Apr 25 2022 11:26 AM
We are a small single-domain company. We've had one WinSvr2012 domain controller for years. Recently we added 2 Server 2019 DCs with the objective of demoting and decommissioning the 2012 DC. The 3 DCs seem to play nice together and correctly replicate new users, groups and computers. However, when we shutdown the 2012 DC, domain authentication is lost. Primary/secondary DCs are ancient history so how can this be? We did disable/remove the DNS role on the 2012 DC, so only our 2019 DCs are DNS.
Apr 29 2022 05:59 AM
May 02 2022 06:35 AM
No progress. Thanks for asking though. The two main issues currently are:
I think the root cause is still DNS but I'm stumped as to how to proceed.
May 03 2022 10:20 AM
All of the DNS tests pass. However, there is still no SYSVOL replication, and as a result, the SystemLog test fails. This is the dcdiag output concerning SYSVOL: The DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Error: 1726 (The remote procedure call failed).
The netlogon test also fails: Unable to connect to the NETLOGON share! (\\DC3\netlogon), An net use or LsaPolicy operation failed with error 67, The network name cannot be found. This is because there is no netlogon share, and I don't know how to force creation of it.
May 03 2022 10:36 AM