Event Id | 1265 |
Source | NTDS Replication |
Description | The attempt to establish a replication link with parameters Partition: CN=Configuration,DC=MyDomain,DC=net Source DSA DN: CN=NTDS Settings,CN=MyServer,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=com Source DSA Address: 5e5abf03-e902-48e2-a326-41977dee176d._msdcs.MyDomain.com Inter-site Transport (if any): failed with the following status: Logon Failure: The target account name is incorrect. The record data is the status code. This operation will be retried. From attempting to synchronize replication partners through Active Directory Sites and Services, Active Directory Replication Monitor (REPLMON) or Repadmin.exe: Logon Failure: The target account name is incorrect. |
Event Information | According to Microsoft: cause: If this error is being reported for Active Directory replication between two domain controllers of different domains which have a parent/child or tree root trust relationship, this error may be due to an absent critical object that represents the trust relationship between the two domains. This object is known as a "trustedDomain" object (TDO) and is found in the System container in the Active Directory Users and Computers tool. This type of object directly relates to the trust relationships displayed in the Active Directory Domains and Trusts administrative tool. If this object is not present in the Active Directory, cross-domain authentication will not be able to succeed contributing to the errors described above. Resolution: This procedure should only be performed if the TDO for the remote domain is not present in the System container. 1. From the domain that is generating the error messages listed earlier in this article, open the Active Directory Domains and Trusts administrative tool on the domain controller that holds the PDC Flexible Single Master Operations (FSMO) role for the domain. Right-click the object that represents the domain, and then click Properties. 2. Click the Trusts tab, and then click Add to create both sides of the trust relationship to the remote domain. Because this would normally be a Kerberos trust, creating both sides of the trust is required. Creating the trusted side first generates the following error message: Active Directory cannot verify the trust. Access is denied. Click OK. Note that Active Directory Domains and Trusts displays the trust as type "Shortcut" and that it is transitive. Adding the trusting side generates the following message: To verify the new trust, you must have permissions to administer trusts for the domain XXX. Do you want to verify the new trust? Click Yes, and then supply the administrator credentials for the remote domain. Whenever |
Reference Links | event id: 1265 and source:NTDS Replication Event ID 1265 of Source NTDS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.