Forum Discussion

A-CAST's avatar
A-CAST
Brass Contributor
Sep 14, 2021
Solved

SSPI handshake failed with error code 0x80090311

The full error I'm getting: SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurit...
Active Directory
Windows Server
A-CAST's avatar
A-CAST
Brass Contributor
Sep 14, 2021
One more thing...all DC's are GC enabled, but only one DC has all the FSMO roles. So, we have our HQ site, Remote Office site, and AWS site. Only physical DC is located in Remote Office, the other two are virtual DC's. The one located at our office is the 2012 R2 DC with all the FSMO roles, so my plan was to keep domain functional level at 2012 R2 until I'm ready to replace this one in the future. For now, I just needed to replace the DC on AWS due to it being EOL (2008 R2).
Dave Patrick's avatar
Dave Patrick
MVP
Sep 14, 2021

2012 R2 DFL is fine and whether physical or virtual really doesn't matter.

 

 

 

  • A-CAST's avatar
    A-CAST
    Brass Contributor
    Sep 14, 2021
    After looking at the links you provided, I remembered I did use this same site for my FRS to DFRS migration and it completed successfully. I had to do this prior to adding my first 2019 DC.
    • Dave Patrick's avatar
      Dave Patrick
      MVP
      Sep 14, 2021

      Three right? Please run;

      Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
      repadmin /showrepl >C:\repl.txt
      ipconfig /all > C:\dc1.txt
      ipconfig /all > C:\dc2.txt
      ipconfig /all > C:\dc3.txt

      then put unzipped text files up on OneDrive and share a link.

       

      • A-CAST's avatar
        A-CAST
        Brass Contributor
        Sep 14, 2021

        Run these commands on each DC?  Also, these results will show 4 DC's since the 2008 R2 DC is currently running but it's the one that I want to eventually remove which will leave me with the other 3...thanks.

Resources