DC unable to talk to other DC. KCC, repl, DFS, etc errors. Target Principal name is incorrect

I have a VM lab 2008R2 forest with 2 DCs, 2 sites.  I've been working with the site 1 only for a long time and then brought up the site 2 DC.  I had to change the VM NIC, and a first boot didn't have connectivity with DC1.  It prompted me to change the admin password, and then I found once on the network it has been unable to "contact" DC1.  I can telnet to DC1 ports 389, 3268, 88 , but the services that contact DC1 fail along with repl.  I believe I'm getting a Kerb access denied. My thoughts are that it's sending the wrong account info when getting the Kerb ticket, or possibly related to tombstone.  Among other things, I've done this, http://support.microsoft.com/kb/288167/en-us.  It hasn't helped.  Below are some of the errors.  Any help is appreciated.  Pardon if I'm posting in the wrong place.  

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          9/21/2014 11:53:10 AM
Event ID:      1865
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      DC-S2.Dom1.com
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. 
 
Sites: 
CN=site1,CN=Sites,CN=Configuration,DC=Dom1,DC=com
==============================

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          9/21/2014 11:53:10 AM
Event ID:      1311
Task Category: Knowledge Consistency Checker
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      DC-S2.Dom1.com
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 
 
Directory partition: CN=Configuration,DC=Dom1,DC=com 
 
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers. 
 
User Action 
Perform one of the following actions: 
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. 
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site. 
 
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
==============================

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          9/21/2014 11:53:10 AM
Event ID:      1566
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      DC-S2.Dom1.com
Description:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable. 
 
Site: CN=site1,CN=Sites,CN=Configuration,DC=Dom1,DC=com 
Directory partition: CN=Configuration,DC=Dom1,DC=com 
Transport: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=Dom1,DC=com
==============================

Log Name:      System
Source:        LsaSrv
Date:          9/21/2014 12:51:56 PM
Event ID:      6037
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC-S2.Dom1.com
Description:
The program lsass.exe, with the assigned process ID 512, could not authenticate locally by using the target name LDAP/2def5be2-1855-4bfa-b483-0bc76156e107._msdcs.Dom1.com. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
 Try a different target name.
==============================

C:\>repadmin /replsummary
Source DSA          largest delta    fails/total %%   error
 DC               >60 days            5 /   5  100  (2148074274) The target principal name is incorrect.

==============================

DCdiag:

The Security System detected an authentication error for the server ldap/DC-S2.DOM1o.com. The failure code from athentication protocol Kerberos was "An attempt was made to logon, but the netlogon service was not started.
        An error event occurred.  EventID: 0x40000004
           Time Generated: 09/21/2014   12:53:19
           Event String:
           The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server dc$. The target name used was E3514235-406-11D1-AB04406-11D1-AB04406-11D1-AB04406-11D1-AB04-00C04FC2DCD2/54cb8a8d-1288-47f0-93a2-7c5a27edc57a/DOM1.com@DOM1.com. This indicates that the target server faled to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered o an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different passwrd for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Pease ensure that the service on the server and the KDC are both updated to use the current password. If the server name is nt fully qualified, and the target domain (DOM1.COM) is different from the client domain (DOM1.COM), check if there are idetically named server accounts in these two domains, or use the fully-qualified name to identify the server.