Event ID - 1645

Event Id1645
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionAD_TERM did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN. Destination directory server:%1 SPN:%2 User Action Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated.
Event InformationAccording to Microsoft :
Cause :
This event is logged when AD_TERM did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.
Resolution :
Wait for the SPNs to be updated
This problem is most likely caused by a recent status change in a domain controller, such as a recent promotion. Another possibility is that a domain controller has a transient link error. Both of these situations should resolve themselves automatically in approximately 15 minutes. If the event appears after another 15 minutes, check the Service Principal Names (SPNs) on the domain controller that is reporting the event.
Perform the following procedure on the domain controllers that are hosting the partition that cannot be replicated.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To ensure that the SPNs are updated:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command setspn -l hostname, where hostname is the actual host name of the domain controller. This command displays the SPNs that the domain controller has registered.
  3. Ensure that the domain name in each SPN listing is correct.
  4. If the SPNs are not correct, run the command repadmin /syncall domainname, where domainname is the name of the domain of the domain controller.
  5. Wait 15 minutes, and then run the setspn -l hostname command again and review the registered SPNs.
If the SPNs not corrected automatically after the domain has fully replicated, correct the SPNs manually.
Verify :
Perform the following procedure using the domain controller from which you want to verify that Active Directory replication is functioning properly.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify that Active Directory replication is functioning properly:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command repadmin /showrepl.This command displays the status reports on all outbound replication links for the domain controller. Active Directory replication is functioning properly on that domain controller if all status messages report that the last replication attempt was successful.
If there are any indications of failure or error in the status report following the last replication attempt, Active Directory replication on the domain controller is not functioning properly. If the repadmin command reports that replication was delayed for a normal reason, wait and try repadmin again in a few minutes.
Reference LinksEvent ID 1645 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh