target principle name is incorrect

[Jisbomb]

I am getting error on my backup 2003 server stating that "Naming information cannot be located because: The target principle name is incorrect" whenever my backup DC tries to start an Active Directory console such as Users and Computers. I also found in the event viewer "system log Event ID 4, Kerberos client received a KRB_AP_ERR_MODIFIED error from the server (the PDC is listed)". After that the error mentions "password used to encrypt the Kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain listed) and the client realm". I have followed a microsoft article and it did get my AD synchronized only once, but it went back to the original error upon restarting my backup server. Any ideas?

[Zachary]

I think that you need to enter in the below location:

netdom resetpwd /server:nameofpdc /userd:domain_name\administrator /passwordd:administrator_password

The KDC should be disabled on the Server that has the issue. Can you check your system time which must be in sync with the PDC emulator. The second DC syncs its time with the PDC emulator. Time differences can cause kerberos issues.

[Bon-Z]

Can you try to check the DNS, forget about the reset password. Are there any kind of duplicated records, both A and PTR? You need to make sure you have one-to-one mapping between IP and host name for all the DC and affected servers. Also make sure all your SRV records are registered properly.

[Dr.pter]

After you have resetted the password you should restart server 2. After the successful restart you can start the kdc service. You dont have to start the kdc on server2 before you started the server again.