Sep 14 2021 12:46 PM
The full error I'm getting:
SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. No authority could be contacted for authentication.
I was configuring a new server as a 2019 Domain Controller to replace a 2008 R2 one. In addition I have two other DC's for a total of 3. All in different sites.
One with all FSMO roles which is what is referred to as PDC back in the day running 2012 R2. The other running Windows Server 2019 and now the new one that I mentioned above that replaced the 2008 R2 also running 2019.
The problem I ran into is that I forgot to raise the domain functional level from 2008 R2 to 2012 R2 before I demoted it. Once that happened I started to receive errors from a couple of servers regarding the SSPI handshake and after researching this, I found that it's most likely or I can honestly say it's probably close to 100% that what I did caused this error.
So, I took the same server and brought it back to 2008 R2 Domain Controller status but what's weird is that even prior to completing this task, the errors seemed to stop...but accessing some of our applications didn't work until I fully brought it back.
My goal is to raise the domain functional level to 2012 R2 then test to make sure that the new DC in that site works for authentication of the SQL and application servers running there. I was wondering if shutting down the 2008 R2 DC temporarily and monitoring to make sure no errors are thrown is a good way to make sure my environment is ready to demote the 2008 R2 DC once and for all?
I appreciate any help I can get and thanks in advance!
Sep 15 2021 07:03 AM
Sep 15 2021 07:20 AM
No worries, you're welcome.
Sep 21 2021 07:40 AM
Sep 21 2021 10:25 AM
Thanks for posting this detail.