question

JameyWright-1311 avatar image
0 Votes"
JameyWright-1311 asked DSPatrick answered

Server 2019 Domain Controller Issues

We currently have a single domain with 2 domain controllers. One DC is running Server 2012R2 and the other is running Server 2016. I am in the process of upgrading all of our servers to Server 2019. The DCs are some of the last servers to be done. I built up a new server in VMware and loaded Server 2019 Datacenter. I have it on the network and fully patched. I joined it to the domain. I went to Server Manager -> Add Roles and Features -> and selected Active Directory Domain Services and clicked next. The Roles and Feature installer added DNS and proceeded to install everything and rebooted. After reboot, Server Manager said I need to Promote to a Domain Controller so I clicked the button and went through the steps and entered a DSRM password. Server rebooted when everything was complete.

When I go to the virtual machine console, I cannot log into the server. It says "Incorrect password". I know the password is correct because I can log onto other servers using the same credentials. If I try to use any domain account, I get the same message. If I try to use RDP to log in, I get the same message. I can connect to the server using Server Manager or Powershell and manage it that way so I know authentication is working. I have built two different servers and had the same issue both times. Using Server Manager I removed the Active Directory Domain Services role and after the server rebooted, I was able to log in again. I added the role again and had the same result.

I am at a loss on this. Searching the Internet hasn't produced any useful answers.

windows-active-directorywindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yagmoth555 avatar image
0 Votes"
yagmoth555 answered

Hi

When you promote are your DNS record set correctly into the server ? and from another DC can you run repadmin /replsummary to make sure the replication is ok ?

I would add, can you check to make sure the keyboard layout is ok for the "new account", or check to see the password after you typed it ? I ask as for the domain profile I know if your domain admin password contain special entry, an error in the keyboard layout can hurt your login.

Thanks

Philippe

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JameyWright-1311 avatar image
0 Votes"
JameyWright-1311 answered

Yes, server records are showing up correctly in DNS. Repadmin /replsummary is OK. No errors

I created a temp admin account with a simple password and entered it. I clicked the "eye" button to view the password and it is correct.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

After reboot, Server Manager said I need to Promote to a Domain Controller so I clicked the button and went through the steps and entered a DSRM password

This sounds problematic, if it were me I'd clean install it, patch fully and try it again. Perform the cleanup here if necessary before stand up the new oe again.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

--please don't forget to upvote and Accept as answer if the reply is helpful--







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JameyWright-1311 avatar image
0 Votes"
JameyWright-1311 answered

Already did that... several times. Does the same thing every time.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.