Feb 10 2018 09:26 AM
Hi,
so we've got 3 VMs. A domain controller and 2 ADFS servers in Azure. For unknown reasons, the trust relationship failed between the two ADFS servers and the domain. I therefore cannot logon to both using a domain user. Also, if I try to login using a local account, I get the "requires network level authentication (nlm), but domain controller cannot be contacted" error. Network seems to be fine I can ping, remote desktop and whatever protocol between all 3 servers. They are in the same subnet. So.. what happened here and how can gain back access to the machines?
Regards
Björn
Feb 10 2018 10:55 AM
Feb 10 2018 01:34 PM
Hi Kent,
Yes, the DC is the primary name server for the Vnet and therefore the primary server for both of the failed VMs. We extended our domain to Azure so the DC is an additional DC to a single domain in a single forest. The configuration has been working fine so far for months. NSG rules are standard as far as I can tell. All traffic is permitted within the Vnet and there is an additional rule to allow inbound traffic from our Web Application Proxies. I attached a screenshot for reference. The DC does not have a NSG set.
Feb 10 2018 03:54 PM
SolutionFeb 12 2018 06:11 AM
We double checked all the settings and services and weren't able to identify any issues. However, after restarting the domain controller in Azure and then restarting both ADFS machines, we were able to login via RDP and a local admin account. To me it seems like some service on the domain controller did not work as intended. Unfortunately we were not able to track this down any further.
Feb 12 2018 06:18 AM
Feb 10 2018 03:54 PM
Solution