I am having a hard time Replicating a site in AD. It gives me an "Access Denied" error when I run Replmon. I also did a DCDIAG test and got these results. The site is called Woburn. Any insight would be huge.
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Horsham\HQDC01
Starting test: Connectivity
......................... HQDC01 passed test Connectivity

Doing primary tests

Testing server: Horsham\HQDC01
Starting test: Replications
[Replications Check,HQDC01] A recent replication attempt failed:
From AURORA to HQDC01
Naming Context: DC=ForestDnsZones,DC=CORPORATE,DC=LOCAL
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2005-10-03 12:45:58.
The last success occurred at 2005-09-23 04:45:48.
496 failures have occurred since the last success.
[Replications Check,HQDC01] A recent replication attempt failed:
From AURORA to HQDC01
Naming Context: DC=DomainDnsZones,DC=CORPORATE,DC=LOCAL
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2005-10-03 12:45:58.
The last success occurred at 2005-09-23 04:45:48.
496 failures have occurred since the last success.
[Replications Check,HQDC01] A recent replication attempt failed:
From AURORA to HQDC01
Naming Context: CN=Schema,CN=Configuration,DC=CORPORATE,DC=LOCAL
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2005-10-03 12:46:47.
The last success occurred at 2005-09-23 04:45:46.
496 failures have occurred since the last success.
^C
C:\Program Files\Support Tools>dcdiag /test:securityerror
Test not found. Please re-enter a valid test name.

C:\Program Files\Support Tools>dcdiag /test:checksecurityerror

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Horsham\HQDC01
Starting test: Connectivity
......................... HQDC01 passed test Connectivity

Doing primary tests

Testing server: Horsham\HQDC01
Starting test: CheckSecurityError
Source DC AURORA has possible security error (1722). Diagnosing...
No KDC found for domain CORPORATE.LOCAL in site AURORA (1355, NUL
L)
[AURORA] Unable to contact this DC. Cannot continue diagnosing e
rrors with this DC.
[LINDENWOLD] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Ignoring DC LINDENWOLD in the convergence test of object CN=HQDC01,OU=D
omain Controllers,DC=CORPORATE,DC=LOCAL, because we cannot connect!
[AURORA] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Ignoring DC AURORA in the convergence test of object CN=HQDC01,OU=Domai
n Controllers,DC=CORPORATE,DC=LOCAL, because we cannot connect!
Authoritative attribute dBCSPwd on HQDC02 (writeable)
usnLocalChange = 14581070
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810650
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 15
Out-of-date attribute dBCSPwd on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944195
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 14
Authoritative attribute lmPwdHistory on MAITLAND (writeable)
usnLocalChange = 7682906
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810650
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 15
Out-of-date attribute lmPwdHistory on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944195
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 14
Authoritative attribute ntPwdHistory on HAVERHILL (writeable)
usnLocalChange = 120475
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810650
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 15
Out-of-date attribute ntPwdHistory on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944195
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 14
Authoritative attribute pwdLastSet on WELLESLEY (writeable)
usnLocalChange = 2486866
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810650
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 15
Out-of-date attribute pwdLastSet on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944195
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 14
Authoritative attribute supplementalCredentials on PORTSMOUTH (write
able)
usnLocalChange = 8326916
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810651
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 14
Out-of-date attribute supplementalCredentials on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944196
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 13
Authoritative attribute unicodePwd on HOWELL (writeable)
usnLocalChange = 487272
LastOriginatingDsa = HQDC01
usnOriginatingChange = 51810650
timeLastOriginatingChange = 2005-09-28 23:32:51
VersionLastOriginatingChange = 15
Out-of-date attribute unicodePwd on WOBURN (writeable)
usnLocalChange = 11154431
LastOriginatingDsa = HQDC01
usnOriginatingChange = 49944195
timeLastOriginatingChange = 2005-08-29 16:32:50
VersionLastOriginatingChange = 14
Unable to verify the convergence of this machine account (CN=HQDC01,OU=
Domain Controllers,DC=CORPORATE,DC=LOCAL) on this domain (DC=CORPORATE,DC=LOCAL)
. Does the machine account password need reseting?
......................... HQDC01 failed test CheckSecurityError

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : CORPORATE

Running enterprise tests on : CORPORATE.LOCAL

Ty,
Tommy

Try to ping from your "failing" DC to the one that has the "PDC-role" (usually the first DC in your AD has this role). Make sure you can ping it using the DNS name and not just the IP address.

What kind of connectivity do you have between the sites? Make sure no firewalls are blocking traffic that they shouldn't

I can ping fine and it is a VPN tunnel. I have many sites setup like this but this is the only one giving me trouble. In my post it says Out-of-date passwords. I think this relivant. I ran replmon and got an error from this site saying access denied.

How long ago was it since the last successful replication? I think AD has a limit of like 60 days before something like this happens...

It looks like that is about right 60 days. I just dont know how to fix it.

Maybe this is an option:

configure a new DC in your central site, let it replicate and then move it (physically too) to the failing site. Set that server as bridgehead. Then you can safely demote and promote back the failing server.

You must reset security channel.
First disable Kerberos KDC and restart DC.Then use
netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password
wait 10 mins and check replication.It must be OK.Then enable Kerberos KDC and restart dc.That's all