Forcing replication to a specific NIC

Similar Messages

• Configuring RDS to specific NIC Adapter + Avoid Office 2013 Volume Licensing

  Background: Small Company basically 1 User (me)... I've recently purchased a new server class computer and have downloaded and installed Windows Server 2012 R2 Essentials.  I have 2 routers, 1 for home use (192.168..) and other provided to me by the
  company I contract to (10.41..).  I have a 4 port independent NIC card.  I connect to a company configured VM through a Remote Desktop Connection.  I also need to run Lync 2013 on the Windows Server 2012 machine in order to communicate internally
  with other members of the company.
  My Understanding: In order to configure the remote desktop connection to my VM to use a specific NIC adapter I must first install the Remote desktop Session Host service.  Then I should be able to configure the RDP-TCP connection to use a specific NIC
  adapter.  However, when I install the Remote desktop Session Host Service and I try and run Lync 2013 I receive an message stating that because I'm running Remote Desktop Services on this server I need to purchase volume licensing for my Office 2013 product.
  Question: Is there a way for me to configure my Windows Server 2012 R2 environment so that I can first specify a specific NIC adapter to use during my RDP session into my VM and also allow me not to have to purchase volume licensing for the Office 2013 product.
  -=Duane=-

  Hi Duane,
  As per my research, if you have RDS license and CAL installed still you need to purchase Office licensing to use office product. Office Professional Plus 2013 and Office Standard 2013 are licensed on a per-device basis. Users can only remotely access a copy
  of Office Professional Plus 2013 or Office Standard 2013 running on a network server from a licensed device. Therefore, your windows need the latest Office suite license assigned to the device.
  For more information.
  1.  Licensing Office on Remote Desktop Services
  2.  Microsoft Office
  For Network Adapter, you can try PowerShell Command and rename your NIC specific to RDS so that you can identify that specific NIC is used by RDS for connection. For that you can do following things.
  List of Network Adapter: Get-NetAdapter 
  Rename Network Adapter: Rename-NetAdapter -Name "Wired Ethernet Connection 4" PublicInternet1
  Please find below snap and link for more information.
  1.  Using PowerShell for NIC Configuration Tasks
  2.  Use PowerShell to Configure the NIC on Windows Server 2012
  Hope it helps!
  Thanks.

• Statically assign xenbr0 (eth0) interface to one specific NIC

  Hi,
  I have multiple NICs on my Oracle VM server. Everytime it reboots, xenbr0 (eth0) will be dynamically assigned to one of the NICs card, depending on which one comes up first. My xenbr0 is assigned a public address. That means that I will not be able to connect to the server remotely if it is assigned to a different NIC. Can someone tell me how I can assign xenbr0 to one specific NIC statically?
  Regards,
  Ming
  Edited by: user2872557 on Sep 12, 2011 2:19 PM

  user2872557 wrote:
  I have multiple NICs on my Oracle VM server. Everytime it reboots, xenbr0 (eth0) will be dynamically assigned to one of the NICs card, depending on which one comes up first. My xenbr0 is assigned a public address. That means that I will not be able to connect to the server remotely if it is assigned to a different NIC. Can someone tell me how I can assign xenbr0 to one specific NIC statically?What version of Oracle VM are you talking about here? In Oracle VM 2.2, it automatically creates xenbrX bridges for each ethX device it finds. If this is changing, it means your NICs are changing on boot. You need to ensure that your ifcfg-ethX device configurations have HWADDR fields to fix them to a particular NIC.
  In Oracle VM 3.0, we do not create xenbrX bridges by default and this is all handled by the Manager.

• Network Bridging or forcing specific NICs

  So this is a challenging problem, which I have yet to find an answer.
  At work we have wired and wireless connections, the wired i use my laptop thru proxy to connect to RDC of a windows server, it also have very restricted internet access. The wireless connection does not need the proxy and I want to set up an internet browser to use the wireless while the RDC uses wired.
  Question is, is there any way to force a program firefox or safari to use one interface while others use the other interface. I have tried rearranging the order of service in networks but that just makes the wired services not work.

  Per application would probalby require a special proxy running local on the system.
  However, per destination is definitely possible.
  Set your box back up so that your wireless is the default path since if I understood you correctly, that sends you out direct and what you want for most things.
  Open Terminal (spotnight/terminal)
  run 'netstat -rn' and get the default gateway for your en0 interface (wired).
  add a static route for the proxy that you want to use only over Wired to that gateway.
  For instance, if the proxy was 5.4.3.2 and your next hop off en0 is 192.168.1.1, you would enter:
  sudo route -nv add -host 5.4.3.2 192.168.1.1

• Force font in a specific domain...

  I prefer a specific font across most sites.
  However, with 'Allow pages to use their own fonts...' unchecked, is it possible to force a single domain to use its'
  own fonts with css?

  You can specify the font with code in userContent.css.
  *http://kb.mozillazine.org/userContent.css
  *https://developer.mozilla.org/en/CSS/@document
  *https://developer.mozilla.org/Web/CSS/font-family
  *https://developer.mozilla.org/Web/CSS/font
  <pre><nowiki>@-moz-document domain(<enter domain>){
  html, body, body * { font-family: "<font name>" !important; }
  }</nowiki></pre>
  The customization files userChrome.css (user interface) and userContent.css (websites) are located in the <b>chrome</b> folder in the Firefox profile folder.
  *http://kb.mozillazine.org/Editing_configuration
  *Create the chrome folder (lowercase) in the <xxxxxxxx>.default profile folder if this folder doesn't exist
  *Use a plain text editor like Notepad to create a (new) userContent.css file in the chrome folder (file name is case sensitive)
  *Paste the code in the userContent.css file in the editor window
  *Make sure that you select "All files" and not "Text files" when you save the file via "Save file as" in the text editor as userContent.css.<br>Otherwise Windows may add a hidden .txt file extension and you end up with a not working userContent.css.txt file

• Force http traffic to specific interface

  Just setup a 2801 router. We have a Serial interface card on it connected to a T1 and eth1 connected to DSL. We want to force web traffic (http, https, ftp) to use the DSL connection. I tried a simple access-list to allow http to the DSL and deny to the T1, however it didn't seem to work. Then I noticed that in the SDM it has "default" rultes that always enable http. Do I need to disable the http server to get this access list to work or is there an easier way to force web traffic to a specific interface?
  Thanks in advance.

  I setup the route-map and access-list and applied it to FE 0/1 (DSL connection), however it still appears nothing is going through that interface. When I monitor it in the SDM, it shows 0% bandwidth usage.
  Just to double check I unplugged the DSL to see if web traffic stopped, but it was still going, I assume through the T1 at S 0/2/0.
  FE 0/0 goes to our fw, then to lan
  FE 0/1 goes to DSL
  S 0/2/0 goes to T1
  Here is my config:
  router#show run
  Building configuration...
  Current configuration : 4506 bytes
  ! Last configuration change at 10:29:45 MDT Fri Aug 4 2006 by admin
  ! NVRAM config last updated at 15:17:31 MDT Thu Aug 3 2006 by admin
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  boot-start-marker
  boot system flash c2801-ipbasek9-mz.124-8.bin
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  logging buffered 51200 debugging
  logging console critical
  enable secret 5 $1$EWDt$pvWzeNhilneb/EUJosxlv0
  no aaa new-model
  resource policy
  clock timezone MDT -7
  clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
  no ip source-route
  ip cef
  ip tcp synwait-time 10
  no ip bootp server
  ip name-server 198.60.22.2
  ip name-server 198.60.22.22
  username admin privilege 15 secret 5 $1$TF47$aa8RLf18isZxIwjOKfdmZ.
  interface FastEthernet0/0
  description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
  ip address 199.104.124.210 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip route-cache flow
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/1
  description $FW_OUTSIDE$$ETH-LAN$
  ip address 192.168.2.2 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip route-cache flow
  ip policy route-map toDSL
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/1/0
  interface FastEthernet0/1/1
  interface FastEthernet0/1/2
  interface FastEthernet0/1/3
  interface Serial0/2/0
  ip address 204.228.133.46 255.255.255.252
  interface Vlan1
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip flow egress
  ip route-cache flow
  ip route 0.0.0.0 0.0.0.0 204.228.133.45
  ip route 192.168.2.0 255.255.255.0 192.168.2.1
  no ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  logging trap debugging
  access-list 111 permit tcp any any eq www
  no cdp run
  route-map toDSL permit 1
  match ip address 111
  set ip next-hop 192.168.2.1
  control-plane
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  login local
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line vty 0 4
  exec-timeout 30 0
  privilege level 15
  login local
  transport input ssh
  transport output ssh
  line vty 5 15
  access-class 102 in
  privilege level 15
  login local
  transport input ssh
  scheduler allocate 20000 1000
  ntp clock-period 17178101
  ntp update-calendar
  ntp server 198.60.22.240 source Serial0/2/0
  end

• Force reauthentication in a specific time - ISE 1.2

  Hi, is possible force wireless client reauthentication? For example: between 8am to 5pm all wireless clients use  authorization policy A and from 5:01 pm to 11:00 pm use authorization policy B automatically

  I don't see how you can force a deauth at a certain time for just a certain group. I don't have a script that just runs without any type if interaction. Some have scripts that would ssh to the WLC and paste commands. I don't use that, so I could provide anything like that for you. Your best bet if this is not for webauth users is to set the session timer lower. When the session timer expires the devices have to perform a reauth. This might help you, but it will not be exactly at 5pm.
  Sent from Cisco Technical Support iPhone App

• Force mapping to a specific MAC address a multicast IP address in ARP cache table with netsh

  Hi all,
  I would like to know if there is any solution (netsh option, registry entry, whatever...) to force mapping a given MAC address to a multicast IP address (224.x.y.z) in my ARP cache table.
  I am doing the following:
  netsh.exe interface ip add neighbors "Ethernet" "224.224.xxx.yyy"
  "00-80-EE-UU-VV-WW"
  But the entry in the ARP table is substitued by the calculated multicast MAC@ corresponding to my multicast IP@ :
  netsh.exe interface ip show neighbors "Ethernet"
  Interface 12 : Ethernet
  Internet Address  
  Physical Address Type
  224.0.0.22 
  01-00-5e-XX-YY-ZZ 
  static
  224.224.yyy.zzz 
  01-00-5e-UU-VV-WW 
  static
  (For information, calculation of the Multicast MAC Address is described in RFC1112§6.4 -> The MAC@ equals 01-00-5e + the last 23 digits of the multicast MAC Address)
  My problem is that I'm not using an Ethernet network but an AFDX (used on Airbus A380, Boeing 787 Dreamliner, by the NASA...). This network topology is a deterministic Ethernet. The network must know accurately where each network packet is going. Thus...
  the multicast MAC@ cannot be accepted and packet destinated to that MAC@ are not going anywhere.
  So, I must match accurately my multicast IP@ to my MAC@ (00-80...).
  It used to work with Windows XP (which was not doing any "magical" MAC@ substitution on multicast IP@), but since Windows Vista, netsh is doing the substitution described above. Is there any way to disable this substitution or force my IP
  to MAC mapping in ARP table? And of course, I'm not using XP anymore ;)... but a tablet with Windows 8.1.
  Thanks for any help.
  Cheers,
  Olivier.

  Hi,
  The article you pointed me to is just an explanation of what I said in my original post : "Multicast MAC Address is described in RFC1112§6.4".
  But, as I said in my original post, this is true ONLY for Ethernet network. And I am NOT on an Ethernet network.
  So MAC address automatic calculation for my IP address done by Windows/netsh/arp is wrong in my case. The calculation Windows is doing is correct ONLY for Ethernet network. Since I am not on Ethernet, I don't want these calculations, and I'm looking for
  a solution to disable them.
  So, the underlying question is : "Is Microsoft/netsh/arp able to handle other network's type than Ethernet ?"
  Thanks,
  Olivier Dupré.

• How can I force continuity to a specific iPhone?

  I have 2 iPhones and I need the cell-call and FaceTime functions to use my personal phone (and not my work phone).  I couldn't find anything about specifically tying to a particular device.
  Thanks!

  On your work phone:  Settings > FaceTime and turn off iPhone Cellular Calls

• Force connection to a specific access point

  My apologies if this is too "wordy". My network consists of an Airport Extreme Dual Band as the main router and two Airport Express n's extending the 5Ghz network separately named basically for Directv Multi Room Viewing. The only n client that I have at the moment is an Apple TV and the majority of the time it is connecting to the 5Ghz network via the Airport Extreme. The wireless rates of the devices on the 5Ghz network range from 108 to 216. However, on occasion when I stream a video from a computer on the network, the video becomes unwatchable. I bring up the Airport Utility to the check wireless rates and the Apple TV is no longer connected to the Airport Extreme, but to one of the Airport Expresses and the rate has fallen to 12. Is there a method/procedure/setting to "force" the Apple TV to only connect to the Airport Extreme and never connect to one of the Airport Expresses? Many thanks.

  I've had more success not creating a separate name for the 5ghz so the client can determine which one is better.
  Interestingly, I have been messing wtih MRV from DirecTV using an extreme base also, and I find that 2.4ghz N works a lot better than the 5ghz N, even though the "rates" in airport utility are higher. The signal strength on my DTV bridge is higher with the 2.4ghz. YMMV, and I wonder if its related the the complaints of performance on the 5ghz band of these bases.

• How to force user to upload specific number of attachments?

  I have a form where users select checkboxes to attach a document.  I need to script that will compare the number of checkboxs selected with the number of attachments, and pop up an error message if these aren't the same.
  Suggestions?
  Thanks!

  Hi,
  Maybe something along the lines of;
  var selectedCheckboxesCount = Subform1.resolveNodes('#field.[ui.oneOfChild.className == "checkButton" and $ == 1]').length;
  var attachmentCount = event.target.dataObjects == null ? 0 : event.target.dataObjects.length;
  if (selectedCheckboxesCount != attachmentCount)
  app.alert("Something is missing")
  Line 1 assumes all your checkboxes are in a subform called Subform1 and that they have the default value for true (which is 1), you may need to change these two things.
  Regards
  Bruce

• How to force Oracle AS 10gR2 installer to use IP and hostname on 2nd NIC

  My target machine for Oracle AS 10gR2 10.1.2.0.2 has two NICs, for example:
  NIC1: 10.0.0.1 hostname1
  NIC2: 10.0.0.2 hostname2
  The hostname of this machine is hostname1
  Oracle AS installer will use hostname1, IP address 10.0.0.1 for installation by default. Does anyone know how can I force Oracle installer to use hostname2 and 10.0.0.2 for installation? Thank you.

  Were you able to force the installer to use a specific NIC interface when installing? I would like to have two mid tiers on the same box, each with a different host and IP.

• How to force database replication after CUCM upgrade

  Hello All, I will be doing an upgrade to version 10.5 from 8.5 of CUCM. I've done this before and as documented started with the publisher and then subscriber. When I have done this I always wait and check Database replication via RTMT and the CLI.
  I'm always nervous as this process seems to take a long time. Is this just a waiting game or is there a command that I can force replication to my subscribers? How long should this process really take? I never know....
  Thanks,
  Dan

  Dan,
  Use "utils dbreplication runtimestate" to check the replication status of your servers in the cluster. The servers should show connected to the publisher and a status of 2
  Or you can use unified reporting to generate report on db replication as follows.
  Check Database Replication:
  Access Publisher CUCM GUI
  Navigate to Cisco Unified Reporting
  Select System Reports
  Select Unified CM Database Status
  Generate New Report
  In the Unified CM Database Status section of the report, expand the View Details under the All servers have a good replication status and confirm a Replicate State for all servers of “2” as follows:

• Howto bind multicast listener to a specific network interface (NIC)?

  All of our cluster machines have 2 network interfaces. One of the requirements is that all cluster-related traffic has to use a specific interface, leaving the other open for all non-clustering network traffic.
  Thus, I've to bind the Coherence multicast listener to a specific interface.
  Unfortunately I did not find a setting for this in the Coherence configuration XML file.
  Is it possible to bind the multicast listener to a specific NIC, if yes, how can it be done?
  Thanks a lot!
  Best regards,
  Wolf

  Hi Wolf,
  it can be specified as part of the unicast-listener configuration within the operational configuration:
  http://coherence.oracle.com/display/COH34UG/unicast-listener
  You need to specify the address and the port elements.
  Alternatively, you can specify values for this as a Java property:
  -Dtangosol.coherence.localhost=nicaddress -Dtangosol.coherence.localport=unicastportwhere nicaddress is the ip address of the network card going to the network you would like to direct Coherence traffic to. Unicast port is the udp port on which Coherence will listen. By default it is 8088 (or automatically incremente in case the port is already bound).
  If your kernel is configured to use both ipv6 and ipv4 and you specified the ipv4 address of the network card then you might also need to specify:
  -Djava.net.preferIPv4Stack=trueThe multicast listener and publisher will send and receive on the interface used by the unicast listener.
  Best regards,
  Robert

• Active Directory replication and login errors (Plz HELP !!)

  Hi All,
  We have one forest domain (XXXX.LOCAL)and lots of child domains (XXX.XXXX.LOCAL).
  We are facing issue that child domains are not able to login with forest administrator account and there are also lots of replication errors.
  Exchange OWA gives error of not able to find particular XXX.XXX.local child domain.
  dcdiag from child domain is :
  C:\Windows\system32>
  C:\Windows\system32>nltest.exe /dsregdns
  Flags: 0
  Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully
  C:\Windows\system32>nltest.exe /dsregdns
  Flags: 0
  Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully
  C:\Windows\system32>
  C:\Windows\system32>dcdiag
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = PMA-DC01
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: HEC-CITY\PMA-DC01
        Starting test: Connectivity
           ......................... PMA-DC01 passed test Connectivity
  Doing primary tests
     Testing server: HEC-CITY\PMA-DC01
        Starting test: Advertising
           Warning: PMA-DC01 is not advertising as a time server.
           ......................... PMA-DC01 failed test Advertising
        Starting test: FrsEvent
           ......................... PMA-DC01 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems.
           ......................... PMA-DC01 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... PMA-DC01 passed test SysVolCheck
        Starting test: KccEvent
           ......................... PMA-DC01 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           [PMA-DC02] DsBindWithSpnEx() failed with error -2146893022,
           The target principal name is incorrect..
           Warning: PMA-DC02 is the PDC Owner, but is not responding to DS RPC
           Bind.
           [PMA-DC02] LDAP bind failed with error 8341,
           A directory service error has occurred..
           Warning: PMA-DC02 is the PDC Owner, but is not responding to LDAP
           Bind.
           Warning: PMA-DC02 is the Rid Owner, but is not responding to DS RPC
           Bind.
           Warning: PMA-DC02 is the Rid Owner, but is not responding to LDAP
           Bind.
           Warning: PMA-DC02 is the Infrastructure Update Owner, but is not
           responding to DS RPC Bind.
           Warning: PMA-DC02 is the Infrastructure Update Owner, but is not
           responding to LDAP Bind.
           ......................... PMA-DC01 failed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... PMA-DC01 passed test MachineAccount
        Starting test: NCSecDesc
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           Fatal Error: Cannot retrieve SID
           ......................... PMA-DC01 failed test NCSecDesc
        Starting test: NetLogons
           ......................... PMA-DC01 passed test NetLogons
        Starting test: ObjectsReplicated
           ......................... PMA-DC01 passed test ObjectsReplicated
        Starting test: Replications
           [Replications Check,Replications Check] Inbound replication is
           disabled.
           To correct, run "repadmin /options PMA-DC01 -DISABLE_INBOUND_REPL"
           [Replications Check,PMA-DC01] Outbound replication is disabled.
           To correct, run "repadmin /options PMA-DC01 -DISABLE_OUTBOUND_REPL"
           ......................... PMA-DC01 failed test Replications
        Starting test: RidManager
           ......................... PMA-DC01 failed test RidManager
        Starting test: Services
              w32time Service is stopped on [PMA-DC01]
           ......................... PMA-DC01 failed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0x00000010
              Time Generated: 04/21/2014   19:16:04
              Event String:
              Unable to Connect: Windows is unable to connect to the automatic upd
  ates service and therefore cannot download and install updates according to the
  set schedule. Windows will continue to try to establish a connection.
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:42
              Event String:
              The dynamic registration of the DNS record '_kerberos._tcp.dc._msdcs
  .PMA.XXXX.LOCAL. 600 IN SRV 0 100 88 PMA-DC01.PMA.XXXX.LOCAL.' failed on the fol
  lowing DNS server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kerberos._tcp.PMA.XXXX.
  LOCAL. 600 IN SRV 0 100 88 PMA-DC01.PMA.XXXX.LOCAL.' failed on the following DNS
   server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kerberos._tcp.HEC-LAHOR
  E._sites.PMA.XXXX.LOCAL. 600 IN SRV 0 100 88 PMA-DC01.PMA.XXXX.LOCAL.' failed on
   the following DNS server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kerberos._udp.PMA.XXXX.
  LOCAL. 600 IN SRV 0 100 88 PMA-DC01.PMA.XXXX.LOCAL.' failed on the following DNS
   server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kpasswd._tcp.PMA.XXXX.L
  OCAL. 600 IN SRV 0 100 464 PMA-DC01.PMA.XXXX.LOCAL.' failed on the following DNS
   server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kpasswd._udp.PMA.XXXX.L
  OCAL. 600 IN SRV 0 100 464 PMA-DC01.PMA.XXXX.LOCAL.' failed on the following DNS
   server:
           An error event occurred.  EventID: 0x0000168E
              Time Generated: 04/21/2014   19:44:43
              Event String:
              The dynamic registration of the DNS record '_kerberos._tcp.HEC-LAHOR
  E._sites.dc._msdcs.PMA.XXXX.LOCAL. 600 IN SRV 0 100 88 PMA-DC01.PMA.XXXX.LOCAL.'
   failed on the following DNS server:
           An error event occurred.  EventID: 0x00000C8A
              Time Generated: 04/21/2014   19:44:51
              Event String:
              This computer could not authenticate with \\LHR-DC01.XXXX.LOCAL, a W
  indows domain controller for domain XXXX, and therefore this computer might deny
   logon requests. This inability to authenticate might be caused by another compu
  ter on the same network using the same name or the password for this computer ac
  count is not recognized. If this message appears again, contact your system admi
  nistrator.
           An error event occurred.  EventID: 0xC00A0038
              Time Generated: 04/21/2014   19:46:02
              Event String:
              The Terminal Server security layer detected an error in the protocol
   stream and has disconnected the client. Client IP: 10.87.193.37.
           An error event occurred.  EventID: 0x40000004
              Time Generated: 04/21/2014   19:52:41
              Event String:
              The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
  rver pma-dc02$. The target name used was PMA\PMA-DC02$. This indicates that the
  target server failed to decrypt the ticket provided by the client. This can occu
  r when the target server principal name (SPN) is registered on an account other
  than the account the target service is using. Please ensure that the target SPN
  is registered on, and only registered on, the account used by the server. This e
  rror can also happen when the target service is using a different password for t
  he target service account than what the Kerberos Key Distribution Center (KDC) h
  as for the target service account. Please ensure that the service on the server
  and the KDC are both updated to use the current password. If the server name is
  not fully qualified, and the target domain (PMA.XXXX.LOCAL) is different from th
  e client domain (PMA.XXXX.LOCAL), check if there are identically named server ac
  counts in these two domains, or use the fully-qualified name to identify the ser
  ver.
           A warning event occurred.  EventID: 0x8000001C
              Time Generated: 04/21/2014   19:53:42
              Event String:
              When generating a cross realm referal from domain XXXX.LOCAL the KDC
   was not able to find the suitable key to verify the ticket. The ticket key vers
  ion in the request was 25 and the available key version was 22. This most common
   reason for this error is a delay in replicating the keys. In order to remove th
  is problem try forcing replication or wait for the replication of keys to occur.
           An error event occurred.  EventID: 0x40000004
              Time Generated: 04/21/2014   20:13:25
              Event String:
              The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
  rver pma-dc02$. The target name used was LDAP/4a166db9-c39c-4069-99e7-8a233ce2c0
  be._msdcs.XXXX.LOCAL. This indicates that the target server failed to decrypt th
  e ticket provided by the client. This can occur when the target server principal
   name (SPN) is registered on an account other than the account the target servic
  e is using. Please ensure that the target SPN is registered on, and only registe
  red on, the account used by the server. This error can also happen when the targ
  et service is using a different password for the target service account than wha
  t the Kerberos Key Distribution Center (KDC) has for the target service account.
   Please ensure that the service on the server and the KDC are both updated to us
  e the current password. If the server name is not fully qualified, and the targe
  t domain (PMA.XXXX.LOCAL) is different from the client domain (PMA.XXXX.LOCAL),
  check if there are identically named server accounts in these two domains, or us
  e the fully-qualified name to identify the server.
           An error event occurred.  EventID: 0x40000004
              Time Generated: 04/21/2014   20:13:25
              Event String:
              The Kerberos client received a KRB_AP_ERR_MODIFIED error from the se
  rver pma-dc02$. The target name used was ldap/pma-dc02.pma.XXXX.LOCAL. This indi
  cates that the target server failed to decrypt the ticket provided by the client
  . This can occur when the target server principal name (SPN) is registered on an
   account other than the account the target service is using. Please ensure that
  the target SPN is registered on, and only registered on, the account used by the
   server. This error can also happen when the target service is using a different
   password for the target service account than what the Kerberos Key Distribution
   Center (KDC) has for the target service account. Please ensure that the service
   on the server and the KDC are both updated to use the current password. If the
  server name is not fully qualified, and the target domain (PMA.XXXX.LOCAL) is di
  fferent from the client domain (PMA.XXXX.LOCAL), check if there are identically
  named server accounts in these two domains, or use the fully-qualified name to i
  dentify the server.
           ......................... PMA-DC01 failed test SystemLog
        Starting test: VerifyReferences
           ......................... PMA-DC01 passed test VerifyReferences
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : PMA
        Starting test: CheckSDRefDom
           ......................... PMA passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... PMA passed test CrossRefValidation
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running enterprise tests on : XXXX.LOCAL
        Starting test: LocatorCheck
           ......................... XXXX.LOCAL passed test LocatorCheck
        Starting test: Intersite
           ......................... XXXX.LOCAL passed test Intersite
  C:\Windows\system32>

  There are a number of things that can cause this, such as:
  DNS is misconfigured to support a parent-child-additional tree forest.
  Incorrect DNS zone replication scope for the design, which points back to the point #1.
  AD Sites are misconfigured for the physical environment. For example if you have a hub and spoke physical environment, you can't use the default settings that bridge all sites (BASL) and must individually configure them.
  Incorrect DNS settings on the DCs.
  Multi-homed DCs.
  Time service is not configured properly and/or syncing from the VM host, which should be configured otherwise (Microsoft, VMware and Citrix have KBs explaining this).
  Default security settings at either the parent, child or both domains, have been altered.
  Firewalls between DCs, such as perimeter firewalls, or installed antivirus protection features if not excluded on DCs properly, will cause this, too.
  That's the short list. If you can describe some of the points above, it may help us pinpoint where the issue may be.
  Some links that may help understand some of the bullet points:
  AD Site Design, DNS & the DC Locator Process, and Auto Site Link Bridging, or Bridge All Site Links (BASL)
  http://blogs.msmvps.com/acefekay/2013/02/24/ad-site-design-and-auto-site-link-bridging-or-bridge-all-site-links-basl/
  DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
  Published by Ace Fekay, MCT, MVP DS on Oct 1, 2010 at 12:22 PM
  http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
  Configuring the Windows Time Service for Windows 2000, 2003, 2008 and newer, explanation of the time service hierarchy, and more
  Published by Ace Fekay, MCT, MVP DS on Sep 18, 2009 at 8:14 PM  3050  1 
  http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.