Event ID 1411 pe Domain Controllere

Weekendul asta am reinstalat cateva domain controllere si am dat devent-ul din titlu (1411 de la DS RPC Client).

Event Type: Error
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 1411
Date: Date
Time: Time
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ComputerName
Description:
Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.
Domain controller:
Server_GUID._msdcs.DnsForestName
The call was denied. Communication with this domain controller might be affected.
Additional Data
Error value:
8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Dupa ce m-am documentat mi-am dat seama ca nu e nimic grav. http://support.microsoft.com/kb/938704
Unul din serverele vechi ramasese scris in atributul repsTo si se pare ca e nevoie de ceva timp ca KCC-ul sa il scoata automat de acolo. Nici nu am mai aplicat workaroundul din KB, ci am asteptat pana azi ca KCC-ul sa-si faca treaba. Si si-a facut-o.

De mentionat ca atributele repsTo si repsFrom sunt stocate la nivel de partitie AD, insa ATENTIE, valorile atributelor sunt stocate la nivel de DC – adica nu sunt replicate. In felul acesta, in functie de ce DC interoghezi, e posibil sa vezi valori diferite pentru aceste atribute.