Forum Discussion
Steinkirchner
Apr 25, 2022Copper Contributor
Domain authentication issue
We are a small single-domain company. We've had one WinSvr2012 domain controller for years. Recently we added 2 Server 2019 DCs with the objective of demoting and decommissioning the 2012 DC. The 3 DCs seem to play nice together and correctly replicate new users, groups and computers. However, when we shutdown the 2012 DC, domain authentication is lost. Primary/secondary DCs are ancient history so how can this be? We did disable/remove the DNS role on the 2012 DC, so only our 2019 DCs are DNS.
- Any progress?
- SteinkirchnerCopper Contributor
No progress. Thanks for asking though. The two main issues currently are:
- SYSVOL is not synchronizing
- Netlogon still fails
I think the root cause is still DNS but I'm stumped as to how to proceed.
- What ip's do you use in your DHCP configuration for your clients? The ip's that point to your two new DC's?
- SteinkirchnerCopper ContributorOur DHCP is 192.168.0.98. 2012 DC is 192.168.0.100. 2019/new DCs are 192.68.0.99 and .102.
- Ok, my question was.. What DNS servers do your clients get assigned from your DHCP server? If you run a "ipconfig /all" on a client which can't authenticate to the domain.. What is the primary and secondary dns server, 192.168.0.99 and 192.168.0.102 or? These options are set in your DHCP, perhaps not changed?
Other than that, if you run "netdom query FSMO" Are all the FSMO roles present on one or both of the new DC's?