Same certificate are being show on every remote server

%3CLINGO-SUB%20id%3D%22lingo-sub-1174731%22%20slang%3D%22en-US%22%3ESame%20certificate%20are%20being%20show%20on%20every%20remote%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1174731%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%202%20networks%20in%20our%20domain%20one%20is%20on%20192.168.1.0%2F24%20and%20other%20is%20on%20192.168.2.0%2F24%2C%20our%20domain%20controller%20and%20other%20related%20servers%20are%20on%20192.168.1.0%2F24%20network.%3C%2FP%3E%3CP%3EOur%20domain%20controller%20got%20crashed%20its%20IP%20was%20on%20192.168.1.17%20so%20I%20transferred%20the%20FSMO%20roles%20to%20additional%20domain%20controller%20and%20make%20it%20a%20domain%20controller.%3C%2FP%3E%3CP%3EI%20was%20able%20to%20connect%20to%20my%20every%20server%20through%20remote%20from%20both%20networks.%20I%20reinstalled%20the%20OS%20on%20crashed%20domain%20controller%20and%20make%20it%20an%20additional%20domain%20controller%20with%20same%20IP%20which%20i%20was%20using%20when%20it%20was%20a%20domain%20controller.%3C%2FP%3E%3CP%3EAfter%20that%2C%20I%20can%20connect%20to%20remote%20server%20through%20192.168.1.0%2F24%2C%20but%20from%20192.168.2.0%20network%20I%20wanted%20to%20connect%20to%20a%20specific%20remote%20that%20is%20192.168.1.20%20but%20I%20was%20not%20able%20to%20connect%20through%20its%20name.%20I%20used%20the%20IP%2C%20its%20prompt%20for%20username%20and%20password%20but%20on%20certificate%20section%20it%20shows%20the%20certificate%20of%20additional%20domain%20controller%20which%20I%20have%20created%20on%20same%20IP%20192.168.1.17%20recently.%20On%20every%20remote%20connect%20from%20192.168.2.0%2C%20the%20additional%20domain%20controller%20certificate%20is%20keep%20showing.%3C%2FP%3E%3CP%3EThe%20old%20domain%20controller%20has%20also%20AD%20CS%20installed%20in%20it%2C%20so%20I%20reinstalled%20the%20certificate%20services%20to%20new%20domain%20controller.%20After%20finding%20the%20issue%20I%20clear%20up%20the%20DNS%20entry%20that%20is%20related%20to%20old%20domain%20controller%20that%20was%20192.168.200.17.%3C%2FP%3E%3CP%3EI%20am%20still%20unable%20to%20connect%20to%20any%20remote%20server%20from%20192.168.2.0%2F24%20to%20192.168.1.0%2F24%20except%20the%20192.168.1.17.%20I%20was%20able%20to%20ping%20from%20one%20network%20to%20other%20network%20without%20an%20issue%2C%20file%20services%20are%20working%20fine%2C%20user%20are%20logging%20through%20the%20domain%20controller.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20assist%20me%20in%20this%20regard.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1174731%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1174828%22%20slang%3D%22en-US%22%3ERe%3A%20Same%20certificate%20are%20being%20show%20on%20every%20remote%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1174828%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%0A%3CP%3EI%20was%20able%20to%20connect%20to%20my%20every%20server%20through%20remote%20from%20both%20networks.%20I%20reinstalled%20the%20OS%20on%20crashed%20domain%20controller%20and%20make%20it%20an%20additional%20domain%20controller%20with%20same%20IP%20which%20i%20was%20using%20when%20it%20was%20a%20domain%20controller.%3C%2FP%3E%0A%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%0A%3CP%3ESounds%20like%20you%20may%20need%20to%20perform%20cleanup%20to%20remove%20failed%20one.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Fdeploy%2Fad-ds-metadata-cleanup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-ds%2Fdeploy%2Fad-ds-metadata-cleanup%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

We have 2 networks in our domain one is on 192.168.1.0/24 and other is on 192.168.2.0/24, our domain controller and other related servers are on 192.168.1.0/24 network.

Our domain controller got crashed its IP was on 192.168.1.17 so I transferred the FSMO roles to additional domain controller and make it a domain controller.

I was able to connect to my every server through remote from both networks. I reinstalled the OS on crashed domain controller and make it an additional domain controller with same IP which i was using when it was a domain controller.

After that, I can connect to remote server through 192.168.1.0/24, but from 192.168.2.0 network I wanted to connect to a specific remote that is 192.168.1.20 but I was not able to connect through its name. I used the IP, its prompt for username and password but on certificate section it shows the certificate of additional domain controller which I have created on same IP 192.168.1.17 recently. On every remote connect from 192.168.2.0, the additional domain controller certificate is keep showing.

The old domain controller has also AD CS installed in it, so I reinstalled the certificate services to new domain controller. After finding the issue I clear up the DNS entry that is related to old domain controller that was 192.168.200.17.

I am still unable to connect to any remote server from 192.168.2.0/24 to 192.168.1.0/24 except the 192.168.1.17. I was able to ping from one network to other network without an issue, file services are working fine, user are logging through the domain controller.

 

Please assist me in this regard.

1 Reply
Highlighted

I was able to connect to my every server through remote from both networks. I reinstalled the OS on crashed domain controller and make it an additional domain controller with same IP which i was using when it was a domain controller.


Sounds like you may need to perform cleanup to remove failed one.

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup