Consider the following scenario:
"Invalid serverReference found for: LDAP://CN=NTDS Settings,CN=DomainController1,CN=Servers,CN=Site-Name,CN=Configuration,DC=Domain,DC=COM"
Subsequently, if this problem arose after some time of working normally, the Domain Controller Agents which are trying to connect produce the following warning in the Coordinator log and cannot connect to submit events waiting:
"Request for principal permission failed"
Ensure the Coordinator computer account has read permissions to the 'Domain Controllers' OU.
Alternatively, the Coordinator can be run under a service account (not recommended) instead of Local System (default). If the Coordinator service is to run under user context, the 'NPRepository4' Service Principal Name (SPN) must be moved from the computer account to the user account specified to run the service to maintain Agent authentication.
Additional information on how to move the Change Auditor SPN can be found here:
How to move the Service Principal Name (SPN) from Computer Object to a Domain User
Ensure the following ports are open from the Change Auditor Coordinator computer to one of the Domain Controllers in the non-working Domain: