I have a problem with a server 2016 DC that's in a remote office, where the DNS service loads, but it reports a connection failure that is indicative of an incorrect password when it's attempting to contact its peers. The most often found solution is to use the netdom command to reset the machine password as below:
netdom resetpwd /s:dc1 /ud:DOMNAME\Administrator /pd:PasswdXXX
However, when this command runs, it returns:
"The machine account password for the local machine could not be reset.
The specified network name is no longer available.
The command failed to complete successfully."
So, the question is, am I doing the right thing in running netdom on the broken DC, or should I be running it on one of the working ones and relying on it propogating over to the one with the problem?
I've already disabled the KDC and rebooted to flush the cached keys but nothing seems to be having any effect.