question

Lukadmin-3867 avatar image
0 Votes"
Lukadmin-3867 asked efdake answered

Can't join new devices to DC, users can't login (Migrated Windows Server 2008 to Server 2019)

Hi,

I am having an issue with my domain controller. Recently successfully migrated my Windows Server 2008 (which holds DNS and DHCP roles). DCPROMO demotion failed so I had to manually remove the old DC, did the metadata cleanup, and disconnected it from the network. I also, assigned the static ip address of the old server to new server. FSMO was transferred successfully. DNS and DHCP seems to be working, I can ping my domain controller from the device I want to join.
Dsdiag /test:dns passed successfully

The users can’t login to their accounts (“We can’t sign you with this credential because your domain isn’t available…”). I can’t join new devices to the domain ("network path was not found")

Also, as a domain admin user I can login/logoff to devices but it takes too long to do so.
In the event viewer could not see any recent errors.
Any help would be appreciated. Thanks.

windows-active-directorywindows-server-2019windows-server-2016windows-dhcp-dns
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
 
Best Regards,

0 Votes 0 ·

I am still having the issue with adding new devices/users to domain controller.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered Lukadmin-3867 commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txt

then put unzipped text files up on OneDrive and share a link.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Here is the link to the outputs of these commands


0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered Lukadmin-3867 commented

Hello,

Thank you so much for posting here.

To further troubleshoot, we need to check whether our AD environment is healthy. We could run the commands as Dave mentioned to check if all DCs work fine and if AD replication works properly.

Looking forward to your feedback. Thanks so much.


Best regards,
Hannah Xiong

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Here is the link for the outputs.


0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Looks Ok, I'd check that the domain controller and problem members both got the Domain network firewall profiles. If not try restarting the Network Location Awareness (NlaSvc)


--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered HannahXiong-MSFT commented

Hello,

Thank you so much for your kindly reply.

There is only one DC, right? And now we could not join new devices to the domain, right?

Have we checked the C:\Windows\Debug\Netsetup.log on the devices?


Best regards,
Hannah Xiong

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

I am checking how the issue is going, if you still have any questions, please feel free to contact us.

Thank you so much for your time and support.

Best regards,
Hannah Xiong

0 Votes 0 ·
efdake avatar image
0 Votes"
efdake answered

I'm not sure, but I think you might have a subnetting issue. From the logs you provided, the client machine is in subnet 255.255.252.0 which is a Class B Subnet, which would provide the following IP range:
191.168.0.1 - 191.168.3.254

Your client is within this range, as is your DC, but the DC has a different subnet.

Your DC is 255.255.255.0 which is a Class C Subnet, which gives only the following IP range:
192.168.1.1 - 192.168.1.254

Your client is not in this range, so it might be why it is getting the errors that you are seeing.

Have you tried to change the subnet for the DC to match the subnet for the clients? 255.255.252.0 and see if that allows them to communicate with one another?

Hope this helps....

Edward

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.