Simultaneously Promoting More than One Computer to a DC - 20 Dec 2007

We recently set up a new forest consisting of five domains on our test network, and we've run into some confusing problems. We can't log on to one domain by using an account from another domain. The directory service log is full of replication errors, event IDs 1645 (The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller), and event IDs 1265 (Replication failed with the following status: Logon Failure: The target account name is incorrect). I've searched TechNet for an explanation but have found no solution. Because the forest is on a test network, we can start over, but how do we avoid this problem in the future?

Evidently you used Dcpromo to simultaneously promote more than one computer to a domain controller (DC). Concurrent operations such as DC promotions and moving Flexible Single Master Operation (FSMO) roles from one DC to another creates contention on certain internal Active Directory (AD) objects and causes problems such as those you're experiencing. As a best practice, I recommend you limit DC promotions and similar changes to your AD infrastructure to one at a time.

CLASS="Byline">— Randy Franklin Smith