server 2012 r2 event id 18456

Duncan McDonald 21 Reputation points
2021-04-22T22:09:17.007+00:00

A DC running 2012 r2 has a continuous error in event viewer 'Application'
The log is;
Source: MSSQL$MICROSOFT##WID
Event ID: 18456
Task Category: Logon
Level: Information
Keywords: Classic,Audit Failure
User: NETWORK SERVICE
Computer: DC2.Domain
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'RdCms'. [CLIENT: <named pipe>]
Security UserID="S-1-5-20"

The user 'NT AUTHORITY\NETWORK SERVICE' is set to logon as a service

DC2 does not provide the broker service for RDC nor does its partner DC1. A separate 2008 r2 which is used for data and application purposes provides RDC

SQL Management does not connect to any dBase

The real problem here is that the BMR backup is now failing

Suggestions to sort would be appreciated

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,532 questions
Windows Server Backup
Windows Server Backup
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Backup: A duplicate copy of a program, a disk, or data, made either for archiving purposes or for safeguarding valuable files from loss should the active copy be damaged or destroyed.
452 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-04-22T22:38:41.533+00:00

    Sounds like an abundance of corruption. The safer / cleaner method would be to stand up a new one for replacement.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-04-23T03:30:47.31+00:00

    Hi,
    Before going further, you can check the status of the DCs and the replication in the domain.
    Following command for your reference:
    Dcdiag /v >c:\dcdiag1.log
    Repadmin /showrepl >C:\repl.txt
    Repadmin /showreps * 
    If there are any progress, welcome to update here!
    Best Regards,

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2021-04-23T13:04:22.267+00:00

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--

  4. Duncan McDonald 21 Reputation points
    2021-04-28T07:56:05.417+00:00

    I work in a production environment which does not permit experimentation and changes without first planning. The DC in question does not support only that role but others including DFS variously across 3 servers.
    I will try as suggested, replacement of the DC possibly this weekend, unless there is a disaster. At the moment the biggest concern is that the BMR backup does not complete on that machine. All other backup systems are OK

    0 comments
  5. Dave Patrick 426.1K Reputation points MVP
    2021-04-28T13:30:01.297+00:00

    which does not permit experimentation

    Could not agree more. Replacement as mentioned will be the safest / cleanest move. Splitting the domain controller off onto it's own instance of windows provides a much more simplified environment.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments