Directory Service Event error: “Active Directory Failed to construct a mutual authentication service principal name (SPN)"

i’m in process of upgrading our single windows 2003 r2 active directory infrastructure windows server 2008 r2. have 10 domain controllers located @ various sites.

i have upgraded 6 of 10 dc’s windows server 2008 r2 no issues. need keep same name/ip’s i’ve been demoting windows 2003 dc, giving new name/ip , promoting new windows server 2008 r2 dc replacement old name/ip.

this morning noticed following event log on windows 2003 dc. dc reports error. appears report against dc upgraded windows server 2008 r2 yesterday.

if perform repadmin /replsum replication appears work correctly. can connect sysvol share on source , destination servers typing net view \\xyzdc.

is error message of concern?

it sounds kcc (istg) hasn't completed rebuilding of sites , services if has been more than a day rather puzzling.
http://support.microsoft.com/kb/938704

try running complete set of diagnostics , report on errors can't resolve.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx

--
paul bergson
mvp - directory services
mcitp: enterprise administrator
mcts, mct, mcse, mcsa, security+, bs csci
2008, vista, 2003, 2000 (early achiever), nt4
http://www.pbbergs.com    twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

please no e-mails, questions should posted in newsgroup. posting provided "as is" no warranties, , confers no rights.

Windows Server  >  Directory Services