Windows Server 2016 - DNS/AD problem

R

ramon82

Extraordinary Member
Windows Server 2016 - DNS/AD problem

Hi all - at one point our DC froze and we had to do a restart. It installed a lot of updates and then once it got up and running again we started experiencing problems with DNS, passwords, mapped drives etc - please refer to screenshots. Its as if the communication between the desktops and the server got out of sync somehow.

Any idea what we can do please?

Thank you
 

Attachments

  • error1.png
    error1.png
    70.5 KB · Views: 0
  • error2.png
    error2.png
    23.5 KB · Views: 0
More than one DC? Are all DCs also GCs or do you have a single GC?
Have you run dcdiag? That will typically give you details about issues.

Kerberos is very time sensitive, so the DCs and client devices need to be within 5 minutes of each other or you will have a lot of issues
 
jupiter.local : DC
JUPITERDC01 : server name where I am running dcdiag

dcdiag:

C:\Users\Administrator.jupiter>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = JUPITERDC01
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\JUPITERDC01
Starting test: Connectivity
Error during resolution of hostname JUPITERDC01.jupiter.local through IPv4 stack.
*** Warning: could not confirm the identity of this server in the directory versus the names returned by DNS
servers. Hostname resolution error 0x2af9 "No such host is known."
Error during resolution of hostname JUPITERDC01.jupiter.local through IPv6 stack.
*** Warning: could not confirm the identity of this server in the directory versus the names returned by DNS
servers. Hostname resolution error 0x2af9 "No such host is known."
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... JUPITERDC01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JUPITERDC01
Skipping all tests, because server JUPITERDC01 is not responding to directory service requests.


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : jupiter
Starting test: CheckSDRefDom
......................... jupiter passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... jupiter passed test CrossRefValidation

Running enterprise tests on : jupiter.local
Starting test: LocatorCheck
......................... jupiter.local passed test LocatorCheck
Starting test: Intersite
......................... jupiter.local passed test Intersite
 
Since you only have 1 AD w/DNS you should only have a single entry for DNS w/forwarding to your choice of external DNS servers. Make sure you do not have an external DNS server for internal resolution that will cause a lot of problems nor in DHCP if you have that configured.
 
Hi again i discovered that this seems to be an AD issue through event viewer:

The Security System has detected a downgrade attempt when contacting the 3-part SPN

ldap/JUPITERDC01.jupiter.local/[email protected]

with error code "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)". Authentication was denied.

Any ideas??
 
Active Directory and DNS can be complex topics to troubleshoot. Is there not an internal IT resource?
 
You must log in or register to reply here.

Similar threads

vzsolti
Windows Server 2022 VPN with RRAS - Could not connect
Replies
1
Views
912
ChatGPT
ChatGPT
Alex Sokolek
A strange problem with modeless dialog boxes
Replies
6
Views
204
Alex Sokolek
Alex Sokolek
R
Why are Credentials never working properly on Win 10 Pro?
Replies
2
Views
402
ussnorway
ussnorway
R
Need Help With Removing an Image From a Website Screen
Replies
3
Views
510
ChatGPT
ChatGPT
F
  • Question
gpupdate fail - error "access denied" sporadically - event 1058 and 1096
Replies
6
Views
4K
Neemobeer
Neemobeer
Back
Top