cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Domain authentication issue

Steinkirchner
Copper Contributor

‎Apr 25 2022 11:26 AM

‎Apr 25 2022 11:26 AM

Domain authentication issue

We are a small single-domain company.  We've had one WinSvr2012 domain controller for years.  Recently we added 2 Server 2019 DCs with the objective of demoting and decommissioning the 2012 DC.  The 3 DCs seem to play nice together and correctly replicate new users, groups and computers.  However, when we shutdown the 2012 DC, domain authentication is lost.  Primary/secondary DCs are ancient history so how can this be?  We did disable/remove the DNS role on the 2012 DC, so only our 2019 DCs are DNS.

Labels:
4,326 Views
0 Likes
26 Replies
Reply
26 Replies
Harm_Veenstra

‎Apr 29 2022 05:59 AM

‎Apr 29 2022 05:59 AM

Re: Domain authentication issue

Ok, no SYSVOL is something that will prevent a DC from advertising itself.. Hope this will get things running!
0 Likes
Reply
Harm_Veenstra

‎May 01 2022 03:28 AM

‎May 01 2022 03:28 AM

Re: Domain authentication issue

Any progress?
0 Likes
Reply
Steinkirchner

‎May 02 2022 06:35 AM

‎May 02 2022 06:35 AM

Re: Domain authentication issue

@Harm_Veenstra 

No progress. Thanks for asking though. The two main issues currently are:

  1. SYSVOL is not synchronizing
  2. Netlogon still fails

I think the root cause is still DNS but I'm stumped as to how to proceed.

0 Likes
Reply
Steinkirchner

‎May 03 2022 10:20 AM

‎May 03 2022 10:20 AM

Re: Domain authentication issue

@Harm_Veenstra 

All of the DNS tests pass.  However, there is still no SYSVOL replication, and as a result, the SystemLog test fails.  This is the dcdiag output concerning SYSVOL:  The DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically.  Error: 1726 (The remote procedure call failed).

 

The netlogon test also fails:  Unable to connect to the NETLOGON share! (\\DC3\netlogon), An net use or LsaPolicy operation failed with error 67, The network name cannot be found.  This is because there is no netlogon share, and I don't know how to force creation of it.

 

 

0 Likes
Reply
Harm_Veenstra

‎May 03 2022 10:36 AM

‎May 03 2022 10:36 AM

Re: Domain authentication issue

Do you have the Windows Firewall Running on DC1 (Or on all DC's) Perhaps you can, temporarily, disable the Domain Profile and see what happens? All DC's do have toe Domain Profile active, not Public?
0 Likes
Reply
Harm_Veenstra

‎May 14 2022 03:19 AM

‎May 14 2022 03:19 AM

Re: Domain authentication issue

Did you manage to fix your issue?
0 Likes
Reply