Replication error 1411

bdoub1eu · Nov 29, 2005

I demoted a DC a few days ago and am now getting an error:

Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.

Domain controller:
c709ad6b-5222-450e-ba36-7c69be4f7d3a._msdcs.chemspec.com

The call was denied. Communication with this domain controller might be affected.

Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.

The c709... DC is the one I demoted...Should I check DNS, ADSIEDIT or ntdsutil? thanks!

bdoub1eu · Nov 29, 2005

Another note...I'm only getting this error on one DC. I ran the ntdsutil and didn't see any entry under the sites for this server...

xmsre · Nov 30, 2005

Looks like the demotion was not completely successful and references to the DC still exist in AD. Try metadata cleanup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

bdoub1eu · Nov 30, 2005

I looked at the above Microsoft article and followed the steps...Don't see any reference to this server in ndtsutil, adsiedit or DNS. Again, error only happening on one server...Not the other 3 DC's I have.

xmsre · Nov 30, 2005

Do this from the server that is throwing the error.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Replication error 1411

bdoub1eu

IS-IT--Management

bdoub1eu

IS-IT--Management

xmsre

ISP

bdoub1eu

IS-IT--Management

xmsre

ISP

Similar threads

Part and Inventory Search

Sponsor