question

MacJohnsonII-7805 avatar image
0 Votes"
MacJohnsonII-7805 asked DSPatrick edited

Desktops don't authenticate with hew domain controller

First I hope this question finds all doing well and thanks for any responses.
I have a Windows 2011 SBS and I just migrated my AD from it to a new Windows 2019 server. Promoted it to a DC Transferred FSMO roles everything went well and the AD is replicating between the 2 servers all seemed fine. When I had to reboot the 2011 SBS I noticed the when I try to log a workstaion in when the 2011 SBS is ofline (rebooting) the workstation couldn't login I got this message 107079-login-error-message.jpg


once the 2011SBS is back up the workstations login fine again. Anyone have any ideas why this is occurring,?

Thank you for any ideas.

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MacJohnson-7597 avatar image
0 Votes"
MacJohnson-7597 answered

DSPatrick,
Thanks for the suggestion .... I feel like an idiot I still can't figure out how to mark you suggestions as the answer. I logged in as the only 2 accounts i have on this forum and when I do I don't see a "mark as the answer" link

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

Glad to hear.

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MacJohnson-7597 avatar image
0 Votes"
MacJohnson-7597 answered

Yes it looks like moving the PC frm the SBSComputers OU to the Computers OU resolved the issue

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

falconitservices avatar image
0 Votes"
falconitservices answered

Hello,

Is the DNS on the workstations pointing to the new DC and is the new DC a global catalog?

-Miguel Fra
https://www.falconitservices.com

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MacJohnson-7597 avatar image
0 Votes"
MacJohnson-7597 answered FanFan-MSFT commented

The network has 2 Sonicwall TZ350's in a site-to-site VPN configuration.
The main office is LAN 192.168.176.0/24 DC1 192.168.176.12 and the branch office LAN 192.168.177.0/24 DC2 192.168.176.88
The branch desktops are on 192.168.177.0/24 DNS 192.168.176.12 DC1 & 192.168.176.88 DC2. The desktops can ping the main office devices map drives etc. but when the DC1 is offline and a desktop in the branch office tries to log in they get this message "The security database on the server does not have a computer account for this workstation trust relationship"
107261-login-error-message.jpg
The desktop QIWS15 is in the ADUC on both DC's but it is under Computers-> SBSComputers
107245-adcu-list.jpg
I need to reboot the DC1 and see if desktops on the main site can log in thru the new DC2 but I can't do that until my backup ends that will be Sunday


adcu-list.jpg (111.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

They should be in the Computers container. Try moving one for a test.



0 Votes 0 ·

Hi,
Based on my understanding, here are 2 DCs in your domain, right?
Only one of the DC s had the issue or all the clients have logon issues?


If there are any progresses, welcome to share here!

Best Regards,

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Warning: Adapter has dynamic IP address
You may have a rouge DHCP server on the network handing out IPv6 dynamic addresses. (possibly router?) The better option here is to disable the IPv6 DHCP server, or the other option is to uncheck IPv6 protocol on the network connection properties. Other than this things look good.


As to the QIWS15 if you look in ADUC in the Computers container can you find it?








5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MacJohnson-7597 avatar image
0 Votes"
MacJohnson-7597 answered

Sorry about that. They are there now
Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Missing the files for second domain controller and problemworkstation


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.