Common AD replication, Kerberos, LDAP, and trust error codes with causes and fixes
Showing 31 of 31 entries
A domain controller cannot reach another DC via RPC.
A domain controller could not contact a remote DC.
Kerberos could not find a matching SPN for the requested service.
Client could not locate a DC for the domain.
NTDS KCC failed to create a replication link.
Active Directory could not resolve the GUID-based DNS name of a replication partner.
Replication succeeded but only because NetBIOS was used as a fallback.
A domain controller is not advertising because it has not completed initial replication.
A client could not establish a secure channel with any DC.
A workstation could not authenticate to the domain because its machine password is out of sync.
A computer could not establish a session with a DC.
A machine account is being rejected.
NTDS database error during replication.
A DC was denied permission to replicate.
The source DC has inbound replication disabled.
The destination DC has outbound replication disabled.
A directory operation failed because of a DNS lookup problem.
Lingering object detected during replication.
LDAP bind failed because the user does not exist.
LDAP bind failed due to wrong password.
Account has logon hours restrictions.
Account has workstation restrictions.
The password has expired.
The user account is disabled.
Account has reached its expiration date.
Password must change at next logon.
The account is locked out.
Wrong password supplied during Kerberos pre-authentication.
The time difference between client and DC exceeds 5 minutes.
The client principal does not exist in the KDC database.
The ticket integrity check failed — wrong key used to encrypt service ticket.