If propagating the Kerberos database fails, try /usr/bin/rlogin -x between the slave KDC and master KDC, and from the master KDC to the slave KDC server.
If the KDCs are secure by default, then the rlogin command is disabled and cannot be used to troubleshoot this problem. To enable rlogin on a KDC, you must enable the eklogin service.
# svcadm enable svc:/network/login:eklogin
After you finish troubleshooting the problem, disable the eklogin service.
# svcadm disable svc:/network/login:eklogin
If remote access does not work, problems are likely due to the keytab files on the KDCs. If remote access does work, the problem is not in the keytab file or the name service, because rlogin and the propagation software use the same host/host-name principal. In this case, make sure that the kpropd.acl file is correct.