From time to time when using the repadmin utility “repadmin /replsum” you may come across the following error
1396 logon failure: The target account name is incorrect.

To fix this issue I have followed this precedure.

Stop the KDC service and set the service to manual
Restart your server
Start the KDC Service and set the service back to automatic

Open a command prompt and run the following commands ( You should use a Domain Admins Account)

netdom resetpwd /server: (replication partner) /userd:\ /
passwordd:”enter password”

Once this has run you should see the following message.

The machine account password for the local machine has been successfully reset.

The command completed successfully.

Reboot your Server.

Finally use repadmin to check the issue has been resolved.

Repadmin /replsum to make sure the secure channel has been fixed

I hope this has helped, and thanks to Sean.

Problem.

When running a DCDIAG report on Windows 2003 Domain Controller which is in a child domain the following error is seen.

Resolution

The error is because DCDIAG is trying to connect to the PDC Emulator in the Parent Domain on port 389UDP. Ensure that any firewall between the root domain controllers and the child domain controllers allows traffic on this port

Problem:
Windows 2003 Domain Controller will not SYNC time correctly when set to NT5DS

Symptoms
If the following registry entries are set to NTP and the PDC Emulator hostname or IP Address respectively then Time synchronizes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

If the following registry entry is set to NT5DS then there are errors in the event logs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

It does not matter what this registry entry is set to because NT5DS means the server should sync time with the PDC Emulator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Errors in the event logs are along the lines of
Warning
The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

Error
The time provider NtpClient is configured to acquire time from one or more time sources; however; none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

Resolution
This is usually caused When you move the FSMO Role : PDC Emulator to a new Domain Controller you will see this error on the previous PDC Emulator.

• Log on to the previous PDC Emulator with admin privileges
• Open a Command Prompt
• Type : w32tm /config /syncfromflags:domhier /reliable:no /update
• Type : net stop time
• Type : net start time

This will set the time service to look to the domain hierarchy rather than itself for a reliable time providerA