Windows Server 2012 server unable to authenticate domain login after being promoted to domain controller
hi everyone,
here story, i'm in process of replacing our old windows sbs 2008 server windows server 2012. windows sbs 2008 serving domain controller, , first step of the plan make windows server 2012 become second domain controller , demote sbs server. followed instructions migrating active directory domain controller , let windows server 2012 joined exsiting domain, promoted domain controller. 2 servers showing in active directory users , computers, dns manager, everthing looks normal. proceeded transfer fsmo roles on windows server 2008 using ntdstil command (transfer schema master, transfer naing master, transfer pdc, transfer rid master , transfer infrastructure master). when tried verified result of transfers using "netdom query fsmo" command, returned me "the parameter incorrect" on both servers, although 5 roles showed sbs server hold fsmo roles before ntdsitl transfer command initiated. then used netdom query pdc, netdom query dc commands, while new server (windows 2012) suggessted me dc on both of server , pdc on the windows server 2012, the old server (sbs server) falied command for "the network location can not reached". also, client computers not able login domain (incorrect user name , password) when sbs 2008 server disconnected network test if windows server 2012 itself can authenticate domain login.
we used dcdiag.exe command diagnosis problem, 1 of noticable problems returned server "failed test connectivity":
testing server: default-first-site-name\server-001
starting test: connectivity
error during resolution of hostname server-001.businessserver.local through ipv4
stack.
*** warning: not confirm identity of server in the
directory versus names returned dns servers. hostname
resolution error 0x2af9 "no such host known."
got error while checking ldap , rpc connectivity. please check your
firewall settings.
......................... server-001 failed test connectivity
testing server: default-first-site-name\server-002
starting test: connectivity
host 24e124e5-9b8e-4370-b986-2c12bcd8f356._msdcs.businessserver.local could
not resolved ip address. check dns server, dhcp, server
name, etc.
got error while checking ldap , rpc connectivity. please check your
firewall settings.
......................... server-002 failed test connectivity
i had firewall disabled still have no luck, although there's brief moment during 1 trial the 2 server passed connectivity test restarting window time service, but failed again after enabled "allow zone transfer" in "zone transfer" tab in dns manager->domain properties window.
i know there's 1 more step replace windows sbs 2008 server, using dcpromo to dicommision sbs 2008 domain, i'm worried about the domain might never work again without sbs 2008. how verify if windows server 2012 can served domain controller without sbs 2008 and causes of worrisome failed commands?
any appreciated!
alex
hi alex,
you welcome. information provided need better analyze issue.
according last reply, seems 2 dcs can’t replicate each other.
event 13508 indicates frs unable create rpc connection replication partner. followed event 13509? if is, there nothing wrong. if it’s not, need troubleshoot error.
please reconnect sbs dc, run dcdiag , repadmin on both dcs.
here related articles below troubleshoot issue:
troubleshooting file replication service
http://technet.microsoft.com/en-us/library/bb727056.aspx
best practices dns settings on dc , domain members.
please note: since web site not hosted microsoft, link may change without notice. microsoft not guarantee accuracy of information.
besides, here similar threads below suggest refer to:
we facing problem dc , adc kcc not add replica link due error
the file replication service having trouble enabling replication
the file replication service having trouble enabling replication server01 server02
i hope helps.
best regards,
amy wang
Windows Server > Windows Server 2012 Setup
Comments
Post a Comment