Active Directory replication target principal name incorrect

active-directory windows-server-2008-r2 replication spn

You probably need to reset secure channel from the domain controller that is not the PDCE (CENTRAL, assuming the logs are correct and TERMINAL is the PDCE). See the following for the procedure:

Error Message "Target Principal Name is Incorrect" When Manually Replicating Data Between Domain Controllers
https://support.microsoft.com/en-us/kb/288167

On domain controllers that are experiencing this issue, disable the Kerberos Key Distribution Center service (KDC). To do so:

  • Click Start, point to Programs, click Administrative Tools, and then click Services.
  • Double-click KDC, set the startup type to Disabled, and then restart the computer.

After the computer restarts, use the Netdom utility to reset the secure channels between these domain controllers and the PDC Emulator operations master role holder. To do so, run the following command from the domain controllers other than the PDC Emulator operations master role holder: 

netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password

Where server_name is the name of the server that is the PDC Emulator operations master role holder.

Change the KDC service startup mode back to automatic and restart.

Related

Error with gunzip during logrotate
What does "shared mode" really mean on a ninth-generation and later Dell server DRAC?
Azure Web App Port Mapping/Forwarding
Should i use Firewalld or Iptables for Fail2ban in Centos 7?
Logstash with journald instead of rsyslog
controlling access while caching video content on-site on client's network
Prevent writing to unmounted sshfs mount point
Is it valid to have SPF records for a domain that is a CNAME?
Secure Graphite installation
How to configure Windows to trust a network share using a GPO?
start systemd service on start of requirement
How do I tell ESXi 5.5 to autostart virtual machines from ssh/CLI only?