Active directory authentication problem

[enormousson]

We have 1 site, 2 domain controllers. The secondary domain controller cannot authenticate with the master domain controller and the two cannot replicate information, and we are suffering many computer-computer authentication issues.

using NLTest we find

nltest /server:<server1-pdc> /sc_query:<domain>
gives an error:
"I_Net:LogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED" when trying from server2-sdc (secondary domain controller)

nltest /server:<server2-sdc> /sc_query:<domain>
works fine when trying from server1-pdc (primary domain controller)

all ideas welcome
many thanks

 

[WhoKilledKenny]

Check the replication logs for errors. Post any errors here.

Check to make sure DCs times are in Sync.

Verify Computer account for DC2 in AD is active.

 

[enormousson]

Thanks for the advice.
The computer account for DC 2 seemed to be the problem as suggested. We purged its kerberos tickets and reset the computer account and the DCs are now talking to each other, so I think that is the majority of our problems solved!