Question : AD replication fails after DC system state restore

After a system state restore of our only DC1.domain2.com (win2k) in one of our domains we added another DC2.domain2.com (win2k3) to that domain. This ran fine for 2 days. Untill DC1.domaim2.com failed again. Did system restore again and communication between the other domains was fine for a few hours but not between DC1.domain2.com and DC2.domain2.com.
Now all other domains in the forest cannot access domain2.com at all through AD users and computers.
Getting the message "windows cannot connect to the new domain because: Logon failure: unknown user name or bad password." from DC1.domain1.com (w2k3).
With event: LSASRV Event ID 40960:
"The Security System detected an authentication error for the server LDAP/DC2.domain2.com/domain2.com. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
Both DC's in domain2 can access all other DC's in the other domains.
DC2 in domain2 cannot access DC1 in domain2 but DC1 can access DC2
When running DcDiag on DC2:
Starting test: KnowsOfRoleHolders
[DC1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
[DC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding
to LDAP Bind.
......................... DC2 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC2 failed test RidManager
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: Services
......................... DC2 passed test Services
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC2 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
DC1 Passes all the DcDiag tests.
DNS zone replication is fine.
Nslookup and ping work.
I've run replmon on a few servers
DC1!.doamin2.com can replicate from all servers.
DC2.domain2.com can replicate from all servers except DC1.domain2.com.
Servers in other domains can replicate except from DC1 and DC2 in domain2.ccom

Thanks for suggestions,

Answer : AD replication fails after DC system state restore

Hi Chris

After I ran netdiag /d:domain2 from dc1.domain1.com replication started to work between the domains.
Now I can access domain2 with AD users and computers from all the other domains and also see domain2 with ADMT from domain1.
I will keep an eye on the replication for a day or 2 but the problem seams to be fixed

Thanks Chris

Random Solutions

DNS changes requested name and causes ssl certificate error

FTP connection problem

Delay notifications in small business server

Zenworks v2 disable client

Cisco 1721 wr mem not saving

printing out double to 2 decimal places

RAS Server Interface Link Speed in Task

One user's phone doesn't notify "new messages"