Forum Discussion

fernandomichels's avatar
fernandomichels
Copper Contributor
Oct 26, 2020

"The security database has not been started" after promote new DC

Hi,

I have two DC with W2K12 and W2K16. Recently, I've promoted a new server W2K19 as a domain controller.

All the process was successfully executed and after the first reboot, I can't do an interactive login.

I get the message "The user name or password is incorrect. Try again"

 

If I stop KDC service, I'm able to login to VM.


And when I try to change a user password, connected in this new DC, I get this message:

"Windows cannot complete the password change for <user> because: The security database has not been started"

 

I've checked DNS with DCDIAG, Replication with Ad Replication Status Tool.. everything seems to be ok

 

Someone could help me, please?

Active Directory
windows server

21 Replies

  • adriansheedy's avatar
    adriansheedy
    Copper Contributor
    Dec 09, 2020

    fernandomichels Hi Fernando.

     

    We have the same problem on a customer's domain. We went through weeks of support with MS to no avail. Did you sort it out?

      • adriansheedy's avatar
        adriansheedy
        Copper Contributor
        Sep 21, 2021

        MichaelMcClintock Sorry no I have no useful direction for you. MS Support was similarly unable to fix the issue. Their final recommendation was to rebuild from scratch. Grrrrr...

  • Dave Patrick's avatar
    Dave Patrick
    MVP
    Oct 26, 2020

    Please run;

    - Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
    - repadmin /showrepl >C:\repl.txt
    - ipconfig /all > C:\dc1.txt
    - ipconfig /all > C:\dc2.txt
    - ipconfig /all > C:\dc3.txt



    then put **unzipped** text files up on OneDrive and share a link.

     

     

     

    • fernandomichels's avatar
      fernandomichels
      Copper Contributor
      Oct 27, 2020

      Hi Dave Patrick . I really appreciate any help.

       

      Log files are on: https://1drv.ms/u/s!Am8pbgsXRHYGiNxIIAqLPaNB7l64Zw?e=bgZEy1

       

      SRVASA-DC01 - Old DC W2K19

      SRVASA-DC03- Old DC W2K16

      SRVASA-DC04 - New DC WK19 with problems

      SRVASA-DC05 - it was another try, unsuccessful too. I already demoted it.

       

      I found this error messages in DCDIAG on DC04:

      SRVASA-DC03.isGlobalCatalogReady = 1 
Got error while checking if the DC is using FRS or DFSR. Error: 
The operation being requested was not performed because the user has not been authenticated.T 
he VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this 
error.

       

         Testing server: Matriz\SRVASA-DC01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         Failure Analysis: SRVASA-DC01 ... OK.
         * Active Directory RPC Services Check
         [SRVASA-DC01] DsBindWithSpnEx() failed with error 5,

         Access is denied..
         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... SRVASA-DC01 failed test Connectivity

Testing server: Filial\SRVASA-DC03

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         Failure Analysis: SRVASA-DC03 ... OK.
         * Active Directory RPC Services Check
         [SRVASA-DC03] DsBindWithSpnEx() failed with error 5,

         Access is denied..
         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... SRVASA-DC03 failed test Connectivity

       There is no firewall enabled on both servers.

Resources