question

EPSrookie-9277 avatar image
0 Votes"
EPSrookie-9277 asked LimitlessTechnology-2700 answered

Not able to move beyond the Server Login Screen

Hi, We have promoted a new DC in our environment, but when trying to login to the DC after promotion, not able to Login to the DC via console.
194877-img-20220421-wa0002.jpg
Tried restarting a couple of times.


There is no error after putting the password, just the arrow or the enter key is not doing anything.
And not able to do RDP to this machine as well, it gives the generic RDP error. Which I believe can be fixed after passing the login screen.
Note, The repadmin /syncall /AePdq command is giving a schema mismatch error for this DC.

windows-active-directorywindows-server-2012
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Without logon it will be difficult to do anything with this one. If it were me, I'd switch it off, do metadata cleanup.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

then confirm health is 100% and stand up a new one for replacement. I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health is good.


--please don't forget to upvote and Accept as answer if the reply is helpful--





· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry I didn't mention before. I did meta cleanup after demoting it before then meta clean up then promoted it again. I just didn't did a clean boot. Prmoted back from the member server. That all we can do again no issues.
But the main concern is to login. As we don't have physical access to that machine. I am just not sure what can be done.

0 Votes 0 ·

Not sure what is meant, it should have been clean installed from scratch as I detailed above.

--please don't forget to upvote and Accept as answer if the reply is helpful--




0 Votes 0 ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



1 Vote 1 ·
Show more comments
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

One of the reasons for the issue to occur, the user's current password does not match the password that is cached in Credential Manager. This issue can occur immediately after the user or an administrator performs a password change. It can also occur after some time has passed after the password change.

This issue occurs because of a deadlock between Credential Manager and the Redirector (RDR) and Data Protection API (DPAPI).

The logon process hangs at the "Welcome" screen or the "Please wait for the User Profile Service" error message window https://support.microsoft.com/en-us/topic/the-logon-process-hangs-at-the-welcome-screen-or-the-please-wait-for-the-user-profile-service-error-message-window-d2b47c4e-8819-a38c-7b37-ff0a79927035


--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.