My business closed one of their remote branches recently. The ex-employees took their time packing and sending the hardware back to our HQ. The Domain Controller was offline for more than a month. When we finally got it back, I recreated the routing and plugged the server back in so that I could run a DCPROMO and take it down gracefully. However, since the server was offline for so long, when I ran DCPROMO, the server complained that it could not sync up with the Domain Controllers. This is the same thing for other windows hosts that have been offline for 30 days. The Event Viewer showed Event ID 3210 and 5722 related to this issue.
This error is also seen when using the AD sites and services snap in to force a replication between domain controllers. I would get the following error window stating “The Target principal name in incorrect”.
How how to fix it:
From any DC, open command line (CMD) and run
netdom query fsmo
That will list out the servers in your Domain with the Domain roles. Look for the server running the PDC role.
Next, on the server that is having the issues we need to disable Kerberos.
1) Click Start -> Programs -> Administrative Tools -> Services
2) Double click the Kerberos service (KDC) and change the startup type to Disabled.
3) Reboot
When the machine starts back up, get back to a Command Line (CMD) and reset the secure channel to the PDC with the following command:
netdom resetpwd /server:server_name /userd:domain_nameadministrator/passwordd:administrator_password
Where server_name is the server holding the PDC role. administrator/administrator_password can be substituted for any account that is a Domain Admin.
Restart the troubled DC. Reset the Kerberos Service back to Automatic Startup.
Everything should now be back to normal.
Thanks! This was a god send. I was searching all afternoon for a resolution and kept coming up with a fat goose egg. Appreciate the post.
After disabling the Kerberos and then rebooting, I could NOT log back into this server/ DC
This is great, thank you. I did substitute for the command below to force it to prompt for the password instead of putting it in plain text, the * does that.
netdom resetpwd /s:server /ud:domain\User /pd:*
Pingback: Error (Target Principal Name is incorrect) when manually replicating data between domain controllers | Yogesh
Thanks for this article. It worked for me.
We had the same error after the PDC was restored from one day old backup.
“The target principal name is incorrect” Event ID 3210 and Event ID 5722″.
I followed the instructions, was able restore the replication and error was fixed.
Thank You so much for your help