windowswideopen.com

On occasion, the local Active Directory domain controller fails to establish a replication link with its replication partner and it fails with the following error:

Event ID 1265
Partition: DC=domain,DC=enterprise,DC=com

Source DSA DN: CN=NTDS Settings,CN=HUBDC,CN=Servers,CN=HubSite,CN=Sites,CN=Configuration,DC=enterprise,DC=com

Source DSA Address: 62d85225-76bf-4b46-b929-25a1bb295f51._msdcs.enterprise.com

Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=enterprise,DC=com

failed with the following status:

The authentication service is unknown.

The record data is the status code. This operation will be retried.

If the DC fails to establish a replication link :

In that case, do the following :

Stop the KDC service using :

net stop KDC

It may be impossible to stop the service. In that case, set it’s startup state to “disable” and reboot.

Purge the ticket cache using :

krbtest /callpackage:purge:

Deleting tickets: (null)\(null)

If Kerbtest returns :

Deleting tickets: (null)\(null)

token failed: 0xc00000fe, 0x 7803bbb0

then set the KDC service startup state to “disable” and reboot the DC.

Run :

repadmin/kcc.

The DC will then contacts it’s replication partners and authenticate itself against them in order to create the replication links.

Then look for the following events in the “Directory Services” event log :

Event ID 1264 :

A replication link for the partition CN=Configuration,DC=company,DC=com from server CN=NTDS Settings,CN=HubDC,CN=Servers,CN=HubSite,CN=Sites,CN=Configuration,DC=enterprise,DC=com has been added.

This event logged by the KCC once it has properly created the replication link.

If no event ID 1264 are logged, the replication link failed to be established. The “Directory Services” will then log event ID 1265 describing the reason for the failure.Active Directory kcc repadmin replication partners ticket cacheActive Directory kcc repadmin replication partners ticket cache