Error AtlasError Documentation and Resolution
Back to search

Active Directory Replication

Active Directory replication failed because the target principal name is incorrect

The target principal name is incorrect.

Active Directory replication failed because Kerberos authentication between domain controllers could not validate the expected service principal name.

-2146893022authentication

Observed message

The target principal name is incorrect.

Why it happens

  • The secure channel or machine-account password between domain controllers is out of sync.
  • Kerberos SPN or ticket data does not match the target controller correctly.
  • The destination controller received an invalid service ticket for the source controller.

How to fix it

  1. Check the secure channel and machine-account password state between the affected controllers.
  2. Review SPN registration and Kerberos ticket behavior on both domain controllers.
  3. Reset the secure channel or machine password if the controllers are out of sync.

Official reference

Active Directory replication error -2146893022

Related errors

8453Active Directory replication access was denied8589Active Directory replication failed because the DS could not derive an SPN5Active Directory replication failed with Access is denied1908Active Directory operation failed because it could not find the domain controller for the domain

Explore more

authenticationBrowse more authentication errors
Active Directory replication error target principal name is incorrect | Error Atlas