On a Windows Server 2008-based computer, you perform replication among Active Directory Lightweight Directory Services (AD LDS) instances. When you do this, the replication process may fail.
This problem may occur if you change the service accounts of two or more AD LDS instances at the same time in the same configuration context. These AD LDS instances may encounter issues when these AD LDS instances authorize one another for replication. These issues occur because the permissions of the new service accounts are not set appropriately in all the AD LDS instances.
For example, AD LDS instance 1 is running under service account A, and AD LDS instance 2 is running under service account B. If you change the service account of AD LDS instance 1 from service account A to service account X, AD LDS instance 2 updates the permissions for service account X. Then, AD LDS instance 2 authorizes AD LDS instance 1 when the replication starts. However, if you change the service account of AD LDS instance 2 from service account B to service account Y before the replication starts, AD LDS instance 1 and AD LDS instance 2 cannot authorize one another. This behavior occurs because the permissions of service account X and of service account Y are not updated.
To resolve this problem, do not change the service accounts of two or more AD LDS instances at the same time in the same configuration context.