:14:37
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 06/03/2013 16:15:41
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server abf-dc-01$. The target name used was AFABZ\AFDC1$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AFABZ.ABERDEENFOYER.COM) is different from the client domain (AFABZ.ABERDEENFOYER.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:19:37
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:24:38
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:24:42
Event String:
The Remote Desktop license server cannot update the license attributes for user "NariaE" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:25:40
Event String:
The Remote Desktop license server cannot update the license attributes for user "MaryA" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:29:38
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:31:26
Event String:
The Remote Desktop license server cannot update the license attributes for user "CathyS" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:32:01
Event String:
The Remote Desktop license server cannot update the license attributes for user "ElaineC" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:32:41
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{11C09009-4FE8-426A-B2B0-6C70F8164B1A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:34:39
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:39:40
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:44:40
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0xC9001009
Time Generated: 06/03/2013 16:46:30
Event String:
The Remote Desktop license server cannot update the license attributes for user "helend" in the Active Directory Domain "AFABZ.Aberdeenfoyer.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "AFABZ.Aberdeenfoyer.com".
An error event occurred. EventID: 0x40000004
Time Generated: 06/03/2013 16:49:41
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server abf-dc-01$. The target name used was cifs/afdc1.AFABZ.Aberdeenfoyer.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AFABZ.ABERDEENFOYER.COM) is different from the client domain (AFABZ.ABERDEENFOYER.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:49:41
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 06/03/2013 16:50:45
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server abf-dc-01$. The target name used was ldap/afdc1.AFABZ.Aberdeenfoyer.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AFABZ.ABERDEENFOYER.COM) is different from the client domain (AFABZ.ABERDEENFOYER.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:54:41
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 06/03/2013 16:59:42
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\AFABZ.Aberdeenfoyer.com\SysVol\AFABZ.Aberdeenfoyer.com\Policies\{972483D3-E58C-48E8-BDF8-A4B5B7A51890}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x40000004
Time Generated: 06/03/2013 16:59:59
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server abf-dc-01$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/5c778059-edaa-4097-9e5b-96b75dd69daf/AFABZ.Aberdeenfoyer.com@AFABZ.Aberdeenfoyer.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AFABZ.ABERDEENFOYER.COM) is different from the client domain (AFABZ.ABERDEENFOYER.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 06/03/2013 17:02:38
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server abf-dc-01$. The target name used was LDAP/5c778059-edaa-4097-9e5b-96b75dd69daf._msdcs.AFABZ.Aberdeenfoyer.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AFABZ.ABERDEENFOYER.COM) is different from the client domain (AFABZ.ABERDEENFOYER.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... ABF-DC-01 failed test SystemLog
Starting test: VerifyReferences
......................... ABF-DC-01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : AFABZ
Starting test: CheckSDRefDom
......................... AFABZ passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... AFABZ passed test CrossRefValidation
Running enterprise tests on : AFABZ.Aberdeenfoyer.com
Starting test: LocatorCheck
......................... AFABZ.Aberdeenfoyer.com passed test
LocatorCheck
Starting test: Intersite
......................... AFABZ.Aberdeenfoyer.com passed test
Intersite