History: I migrated a 2003 domain to 2012 R2 (2 DCs), now native. All was ok until my 1st reboot of the 2nd DC. It lost its ability to communicate w/the domain. I've demoted/removed it and am now on 1 DC until I can do some more testing. DNS is now clean and dcdiag give a clean bill. This has been running without issues for several weeks.
This AM I get a call and users cannot log into the terminal server. I reboot it, but the problem persists. I then try to log onto the DC. I get a login error, the DC doesn't recognize administrator or the regular domain admin account I typically use. I'm forced to do a power button shutdown and restart. After restart I can log in and everything appears to be good.
A review of the event logs show that @ 4:30PM yesterday the scheduled backup (Win Backup) occurred successfully. Then shortly after 5PM the system logs event 5823 (NETLOGON The system successfully changed its password on the domain controller
. This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. ).
The nothing until ~ 2 1/2 hours later I start getting a bunch of event 4 (kerberos KRB_AP_ERR_MODIFIED) and 1006 (Group Policy processing failed) errors every couple minutes until I reboot.
Can anyone shed some light on what possibly happened? Did the automatic change of the system password break AD because I only have 1 DC?