Forum Discussion
Domain authentication issue
We are a small single-domain company. We've had one WinSvr2012 domain controller for years. Recently we added 2 Server 2019 DCs with the objective of demoting and decommissioning the 2012 DC. The ...
Timeserver should he configured to a domain controller which syncs it time to the internet or a hardware ntp. Are there time differences on the domain controllers?
Could you post a screenshot of the GC reference?
Could you post a screenshot of the GC reference?
No time differences between the DCs.
The GC reference is shown in the DCdiag output:
Starting test: LocatorCheck
GC Name: \\DC1.<domain>
The GC reference is shown in the DCdiag output:
Starting test: LocatorCheck
GC Name: \\DC1.<domain>
- Ok, no SYSVOL is something that will prevent a DC from advertising itself.. Hope this will get things running!
- The next step is to resolve the failed test NetLogons. From DCDiag output:
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\DC2\netlogon)
[DC2] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... DC2 failed test NetLogons My new DCs now pass the Advertising test. They did not have SYSVOL shares. I followed the instructions at the link below to set a registry entry to generate the missing shares.
https://social.technet.microsoft.com/Forums/en-US/3d76a999-cfdc-4eff-b2ab-2fb697e8d7ee/2016-sysvol-and-netlogon-shares-missing-from-new-domain-controllers-added-to-2012-and-below?forum=ws2016
- I think the next issue to resolve is the advertising test failure. From DCdiag output:
Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.<domain>, when we were trying to reach
DC2.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC2 failed test Advertising - Yes, DC1 is still online. All 3 of the DCs show the same output from netdom query fsmo.
- Ok, but DC1 is still there.. You did move all the FSMO roles, all domain controllers do see this change? If you run "netdom query fsmo" on all DC's indivually, they do see the same output?