DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 938459 - Last Review: July 6, 2007 - Revision: 1.2

SYMPTOMS

You create a new Domain Name System (DNS) zone, or you replicate an Active Directory directory service-integrated DNS zone from a Microsoft Windows Server 2003-based domain controller. After you do this, you may receive an error message that resembles the following:
The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application does not exist. Only Enterprise administrators have the appropriate permissions to create an application directory partition. To store this zone in a domain container until the partition is created, close this message, and then replicate to all domain controllers in the active directory domain option.

CAUSE

This issue may occur if Active Directory replication fails. Active Directory replication may fail because of a DNS lookup failure or because the security channel is broken.

If you verify Active Directory replication by using the Active Directory sites and Services Microsoft Management Console (MMC) snap-in, you may receive one of the following error messages:

Error message 1
Target Principal Name is incorrect
Error message 2
DNS lookup failure
When you reset the security channel, you may receive an error message that resembles the following:
Target Principal Account name is incorrect

RESOLUTION

To resolve this issue, follow these steps:
  1. Change the DNS server to another DNS server that is available in the domain. To do this, follow these steps:
    1. Right-click My Network Places, and then click Properties.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Internet Protocol (TCP/IP), and then click Properties.
    4. Type the IP address of any other DNS server in the Preferred DNS server box, and then click OK two times.
    5. Click Close to close the Local Area Connection Status dialog box.
  2. Disable the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Disabled, click Stop, click Apply, and then click OK.
    4. Close the Services MMC snap-in.
  3. Restart the domain controller.
  4. Start the Kerberos Key Distribution Center service. To do this, follow these steps:
    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. In the list of services, double-click Kerberos Key Distribution Center.
    3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.
    4. Close the Services MMC snap-in.

APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
Keywords: 
kberrmsg kbtshoot kbexpertiseadvanced kbprb KB938459
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support