Errors appeared on domain controller:
The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
Reset Domain Controller computer account
Use Netdom utility (inculded in srv2008 / included in Support\Tools folder on the Windows Server 2003 CD)
1. Stop the Kerberos Key Distribution Center service on affected DC
2. Purge Kerberos cache with KLIST (srv2008) tool, for srv 2003 use KerbTray tool from srv Support Tools.
3.
The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
Repadmin /syncall shows:
Acess denied
Resolution:
Reset Domain Controller computer account
Use Netdom utility (inculded in srv2008 / included in Support\Tools folder on the Windows Server 2003 CD)
1. Stop the Kerberos Key Distribution Center service on affected DC
2. Purge Kerberos cache with KLIST (srv2008) tool, for srv 2003 use KerbTray tool from srv Support Tools.
Run the following command: KLIST PURGE
Reset the DC machine password
a. At a command prompt, type the following command:
netdom resetpwd /s:peerdc /ud:domain\user /pd:*
Notes:
/s:peerdc - the name of a domain controller in the same domain that will be used to reset the machine account password. This DC should have KDC running.
/ud:domain\User - the user account that makes the connection with the domain controller you specified in the /s parameter. This must be in domain\User format.
/pd:* - specifies the password of the user account that is specified in the /ud parameter. Use an asterisk (*) to be prompted for the password.
Example:
The local domain controller computer is DC1 and its peer domain controller is DC2. If you run Netdom.exe on DC1 with the following parameters, the password is changed locally and is simultaneously written on DC2, and replication propagates the change to other domain controllers:
netdom resetpwd /s:DC2 /ud:domain\administrator /pd:*
4. Restart Domain Controller
5. Replicate domain controllers.
Repadmin /syncall
Verify successful replication using the following command
repadmin /replsum