Not able to move beyond the Server Login Screen

Question

question

EPSrookie-9277 asked Apr 21, '22 LimitlessTechnology-2700 answered Apr 26, '22

Not able to move beyond the Server Login Screen

Hi, We have promoted a new DC in our environment, but when trying to login to the DC after promotion, not able to Login to the DC via console.

Tried restarting a couple of times.

There is no error after putting the password, just the arrow or the enter key is not doing anything.
And not able to do RDP to this machine as well, it gives the generic RDP error. Which I believe can be fixed after passing the login screen.
Note, The repadmin /syncall /AePdq command is giving a schema mismatch error for this DC.

windows-active-directory windows-server-2012

img-20220421-wa0002.jpg (41.1 KiB)

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-04-21T01:59:56.563Z

DSPatrick answered Apr 21, '22 DSPatrick commented Apr 25, '22

Without logon it will be difficult to do anything with this one. If it were me, I'd switch it off, do metadata cleanup.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

then confirm health is 100% and stand up a new one for replacement. I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health is good.

--please don't forget to upvote and Accept as answer if the reply is helpful--

· 6

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EPSrookie-9277 · Apr 21 at 09:06 AM

Sorry I didn't mention before. I did meta cleanup after demoting it before then meta clean up then promoted it again. I just didn't did a clean boot. Prmoted back from the member server. That all we can do again no issues.
But the main concern is to login. As we don't have physical access to that machine. I am just not sure what can be done.

0 ·

DSPatrick EPSrookie-9277 · Apr 21 at 01:09 PM

Not sure what is meant, it should have been clean installed from scratch as I detailed above.

--please don't forget to upvote and Accept as answer if the reply is helpful--

0 ·

DSPatrick DSPatrick · Apr 22 at 02:06 PM

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

1 ·

Show more comments

Answer 2 · 2022-04-26T10:53:06.173Z

LimitlessTechnology-2700 answered Apr 26, '22

Hi there,

One of the reasons for the issue to occur, the user's current password does not match the password that is cached in Credential Manager. This issue can occur immediately after the user or an administrator performs a password change. It can also occur after some time has passed after the password change.

This issue occurs because of a deadlock between Credential Manager and the Redirector (RDR) and Data Protection API (DPAPI).

The logon process hangs at the "Welcome" screen or the "Please wait for the User Profile Service" error message window https://support.microsoft.com/en-us/topic/the-logon-process-hangs-at-the-welcome-screen-or-the-please-wait-for-the-user-profile-service-error-message-window-d2b47c4e-8819-a38c-7b37-ff0a79927035

--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question