Forum Discussion

fernandomichels's avatar
fernandomichels
Copper Contributor
Oct 26, 2020

"The security database has not been started" after promote new DC

Hi,

I have two DC with W2K12 and W2K16. Recently, I've promoted a new server W2K19 as a domain controller.

All the process was successfully executed and after the first reboot, I can't do an interactive login.

I get the message "The user name or password is incorrect. Try again"

 

If I stop KDC service, I'm able to login to VM.


And when I try to change a user password, connected in this new DC, I get this message:

"Windows cannot complete the password change for <user> because: The security database has not been started"

 

I've checked DNS with DCDIAG, Replication with Ad Replication Status Tool.. everything seems to be ok

 

Someone could help me, please?

  • adriansheedy's avatar
    adriansheedy
    Copper Contributor

    fernandomichels Hi Fernando.

     

    We have the same problem on a customer's domain. We went through weeks of support with MS to no avail. Did you sort it out?

      • adriansheedy's avatar
        adriansheedy
        Copper Contributor

        MichaelMcClintock Sorry no I have no useful direction for you. MS Support was similarly unable to fix the issue. Their final recommendation was to rebuild from scratch. Grrrrr...

  • Please run;

    - Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
    - repadmin /showrepl >C:\repl.txt
    - ipconfig /all > C:\dc1.txt
    - ipconfig /all > C:\dc2.txt
    - ipconfig /all > C:\dc3.txt



    then put **unzipped** text files up on OneDrive and share a link.

     

     

     

    • fernandomichels's avatar
      fernandomichels
      Copper Contributor

      Hi Dave Patrick . I really appreciate any help.

       

      Log files are on: https://1drv.ms/u/s!Am8pbgsXRHYGiNxIIAqLPaNB7l64Zw?e=bgZEy1

       

      SRVASA-DC01 - Old DC W2K19

      SRVASA-DC03- Old DC W2K16

      SRVASA-DC04 - New DC WK19 with problems

      SRVASA-DC05 - it was another try, unsuccessful too. I already demoted it.

       

      I found this error messages in DCDIAG on DC04:

      SRVASA-DC03.isGlobalCatalogReady = 1 
      Got error while checking if the DC is using FRS or DFSR. Error: 
      The operation being requested was not performed because the user has not been authenticated.T 
      he VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this 
      error.

       

         Testing server: Matriz\SRVASA-DC01
      
            Starting test: Connectivity
      
               * Active Directory LDAP Services Check
               Determining IP4 connectivity 
               Failure Analysis: SRVASA-DC01 ... OK.
               * Active Directory RPC Services Check
               [SRVASA-DC01] DsBindWithSpnEx() failed with error 5,
      
               Access is denied..
               Got error while checking LDAP and RPC connectivity. Please check your
      
               firewall settings.
      
               ......................... SRVASA-DC01 failed test Connectivity
      
      Testing server: Filial\SRVASA-DC03
      
            Starting test: Connectivity
      
               * Active Directory LDAP Services Check
               Determining IP4 connectivity 
               Failure Analysis: SRVASA-DC03 ... OK.
               * Active Directory RPC Services Check
               [SRVASA-DC03] DsBindWithSpnEx() failed with error 5,
      
               Access is denied..
               Got error while checking LDAP and RPC connectivity. Please check your
      
               firewall settings.
      
               ......................... SRVASA-DC03 failed test Connectivity

       There is no firewall enabled on both servers.

Resources