I'm posting here because the issue is with a demoted server that can't find the new domain controllers on the network. It could also be a DNS issue; feel free to move it if it doesn't belong here. Thanks.
I have this server 2008 SP1 that was a playground for the Operations Manager for quite some years before i came here.
It had ADDS with all FSMO roles, DNS server, DHCP server, TS server, file server, IIS, our ERP, Exchange for some time, every single utility he could find to test, 20 users logged on fulltime using Office Remote Apps and surfing the web (on admin privileges) on it and then some. The only thing it didn't have was updates. All of this on a single RAID 5 volume with no HS. It was a mess.
I've been working my way to kill it and managed to remove almost every essential service out of it, the most recent (oct) being ADDS. I created a new server, promoted it and moved all FSMO roles to it, finally i demoted the old server.dcdiag reported all Ok.
Since then, i've been having conectivity issues all the time on that server.
I'm having 3 different errors poping up all the time:
Level: Error Source: NETLOGON Event ID: 5719 Description: This computer was not able to set up a secure session with a domain controller in domain <DOMAIN> due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
Level: Error Source: GroupPolicy Event ID: 1054 Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
Level: Error Source: GroupPolicy Event ID: 1030 Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
ErrorCode: 58
ErrorDescription: The specified server cannot perform the requested operation.
As a result it sometimes takes 3 or 4 tries to RDP successfully on it, other times it just won't let you until later. It says "Access denied" on the dialog.
The errors basically tell me there are DNS/Network issues with the server. I couldn't find any network issue: It flawlessly serves files, keeps RDP sessions open and responds to ping with <1ms lattency all day, so it must be DNS or something else.
Thing is i can't scrap the server just yet, not until we buy the new file server and that may still take some months and up to a year.
So my only option is to fix this problems.
Further info:
- The remaining roles on the server are: file services, NPAS, TS and IIS.
- Any other server/service in the network works fine, it's only this server with issues.
- It doesn't have athentication issues on shares (most shares are for Authenticated users)
- nslookup detects the dc with no issue. I can't check whether it does when it starts throwing "Access denied" since that happens when i'm trying to logonto it, hence, i'm out of it.
I'd appreciate any help you could provide.
Cheers.
"When something is not working as it is supposed to, then it is working as expected" -R