question

MatteoPicchetti-0571 avatar image
0 Votes"
MatteoPicchetti-0571 asked FanFan-MSFT commented

Error KDC Kerberos domain controller replication

i'm facing issue while launch command repadmin /syncall, the 2 DC's report the following error:

CALLBACK MESSAGE: Error issuing replication: -2146892990 (0x80090342): The encryption type requested is not supported by the KDC.

I've already tried to restart Kerberos Key Distribution Center service Modify Local Policies - Network security: Configure encryption types allowed for Kerberos with RD4_HMAC_MD5 - AES128_HMAC_SHA1 - AES256_HMAC_SHA1 - Future encryption types

for all the DC's and also tried forcing it via GPO.

Tried to enable support Kerberos encryption 128bit and 256bit on the users account

Of course restarting the 2 DC's

Bust no one of the listed operations solved my issue. Can you please help me with this? i finished the reasearches in Google for this issue.... Thanks a lot in advance M.

windows-serverwindows-active-directory
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image FanFan-MSFT ·

Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
 
Best Regards,

0 Votes 0 ·
MatteoPicchetti-0571 avatar image MatteoPicchetti-0571 FanFan-MSFT ·

Hi,
unfortunately, i've tried all the suggested steps, but no one solve the issue....

0 Votes 0 ·
FanFan-MSFT avatar image FanFan-MSFT MatteoPicchetti-0571 ·

Hi,
I am sorry that this issue still hasn't been resolved.
Since more logs need to be checked , I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:
https://support.microsoft.com/en-in/hub/4343728/support-for-business

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Following method for your reference:
Stop the KDC service on the destination domain controller. To do it, run the following command at a command prompt:
net stop KDC
Start replication on the destination domain controller from the source domain controller. Use AD Sites and Services or Repadmin.
Repadmin replicate destinationDC sourceDC DN_of_Domain_NC
For example, if replication is failing on ContosoDC2.contoso.com, run the following command on ContosoDC1.contoso.com:
Repadmin replicate ContosoDC2.contoso.com ContosoDC1.contoso.com "DC=contoso,DC=com"
Start the Kerberos KDC service on the destination domain controller by running the following command:
net start KDC
2,If it can't solve the issue, try to :
Reset the computer account password of the source domain controller.
3,If still can't solve the issue, try to use the tool :Network Monitor to check more error details when sync the replication.
Best Regards,

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.