This article is our second part of our three part series, continuing where we left off in our last article: Domain Controller no longer replicating Pt. 1 — “Replication has been explicitly disabled…”. Our previous steps have brought us closer to resolving the replication issues on our Los Angeles Domain Controller, however issues still remain.
Now I will walk you through tackling:
- DCDIAG / NETDIAG shows Time Service is stopped and Netlogon service is paused
- “[WARNING] Failed to query SPN registration on DC”
Issue: We discovered a stopped Time service and a paused Netlogon service on the troubled Los Angeles DC:
Starting test: Services
w32time Service is stopped on [STAR]
NETLOGON Service is paused on [STAR]
Resolution: Using services.msc, I took the Netlogon service off of pause and started the Time Service.
Issue: “[WARNING] Failed to query SPN registration on DC”
After further investigation in DNS, I found that the PTR record is wrong for the Los Angeles Domain Controller:
I also found the new DC has same IP as old DC and old DC never removed from Name Servers:
- Verified Access this computer from the network rights, per MS Article https://support.microsoft.com/kb/2002013 by running:
DCDAIG /TEST:CheckSecurityError
Now onto our third installment in this series: “The target principal name is incorrect” | DC Stops Replicating Pt. 3