Active Directory – Resetting secure channel.

Error:  Target principle name incorrect.

Resolution : Reset Machine Account Passwords :

Example: local computer (which happens to be a domain controller) is Server1, Peer Windows domain controller name is Server2.

If you run Netdom on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers:

Syntax: netdom resetpwd /server:server_name /userd:mydomain\administrator /passwordd:*

Where server_name is the name of the server that is the PDC Emulator operations master role holder.

 Note: This method only works for DC. If it’s member server, we have to disjoin and rejoin domain.

• Install the Windows Support Tools from the Support\Tools folder on the Windows CD-ROM on the domain controller whose password you want to reset.

• If you are attempting to reset the password for a Windows domain controller, it is necessary to stop the Kerberos Key Distribution Center service, Also The KDC must be disabled on the Server that has the problem.

• Stop the Key Distribution Center (KDC) service on Server1. To do so, open a Command Prompt, type net stop KDC, and press Enter.

• Load Kerbtray.exe. You can do so by clicking Start, clicking Run, and then typing c:\program files\resource kit\kerbtray.exe and pressing Enter. You should see a little green ticket icon in your system tray in the lower right corner of your desktop.

• Purge the ticket cache on Server1, right-click the green ticket icon in your system tray, and then click Purge Tickets. You should receive a confirmation that your ticket cache was purged. Click OK.

• Open cmd type: netdom /resetpwd /server:server2 /\administrator /passwordd:xxxxx, and then press Enter.

• Restart the server whose password was changed (in this example, Server1).

• Synchronize the domain. To do so, open a command prompt, type repadmin /syncall, and then press Enter.

• Start the KDC service on Server1. To do so, open a command prompt, type net start KDC, and press Enter. This completes the process, and the domain controllers should be replicating success-fuly now

Required resources:
Resource kit-
Support Tool-


3 thoughts on “Active Directory – Resetting secure channel.

  1. clit

    all the time i used to read smaller articles or reviews which as well
    clear their motive, and that is also happening with this piece of writing which I am reading here.


    Thanks for a marvelous posting! I definitely enjoyed reading
    it, you can be a great author. I will be sure to bookmark your blog and will eventually come back later on.
    I want to encourage that you continue your great job, have a nice weekend!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s