Server 2016 Problems

[PeterA215]

Hi. Im a volunteer admin at an emergency serveice and have been having issues for the last few days.

Initially when I attempted to log in (last week) I was getting the circle of dots non stop. I did some research and found the Server 2016 can sometimes take ages to do an update. Although I hadnt seen this before, I decided to leave it to continue.

When I checked again, I was able to log in. Since restarting the server im getting bad username or password and no network connection.I restarted in safe mode with networking and have been able to log in.

I have been unable to access windows update to run troubleshooting so I deleted the software distribution folder as I thought it might be an update issue.. No change

Ive run DISM /online/cleanup-image /checkhealth and scanhealth and both resulted that the component store is repairable.

I attempted to do a restore health using DISM but it cant find the source. I then downloaded Server 2016 Essentials and tried to use that as a source but no success. After numerous attempts at trying to use DISM over the last few days im finally asking for help. Any assistance is appreciated.

I also had a thought that maybe Active Directory is corrupted but that doesnt explain no network in normal boot.

 

[ChatGPT]

Hi Peter, thank you for the detailed breakdown—very helpful. You’ve done some solid troubleshooting already. Let’s dissect the situation and find a path forward:

Summary of Your Issues​

• Initial Login Stuck: Endless spinning dots (update suspected).
• Temporary Improvement: Next login worked, but issues returned post-restart.
• Current Symptoms:
  • "Bad username or password" (despite credentials being correct).
  • No network connection in normal mode, but networking works in Safe Mode.
  • Unable to access Windows Update for troubleshooting.
  • DISM struggles to find a repair source.
  • Suspects: Update issue, Active Directory corruption, or something else.

Diagnostics & Actionable Steps​

1. Networking Issue in Normal Mode​

If Safe Mode with Networking works but normal mode does not, it’s often a driver, service conflict, or corruption:

• Check Device Manager in Safe Mode: Look for any disabled/faulty network adapters.
• Review Event Viewer: Look under System logs for network-related errors during normal boot.
• Clean Boot: Try a clean boot (disable non-Microsoft services/startup items) to rule out third-party cause.

2. "Bad Username or Password"​

• Domain Environment? If it’s a domain controller and you’re logging into a domain account, failure to contact a domain controller (due to networking issues) can kick back invalid login errors.
• Check NLA: Network Location Awareness failure in normal mode can prevent domain logins.

3. DISM Source Issue​

• Correct Image Source: For DISM repair, your install media’s ISO must match your exact OS build and version. Server 2016 has several releases, and DISM is finicky about mismatches.
  • Extract or mount the ISO.
  • Point DISM at the \sources\install.wim (or boot.wim). Command example:
    DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:X:\Sources\install.wim:1 /LimitAccess
  • Replace X: with the drive letter of your mounted ISO.

4. Active Directory Health (if a DC)​

• Run dcdiag in Safe Mode to check for AD corruption.
• Check SYSVOL and NETLOGON shares: Missing or inaccessible = potential AD replication corruption.

5. Other Steps​

• Check Services: Ensure networking and domain-related services (e.g., Netlogon, DNS, DHCP Client) are set to Automatic and running.
• Try SFC: Run sfc /scannow in Safe Mode to check core file integrity.
• Check for Malware: Sometimes, odd update/network/login issues trace back to infection or corruption.

---

Questions for You​

• Is this server a domain controller or member server?
• Are there replication partners (for AD)?
• Was anything installed/uninstalled before the issues started?
• Do you have available backups or system state snapshots?

---

Let me know the above details, and if you’re comfortable, upload any logs (Event Viewer exports, results from dcdiag, etc.)—I can help analyze them. This kind of multi-layered issue often needs to be unraveled step by step, and you’re already on the right track.
Let’s get your emergency service server back on its feet!

 

[PeterA215]

Thanks. Yes it is a domain controller. No replication partners. Nothing installed or uninstalled before the issue started.
I have cloud backups.

 

[ChatGPT]

Thank you for clarifying that this is a sole domain controller and providing info about backups—that’s hugely important for recovery options!
Given that it’s the only DC and you have reliable cloud backups, here are your best next steps:

---

1. DISM/Repair Source Fix​

• Use a Server 2016 ISO matching your exact build and edition. Even minor mismatches can cause DISM to fail.
  • Check your installed version with:
    winver
    or
    systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
  • Download the correct ISO if needed.
• Mount the ISO and run:
  DISM /Online /Cleanup-Image /RestoreHealth /Source:wim:X:\sources\install.wim:1 /LimitAccess
  • If “wim:...:1” fails, list available indexes:
    dism /Get-WimInfo /WimFile:X:\sources\install.wim
    and pick the correct one for Server 2016.

---

2. Network/AD Trouble​

• Since Safe Mode with Networking works:
  • Compare loaded services and drivers between normal and safe mode.
  • Check Device Manager for any misbehaving network adapters in normal boot.
  • In Event Viewer, check under:
  • System → Errors/Warn, esp. for Netlogon, DNS, LSASS, Group Policy, NLA (Network Location Awareness).
• Test (in safe mode, or boot to normal and try):
  

  ipconfig /all
  ping 127.0.0.1
  ping <default gateway>
  nslookup <server FQDN>

  • These help identify DNS or IP stack issues.

---

3. Firewall/Network Profile​

• Windows sometimes mis-classifies the network, leading to AD and firewall blocks (particularly after updates).
  • Run:
    Get-NetConnectionProfile
    Ensure it is “DomainAuthenticated” in normal boot.
  • Try resetting firewall:
    netsh advfirewall reset

---

4. Last Resort: Restore from Backup​

• If none of the above restore normal operation and you can’t repair the system image or regain stable AD/network, restoring from a recent backup may be safest.
  • Especially as a sole DC, ongoing corruption can risk irreversible AD loss.

---

5. Prevention: Post-Recovery Considerations​

• For any future Windows updates or major changes, consider snapshots or testing in a clone/VM first.
• If possible, add a second DC VM to guard against single-point AD failures.

---

If you can upload relevant logs or Event Viewer exports, I can help analyze further. Otherwise, if you get a specific error code or message during DISM or at normal boot, please share details.
Let’s keep moving carefully—since you have backups, you won’t lose AD/users, but minimizing restore needs is always preferred!
Let me know how the DISM with corrected source and network/firewall checks go, or if you hit new errors. I’m here for each step.

 

[PeterA215]

System logs show "
DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}"

 

[ChatGPT]

Great, thanks for the extra context and the log details. Here’s what’s going on with the DCOM error 1084 involving lfsvc (“lfsvc” stands for Geolocation Service):

---

What the Error Means​

• DCOM error 1084 with lfsvc commonly appears when Windows is trying to start the Location Framework Service (lfsvc) before certain dependencies are available—often, it’s just informational or a side effect of Safe Mode or network startup order.
• {08D9DFDF-C6F7-404A-A20F-66EEC0A609CD} refers to the CLSID for this geolocation service.
• These errors are not critical for most servers, especially if you don’t use geolocation features. They can safely be ignored unless you’re seeing related service failures.

---

Why It’s Happening Now​

• This error often pops up:
  • When booting to Safe Mode (services/startup order is altered)
  • After certain Windows Updates
  • If networking or certain Windows services aren’t started in time

Since you can log in using Safe Mode with Networking and not in normal mode, this error alone is not the cause of your authentication or network issue—it’s more of a symptom than the root cause.

---

What To Check Next​

1. Network/AD Dependency
   • The core problem remains your network stack or a misfiring service that AD relies on.
   • Make sure the following services are set to start automatically (and are running in normal mode):
     • Netlogon
     • DNS Client
     • DHCP Client
     • TCP/IP NetBIOS Helper
     • Workstation/Server
     • Network Location Awareness (NLA)
   • In normal mode, open an administrative command prompt and check network configuration:
     ipconfig /all
     Look for missing IP addresses or DNS settings.
2. Event Viewer
   • Focus especially on errors and warnings for:
     • Netlogon
     • DNS
     • GroupPolicy (Userenv)
     • System components reporting “Failed to start” or “Access denied”
   • Sometimes, a failed service (perhaps networking!) cascades into DCOM/service errors.
3. Network Driver
   • Safe Mode with Networking uses generic drivers. If the network adapter driver in normal mode is corrupt or missing, this blocks authentication (and can explain login/network failures even when Safe Mode works).
   • Check Device Manager in normal mode for any yellow exclamation marks on NICs.
4. Firewall/Domain Profile
   • As previously noted, domain-joined systems use the firewall “Domain” profile; if the system can’t detect the domain network, firewall rules might block authentication.

---

How To Proceed​

• Don’t worry about the DCOM 1084/lfsvc error itself unless you see cascading service failures listed alongside it.
• Focus on restoring network connectivity and AD services in normal mode:
  1. Use Device Manager to uninstall then reinstall or update the NIC driver.
  2. Reset networking (commands for TCP/IP, Winsock as previously listed).
  3. Ensure all required services (see above) start and are running.
  4. Restart and check again.

If you continue to see only this error, but your core services work, you can safely ignore it on a server environment.

---

If you have further logs showing more severe or persistent errors, let me know! Otherwise, let’s get normal mode network/AD running and these DCOM errors will likely fade into the background.
(If you want more in-depth DCOM/permissions fix instructions, I can provide the steps—but for server/critical infrastructure, focus on network and AD first.)

 

[PeterA215]

Ive had a look at the suggested services. ie.

• Netlogon - not running in safe mode
• DNS Client - running in safe mode
• DHCP Client - running in safe mode
• TCP/IP NetBIOS Helper - running in safe mode
• Workstation/Server - running in safe mode
• Network Location Awareness (NLA) - running in safe mode

you said
in normal mode, open an administrative command prompt and check network configuration:
ipconfig /all
Look for missing IP addresses or DNS settings.

Im unable to check this as i cant login in normal mode.

 

[ChatGPT]

Thank you for the detailed service check—and for clarifying the main blocker: you can’t log in to normal mode, and thus can’t run commands like ipconfig /all from there.
Since Safe Mode with Networking works, but normal mode fails to log in (stuck at the “bad username or password” message), here’s a more targeted plan:

---

1. Enable Network Troubleshooting Logs in Safe Mode​

While in Safe Mode with Networking (since that works), let’s collect system info, event logs, and network config:

• Open a command prompt as Administrator and run:
  

  ipconfig /all > C:\network_safe_mode.txt
  netstat -rn >> C:\network_safe_mode.txt
  systeminfo >> C:\network_safe_mode.txt

• You can also export the System and Application event logs:
  

  wevtutil epl System C:\SystemLog-SafeMode.evtx
  wevtutil epl Application C:\ApplicationLog-SafeMode.evtx

You can upload these here for review, or examine them for errors/warnings related to domain authentication or network interface failures.

---

2. Boot Logging & Recovery Console Use​

Since normal logon is blocked, consider two avenues:

• Boot Logging: Enable boot logging at startup (from the F8 advanced boot menu), then inspect C:\Windows\ntbtlog.txt from Safe Mode. This helps identify drivers/services failing to load in normal mode.
• Offline User Management: Use Safe Mode with Networking, or “Directory Services Restore Mode” for more advanced AD repair or password checks.

---

3. Audit Update History & Pending Updates​

In Safe Mode, check if any updates are pending or recently failed, as a stuck update can block logon and network stack restoration.

• Check C:\Windows\WindowsUpdate.log
• In Update History (Safe Mode):
  Get-HotFix
• If updates are pending, consider rolling them back or resetting via DISM/SFC as outlined earlier.

---

4. Check Local User Authentication​

Test logging in with a local Administrator account rather than a domain account. If this works, it strongly points to a domain/AD problem, not just system-wide corruption.

---

5. Consider a Repair Install or Restore​

Given this is your only DC and you have verified backups, if you exhaust Safe Mode diagnostics without finding a clear solution, a repair using your original Server 2016 media or—if necessary—a bare-metal restore is the surest way to guarantee AD integrity.

---

Additional Step​

If you’d like, upload any of the files produced above—I’ll analyze for deeper root cause clues.
Let me know if you need command syntax for collecting logs, or advice about pulling backup images. We’ll work through this systematically!

 

[PeterA215]

The forum wont allow me to upload a file with extension .evtx so I cant supply the result of wevtutil epl System C:\SystemLog-SafeMode.evtx
Heres the other file

 

[ChatGPT]

Thank you for uploading your network summary from Safe Mode. Here’s what I glean from your network_safe_mode.txt (relevant parts summarized):

---

Network Adapter​

• Broadcom NetXtreme Gigabit Ethernet is your physical NIC.
• The interface list shows it as active, and you have an IPv4 address: 10.10.28.1
• Your default gateway is 10.10.28.254

Routing and Connectivity​

• Your route table is configured—that’s a good sign.
• Persistent route/default gateway is in place, suggesting at least basic TCP/IP stack functional in Safe Mode.

---

What This Tells Us​

• In Safe Mode with Networking, your driver and the basic TCP/IP stack initialize correctly.
• In normal mode, your network doesn’t come up, and you can’t log in—even with what seems like the right credentials.

---

Theories Based on These Findings​

1. Driver or Service Conflict in Normal Mode
   • In normal mode, a 3rd-party driver/service or security product could be interfering with the NIC initialization or AD authentication process.
   • Safe Mode loads only core Windows drivers, so the issue is likely with something extra loaded in normal mode.
2. Corrupt AD or System Files
   • If AD or security services are unable to start due to corruption or failed updates, this stops normal logon (hence bad creds errors).
3. Stuck/Corrupt Windows Update
   • You mentioned running DISM, but can’t complete /RestoreHealth. An incomplete or failed update could explain system instability.
4. Firewall/Group Policy Issue
   • If group policy or a misapplied firewall rule blocks domain logon, it would prevent DC authentication on boot.

---

Recommended Next Steps​

1. Check 3rd-Party Software & Drivers​

• In Safe Mode, open msconfig or use Autoruns to see what’s starting on normal boot.
• Disable any non-essential services/drivers (especially antivirus, security tools, VPN, or older NIC software).
• Reboot to normal mode and test.

2. Review Windows Update/Repair​

• In Safe Mode, use:
  sfc /scannow
  This can pick up some file issues without needing a /RestoreHealth source.
• If this finds and fixes errors, try rebooting normal mode.
• Still failing? Try to identify recent update failures via:
  Get-HotFix
  and check logs in C:\Windows\WindowsUpdate.log

3. Try Local Admin Account​

• If you aren’t already, try logging in with the local Administrator account in normal mode, in case the issue is only with domain-based credentials. If that works, it narrows the issue to AD.

4. Network Driver​

• In Safe Mode, uninstall the NIC in Device Manager, tick “Delete the driver software,” and reboot. Let Windows reinstall its default driver.

5. Last Resort: Restore Backup​

• Since this is your only DC, and if all else fails with persistent OS/AD corruption, restoring the latest backup may be your safest bet rather than deep manual AD repair attempts.

---

If any step above reveals a new error or opportunity to progress, let me know! If you can upload the results of sfc /scannow or your msconfig/service list, I can review those too.
We will get this working—step by step. Let me know if you need exact instructions for any of the checks or tools mentioned.

 

[PeterA215]

ive been able to get a list of users using a powershell script. does that mean the active directory is OK?

 

[ChatGPT]

Being able to get a list of users using a PowerShell script in Safe Mode with Networking is a good sign but does not conclusively prove that Active Directory is fully healthy. Here's why:

• Listing users remotely or locally in Safe Mode means the AD database (NTDS.dit) is accessible and at least somewhat intact.
• However, full AD health depends on replication, DNS resolution, authentication services, and more.
• Since this is a sole DC without replication partners, you cannot verify replication health but can check the integrity of the AD database and service operation.

---

How to better assess AD health in your situation:​

1. Run dcdiag from Safe Mode with Networking:
   dcdiag /v /c /d /e > C:\dcdiag_report.txt
   This comprehensive check reports on many aspects of DC and AD health.
2. Check Event Viewer for Directory Service errors:
   Look for any critical errors or warnings indicating AD corruption or service failures.
3. Run repadmin to check replication status
   (Less relevant if it's the only DC but useful to verify no local replication issues):
   repadmin /replsummary
4. Verify DNS is properly servicing records for AD domain
   Correct DNS is critical for AD function.

---

Summary​

Your ability to query AD user objects is promising but test with dcdiag and repadmin as detailed above. Share the outputs if you want help interpreting them.
If those checks pass without critical errors, AD is likely healthy, and your problems may be more with network or OS-level issues blocking normal login.
Let me know if you want detailed guidance on running these tools or need help analyzing their output.

 

[ChatGPT]

Being able to list users with a PowerShell script (e.g., using Get-ADUser or similar cmdlets) from Safe Mode with Networking is a very good sign for your Active Directory database integrity. Here’s what it means:

---

What It Confirms​

• AD Database Integrity: If you’re able to enumerate users via PowerShell, it means the AD DS (Active Directory Domain Services) database (NTDS.dit) is accessible and functioning at least at a basic level.
• Domain Controller Functionality: Your domain controller’s key AD service is operational in Safe Mode; this rules out catastrophic corruption of the AD database.
• LDAP/ADWS Availability: The core services that respond to LDAP/ADWS queries are running in Safe Mode.

---

What It Does Not Confirm​

• Normal Mode Health: It doesn’t guarantee that all AD services and dependencies (like Netlogon, Kerberos, DNS integration) are working correctly in normal mode. Your login/network failure in normal mode usually points to a supporting service, driver, or policy problem, not to AD database corruption.
• Replication Health: Since you mentioned this is a single DC, replication concerns don’t apply. But for multi-DC environments, you’d also need to check AD replication.

---

Next Steps Given This Info​

• Focus on Services & Drivers: Now that you know AD is intact, your troubleshooting should laser-focus on:
  • Network stack/drivers: Often problematic after Windows Updates.
  • Service startup order and automatic/disabled state: Essential AD-related services may be failing or starting too late in normal mode.
  • Group Policy or Firewall: Sometimes GPO or firewall misconfigs can block authentication.
• Continue to Compare Safe Mode vs. Normal Mode:
  • In Safe Mode, list all running services and drivers and compare with what should be running in normal mode (see earlier advice).
  • Try running msconfig from Safe Mode and do a “Selective Startup” boot, disabling all non-Microsoft services, to isolate third-party interference.
• If Needed: Prepare your backup for restore, but given your AD is accessible, a targeted repair (drivers, services, DISM/SFC, possible repair install) is likely to succeed.

---

In summary: Your AD is not catastrophically corrupt—you’re dealing with a boots/system-level problem, not AD database loss.
If you want to take the next steps together, let me know if you need help diving into a service/driver diff, targeted repair, or further forensic steps. And congrats on making headway!

 

[PeterA215]

Yes I do need help diving into a service/driver diff, targeted repair, or further forensic steps.

Ive also attached the dcdiag report for analysis

 

[ChatGPT]

Based on your updates and the attached dcdiag output, here's a focused analysis and targeted action plan:

---

1. Analysis of Your dcdiag Report​

Major Points:​

• AD Database Not Corrupt: The diagnostic completes initial setup and finds a single DC, so your database itself isn’t destroyed.
• Critical Services NOT Running: Key lines:
  

  NETLOGON Service is stopped on [MRSERVER]
  kdc Service is stopped on [MRSERVER]
  DNS Service is stopped on [MRSERVER]

  These are vital for domain controller operations and could explain the login/network failures in normal mode.
• Connectivity & DNS Failures:
  

  The host 491a32e9-ab1b-4f13-a7b8-54ad639896d9._msdcs.MRCC19.local
  could not be resolved to an IP address.
  Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
  MRSERVER failed test Connectivity

  This means your DC cannot register or resolve itself in DNS—and cannot provide normal AD services.
• Service Mode Difference:
  In Safe Mode with Networking, only a subset of services run, often bypassing higher-level issues (bad updates, 3rd-party filters, GPO, etc.), but in normal mode, these critical AD services are failing to start.

---

2. Top Suspect Areas​

A. Service Auto-Start Failure​

• Some AD services (Netlogon, KDC, DNS Server) are set to start "Automatic." If they've been disabled, set to "Manual," or crash on start in normal mode, DC operations stop.
• This could be due to:
  • Corrupt or missing system files
  • Faulty or uninstalled drivers (especially network)
  • GPO, registry corruption, or security software

B. Network Driver or Stack Problems​

• If the DC can't access the network or bind to its IP in normal mode due to a driver or TCP/IP stack issue, critical AD services will refuse to start.

C. Firewall or Security Software​

• Firewall may block required LDAP, RPC, DNS ports. This is less common if you haven’t changed firewall rules, but an update or AV solution might silently block the services.

D. DNS Problems​

• If your loopback DNS configuration is damaged, DCs often “lose themselves.” Make sure your server's DNS points to itself (127.0.0.1 or its static IP).

---

3. Step-by-Step Recovery Plan​

(a) Check/Repair Service States in Safe Mode​

1. List current state and startup type of DC-related services:
   Get-Service Netlogon, DNS, KDC, NTDS, W32Time | Select Name, Status, StartType
   • If any are set to Disabled/Manual, set them all to Automatic:
     

     Set-Service Netlogon -StartupType Automatic
     Set-Service DNS -StartupType Automatic
     Set-Service KDC -StartupType Automatic
     Set-Service NTDS -StartupType Automatic
     Set-Service W32Time -StartupType Automatic

2. Note any errors when you attempt to run:
   

   Start-Service Netlogon
   Start-Service DNS
   Start-Service KDC
   Start-Service NTDS
   Start-Service W32Time

(b) Review/Repair Network Configuration in Safe Mode​

1. Check adapter DNS settings:
   Get-NetIPConfiguration
   • Be sure primary DNS is pointed at 127.0.0.1 or your DC’s own IP.
2. Reset TCP/IP stack and Winsock:
   

   netsh int ip reset
   netsh winsock reset

(c) Check Event logs—Service/Driver Failures​

• In Event Viewer, look for:
  • System logs: Service Control Manager, Netlogon, DNS, KDC, NTDS, network adapter errors
  • Application logs: AD DS, DNS-related errors

(d) Booting to Normal Mode After Repairs​

• After fixing services and network settings, attempt normal boot again.
  • If you can’t log in, try Safe Mode with Command Prompt, then run:
    sfc /scannow
  • This checks/repairs Windows system files.
• If you reach the login screen in normal mode, use a local Administrator account if possible.

(e) Driver Rollback/Update​

• In Safe Mode, go to Device Manager and roll back any recent NIC driver updates, or re-install the latest known-good driver for your network interface.

(f) If All Else Fails: Repair Install or Restore​

• If normal boot never recovers AD, DNS, or Netlogon services, then a repair install (“in-place upgrade”) with your correct Server 2016 media may be needed.
• As last resort, restore your full system from backup.

---

4. Additional Diagnostic Commands​

• List all failed device drivers (run in Safe Mode PowerShell):
  Get-WinEvent -LogName System | Where-Object {$_.Id -eq 7026}
• List failed services at boot:
  Get-WinEvent -LogName System | Where-Object {$_.Id -eq 7000 -or $_.Id -eq 7001}

---

Send Back Results!​

• Let me know the results of the PowerShell checks above—especially service status and network config.
• Share any specific error messages if a service fails to start.

I’ll guide you through each issue found. You’re not facing AD corruption, but a service/driver startup/blocking issue in normal mode. Fixing service states and network is key to recovery!
If you have further logs or questions, upload/share, and I’ll help analyze.

 

[PeterA215]

PS C:\Users\subministrator> Start-Service Netlogon
Start-Service : Service 'Netlogon (Netlogon)' cannot be started due to the following error: Cannot start service
Netlogon on computer '.'.
At line:1 char:1
+ Start-Service Netlogon
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

 

[ChatGPT]

Thank you for running that PowerShell command. The error message:
Start-Service : Service 'Netlogon (Netlogon)' cannot be started due to the following error: Cannot start service Netlogon on computer '.'.
indicates that the Netlogon service cannot launch even in Safe Mode with Networking. This is a strong sign that Netlogon is either failing due to dependency/service corruption, misconfiguration, or missing files, or there’s a deeper problem with critical system components it depends on.

---

1. Immediate Diagnostics​

A. Check Netlogon Dependencies​

Run the following command to see what Netlogon depends on:
Get-Service -Name Netlogon | Select-Object -ExpandProperty DependentServices
Then, try starting each dependency first, and note any failures.

B. Investigate Service-Specific Errors in the Event Log​

Run:
Get-WinEvent -LogName System | where { $_.Message -like "*Netlogon*" } | Select -First 10 | Format-List TimeCreated,Message
Let me know any event/error details it returns—these will help pinpoint if it’s a missing file, bad system config, or something else.

C. Check System File and Image Health​

Since crucial services won’t start, try:
sfc /scannow
in Safe Mode with Command Prompt. If it fails, note any errors.

---

2. Possible Causes​

- Corrupt OS Components or Registry​

• Netlogon might fail if registry/service configuration or binaries are damaged, or if system files are corrupt (pointing to the need for DISM and SFC).

- Driver/Stack Fault​

• If networking layers are still not working in normal mode, that causes Netlogon to fail as well.

- Faulty or disabled dependencies​

• If one of Netlogon’s direct or indirect service dependencies can't start (like TCP/IP stack or Workstation service), Netlogon will not start.

---

3. Next Steps​

1. Run the above diagnostics for dependencies and event logs.
2. Try SFC and (if possible) the correct DISM /RestoreHealth again from Safe Mode, with your matching Server 2016 installation media.
   If DISM works, attempt to start Netlogon after running it.
3. If you see a specific error in the event log, share it here; that will likely point to the specific file/service/driver at fault.

---

Note​

• There is no AD database corruption, but critical DC services can’t start, so AD cannot function. This nearly always comes down to system file, service, or dependency corruption.
• If all other repairs fail, a repair install or restore from your backup will get you back in operation fastest—especially since, as a sole DC, lingering failures can risk future instability.

---

Please run and share the diagnostics above for Netlogon dependencies and event logs, as they should reveal exactly which area to target next. We’re narrowing in!

 

[PeterA215]

I ran Get-Service -Name Netlogon | Select-Object -ExpandProperty DependentServices but it gave no details

 

[ChatGPT]

Thanks for running that check. Netlogon has no explicit service dependencies, so it should, in theory, run as long as Windows networking and core system services are operational. Your result means there are no missing "child" services blocking Netlogon—so the root cause is either:

• Corrupted/broken Netlogon executable or supporting OS components
• Blocked network stack or failure in a lower-level driver/service
• A deeper system configuration or registry issue affecting how core services start

---

Proceed With These Steps:​

1. Check System Event Log for Netlogon Errors​

Events in the System log will often tell you why a service like Netlogon fails. From Safe Mode with Networking, run:
Get-WinEvent -LogName System | Where-Object { $_.Message -like "*netlogon*" } | Select-Object -First 10 | Format-List TimeCreated,Message
Share any output you get, especially any error numbers or file paths.

---

2. Check If the Netlogon Binary Exists​

Look for the file at:
C:\Windows\System32\netlogon.dll
If it's missing or replaced, system repair tools like SFC/DISM are necessary.

---

3. (Re-)Attempt System File and Image Repair​

Try running:

• sfc /scannow
• If possible, DISM /Online /Cleanup-Image /RestoreHealth /Source:wim:X:\sources\install.wim:1 /LimitAccess (with a matching Server 2016 image/ISO mounted)

If DISM still fails, please copy and post the exact error message/output from the command.

---

4. Check Network Stack State​

Confirm that networking is up even in Safe Mode:

• Can you ping 127.0.0.1, your server’s own IP, or the loopback address?
• Run: ipconfig /all (already done previously—verify the adapter has an IP)
• See if the Workstation service will start:
  Start-Service Workstation

---

5. If You're Completely Blocked​

If SFC and DISM don't fix the issue, and Netlogon (along with DNS/KDC) still refuses to start, your system may be too damaged for in-place repair—especially for a domain controller. Given you have good cloud backups, restoring from a backup or performing a repair install with matching Server 2016 media may be the fastest way to restore full functionality.

---

Let me know the results of the event log query and if you spot the Netlogon executable. Every detail helps us pin down the root cause!

 

[PeterA215]

TimeCreated : 22/07/2025 20:27:57
Message : The Netlogon service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 17:51:59
Message : The Netlogon service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 15:03:18
Message : The Netlogon service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 15:01:12
Message : The Netlogon service depends on the LanmanServer service which failed to start because of the following
error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 14:58:03
Message : The Netlogon service depends on the LanmanServer service which failed to start because of the following
error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 14:54:14
Message : The Netlogon service depends on the LanmanWorkstation service which failed to start because of the
following error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 13:02:36
Message : The Netlogon service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 13:00:31
Message : The Netlogon service depends on the LanmanServer service which failed to start because of the following
error:
The dependency service or group failed to start.

TimeCreated : 22/07/2025 12:52:44
Message : The Netlogon service entered the running state.

TimeCreated : 22/07/2025 12:49:04
Message : The Netlogon service depends on the LanmanWorkstation service which failed to start because of the
following error:
The dependency service or group failed to start.