Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Error message when you replicate an Active Directory-integrated zone from a Windows Server 2003-based domain controller: "The zone cannot be replicated to all DNS servers in the (null) Active Directory domain"

Error message when you replicate an Active Directory-integrated zone from a Windows Server 2003-based domain controller: "The zone cannot be replicated to all DNS servers in the (null) Active Directory domain"

View products that this article applies to.

Symptoms

You create a new Domain Name System (DNS) zone, or you replicate an Active Directory directory service-integrated DNS zone from a Microsoft Windows Server 2003-based domain controller. After you do this, you may receive an error message that resembles the following:
The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application does not exist. Only Enterprise administrators have the appropriate permissions to create an application directory partition. To store this zone in a domain container until the partition is created, close this message, and then replicate to all domain controllers in the active directory domain option.

↑ Back to the top

Cause

This issue may occur if Active Directory replication fails. Active Directory replication may fail because of a DNS lookup failure or because the security channel is broken.

If you verify Active Directory replication by using the Active Directory sites and Services Microsoft Management Console (MMC) snap-in, you may receive one of the following error messages:

Error message 1
Target Principal Name is incorrect
Error message 2
DNS lookup failure
When you reset the security channel, you may receive an error message that resembles the following:
Target Principal Account name is incorrect

↑ Back to the top

Resolution

To resolve this issue, follow these steps:
  1. Change the DNS server to another DNS server that is available in the domain. To do this, follow these steps:
    1. Right-click My Network Places, and then click Properties.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Internet Protocol (TCP/IP), and then click Properties.
    4. Type the IP address of any other DNS server in the Preferred DNS server box, and then click OK two times.
    5. Click Close to close the Local Area Connection Status dialog box.
  2. Disable the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Disabled, click Stop, click Apply, and then click OK.
    4. Close the Services MMC snap-in.
  3. Restart the domain controller.
  4. Start the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.
    4. Close the Services MMC snap-in.

↑ Back to the top

Keywords: KB938459, kbprb, kbexpertiseadvanced, kbtshoot, kberrmsg

↑ Back to the top

Article Info
Article ID : 938459
Revision : 3
Created on : 7/6/2007
Published on : 7/6/2007
Exists online : False
Views : 1097