I have a VM on an ESX host at a remote location. The server was built as a DC and everything was working fine until we moved it to the remote site. Since then it was not replicating Active Directory nor DNS, and threw Event ID 1722 at me (RPC server not available).
Extensive work with dcdiag, portqry, etc. showed DNS problems but we opened our firewalls to all traffic and watched our syslogs for any blocks -there were none.
I decided to rebuild the server so I forcibly removed it and did a metadata cleanup on the other DCs (there are 5 in total counting this problem one). There is no evidence of the problem DC on the domain any longer. However, the newly-built server cannot be
joined to the domain, and the netsetup.log file shows the error code in the subject line (0x5b).
I've been through every article in every language I could find, changed more registry settings than I'd care to admit (and will be rebuilding this server as a result!), I really thought I was onto something with this one: https://support.microsoft.com/en-us/kb/2008652
but none of those changes helped (and that NT4Emulator key isn't present on any of the other DCs anyhow).
I'm down to asking our Networking team to tell me if their gear could somehow be suspect - although I've no clue how since their MTUs are set at 1500 and I even tried forcing this server to use TCP for Kerberos anyhow. I'm absolutely out of ideas and I need
a functioning DC at the remote site ASAP.
I can post sanitized outputs but believe me I've run every test! Portqry shows that this server isn't listening on 389 but I don't know that it should be if it's not a DC yet? There are a couple of firewalls in the path but they are both open for the server's
IP and any port & any protocol, bidirectionally to & from our "primary" DC and the other three. I've tinkered with the DNS, enabled NetBIOS, even tried the ideas I found for joining a Samba domain, all to no avail.
Nslookup shows a proper response for the _ldap._tcp.dc._msdcs.[domain] query. I've tried putting the
fqdn in the server's HOSTS file too. It finds all the DCs! I mean when I do nslookup for the domain, it shows all four existing DCs at their proper IP addresses with their proper hostnames. I can ping all four by FQDN or IP address (though not by NetBIOS only,
which the linked article does indicate can be a problem - but it offers no solutions nor could I find any myself).
Anyway thanks in advance, I'm desperate!