G
Guest
Big problem: root domain xyz.com with several child domains, e.g. child1.xyz.com, child2.xyz.com and so on.
during the installation of the child domain child1.xyz.com we had some problems, so I deleted the domain.
meanwhile this domain was present in active directory.
afther a while i started to install this domain again, it was ok. but now i have an "cnf:bla bla.." error shown in the directory service log of the replication partner in the domain child2.xyz.com:
The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is ef5a4443-f7c8-4d77-8042-7479833e87d9._msdcs.domain.com. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/ef5a4443-f7c8-4d77-8042-7479833e87d9/childCNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3.domain.com@child
CNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3.domain.com.
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated.
Also when I check this with ntdsutil I can see that there is a conflict: DC="childCNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3",DC=xyz,DC=com", in the other domains it is shown correctly:
DC=child, DC=xyz, DC=com.
What is the solution? How can I remove this conflicting domain and establish a connection to the working domain?
Has anyone experience with this?
I have found some possible solutions, but at this time I´m not shure what to do....
during the installation of the child domain child1.xyz.com we had some problems, so I deleted the domain.
meanwhile this domain was present in active directory.
afther a while i started to install this domain again, it was ok. but now i have an "cnf:bla bla.." error shown in the directory service log of the replication partner in the domain child2.xyz.com:
The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is ef5a4443-f7c8-4d77-8042-7479833e87d9._msdcs.domain.com. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/ef5a4443-f7c8-4d77-8042-7479833e87d9/childCNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3.domain.com@child
CNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3.domain.com.
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated.
Also when I check this with ntdsutil I can see that there is a conflict: DC="childCNF:b69b16a9-dfaa-4c81-bd88-7a1d056cb9f3",DC=xyz,DC=com", in the other domains it is shown correctly:
DC=child, DC=xyz, DC=com.
What is the solution? How can I remove this conflicting domain and establish a connection to the working domain?
Has anyone experience with this?
I have found some possible solutions, but at this time I´m not shure what to do....