Issue:
Any of the following messages may be logged in the Directory Service event log after a DC has been demoted and promoted with the same name. Other factors that may contribute to theses messages are if the DC was a global catalog before or after the demotion / promotion, or if multiple domains exist in the forest.
Source: NTDS Replication
Category: DS RPC Client
Event ID: 1411
Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.
Domain controller:
5471be24-1fdf-4fed-9074-ec3f1cd2f0fc._msdcs.domain.com
The call was denied. Communication with this domain controller might be affected.
Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
Source: NTDS Replication
Category: Replication
Event ID: 1955
The Knowledge Consistency Checker (KCC) successfully terminated the following change notifications.
Directory partition:
DC=domain,DC=com
Destination network address:
5471be24-1fdf-4fed-9074-ec3f1cd2f0fc._msdcs.domain.com
Destination domain controller (if available):
CN=NTDS Settings\0ADEL:5471be24-1fdf-4fed-9074-ec3f1cd2f0fc,CN=SERVERNAME\0ADEL:dc92408b-3308-4da7-82a6-9c61951d39ca,CN=Servers,CN=Location,CN=Sites,CN=Configuration,DC=domain,DC=com
This event can occur if either this domain controller or the destination domain controller has been moved to another site.
Source: NTDS KCC
Category: Knowledge Consistency
Event ID: 1272
The following directory partition is no longer replicated from the source domain controller at the following network address because there is no Connection object for the domain controller.
Directory partition:
DC=domain,DC=com
Source domain controller:
CN=NTDS Settings\0ADEL:5471be24-1fdf-4fed-9074-ec3f1cd2f0fc,CN=SERVERNAME\0ADEL:dc92408b-3308-4da7-82a6-9c61951d39ca,CN=Servers,CN=Location,CN=Sites,CN=Configuration,DC=domain,DC=com
Network address:
5471be24-1fdf-4fed-9074-ec3f1cd2f0fc._msdcs.domain.com
Source: NTDS Replication
Category: Replication
Event ID: 1104
The Knowledge Consistency Checker (KCC) successfully terminated the following change notifications.
Directory partition:
CN=Configuration,DC=domain,DC=com
Destination network address:
5471be24-1fdf-4fed-9074-ec3f1cd2f0fc._msdcs.domain.com
Destination domain controller (if available):
CN=NTDS Settings\0ADEL:5471be24-1fdf-4fed-9074-ec3f1cd2f0fc,CN=SERVERNAME\0ADEL:dc92408b-3308-4da7-82a6-9c61951d39ca,CN=Servers,CN=Location,CN=Sites,CN=Configuration,DC=domain,DC=com
This event can occur if either this domain controller or the destination domain controller has been moved to another site.
Solution:
Do nothing, the error messages will stop once the replication object is removed. The replication object is removed once half the domain tombstone lifetime has been reached. This is known as the "stay of execution" and it is used incase the domain controller is restored after a disaster.
More Information:
The network address given (5471be24-1fdf-4fed-9074-ec3f1cd2f0fc._msdcs.domain.com) in each of the event logs corresponds to the original DC <DSAGuid> and the associated dsaguid._msdcs.forestroot DNS record that every domain controller registers in DNS.
The <DSAGuid > is stored in the computer object’s servicePrincipalName attribute and can be viewed with the “setSPN –L servername” command or via ADSIEdit by viewing the properties of the computer object in the Domain Controllers container.
Both will appear in the format:
ldap/dsaguid._msdcs.forestroot
Active Directory Operations Overview
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd10.mspx