To resolve this issue, first determine which domain controller is the current primary domain controller (PDC) Emulator operations master role holder. To do this, use either of the following methods:
For additional information, click the article number below to view the article in the Microsoft Knowledge Base: 260575 How to Use Netdom.exe to Reset Machine Account Passwords After you reset the secure channel, restart the domain controllers. Even if you attempt to reset the secure channel using the Netdom utility, and the command does not complete successfully, proceed with the restart process.
If only the PDC Emulator operations master role holder is running, the KDC forces the other domain controllers to resynchronize with this computer, instead of issuing themselves a new Kerberos ticket.
After the computers have finished restarting, start the Services program, restart the KDC service, and then attempt replication again.