The Problem
I cannot query the AD from the AppsServer unless I leave the domain and restart, then rejoin and NOT restart
All are fully patched with latest updates 07/05/2019
Setup (All Server2019, all single NICs)
DC01: Physical running AD DS, DHCP, DNS and file and storage services
AppsServer: Physical running Hyper-V, IIS, print and doc, file and storage services and Azure AD Connect
DC02: Virtual running AD DS, DHCP, DNS and file and storage services
Communication between the two DC's is fine, although I do get DFS Replication Event 5008 quickly followed by 5004 on DC01
Pings between the two DC's are <1ms and never miss a beat.
DCDIAG From AppsServer
dcdiag /test:advertising /v /s:dc01
* Connecting to directory service on server dc01.
Ldap search capability attribute search failed on server dc01, return value = 81
DCDIAG From DC02
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server DC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Primary,CN=Sites,CN=Configuration,DC=domain,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Primary,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC02,CN=Servers,CN=Primary,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Primary\DC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC01 passed test Connectivity
Doing primary tests
Testing server: Primary\DC01
Starting test: Advertising
The DC DC01 is advertising itself as a DC and having a DS.
The DC DC01 is advertising as an LDAP server
The DC DC01 is advertising as having a writeable directory
The DC DC01 is advertising as a Key Distribution Center
The DC DC01 is advertising as a time server
The DS DC01 is advertising as a GC.
......................... DC01 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
IPCONFIG /All (disabled IPV6 on DC01 and AppsServer to test)
DC01
Host Name . . . . . . . . . . . . : DC01
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter NIC1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 90-B1-1C-22-19-82
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
DNS Servers . . . . . . . . . . . : 192.168.0.17
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled -> just disabled to test
DC02
Host Name . . . . . . . . . . . . : DC02
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-00-60-0A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f5ad:b95d:529c:18d3%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
DHCPv6 IAID . . . . . . . . . . . : 100668765
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-33-CA-A5-00-15-5D-00-60-0A
DNS Servers . . . . . . . . . . . : 192.168.0.1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled -> just disabled to test
AppsServer
Host Name . . . . . . . . . . . . : AppsServer
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter NIC1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #4
Physical Address. . . . . . . . . : F0-1F-AF-E1-5E-0F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
DNS Servers . . . . . . . . . . . : 192.168.0.1
192.168.0.17
NetBIOS over Tcpip. . . . . . . . : Enabled
Other tests ran..
nltest /dsgetdc:domain.local /server:dc01
DC: \\DC01.domain.local
Address: \\192.168.0.1
Dom Guid: 62ea49d6-7a05-4258-81d3-06dba557ffed
Dom Name: domain.local
Forest Name: domain.local
Dc Site Name: Primary
Our Site Name: Primary
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10
The command completed successfully
Pings between all serves work on IP and HOST names, Firewall has been disabled for all network types, Group Policies have been disabled except on domain controllers. My local Windows 10 machine works without any issue and can query the AD.
I'm out of ideas and would appreciate any help.