Trust relationship between workstation primary domain failed after moving dc/gc to 2019 from 2012

Sunith 81 Reputation points
2023-02-11T07:37:01.3166667+00:00

Domain Name: ka.dn.com

All users can login using "ka\username"

Moved DC from Windows 2012 to 2019 | Demoted the 2012 to become a 2ndary DNS | Moved all FSMO roles to new DC | 

Checked all settings from client side and everything points to the new server, DHCP, DNS etc

After restarting the client, we get a message the "trust relationship is broken......."

How can we correct this?

adding a device to the domain we could use the domain "KA" with admin account "KA\Administrator"

however after moving the DC we get "target account name is incorrect"

and we need to enter the FQDN "ka.dn.com\Administrator"

How can we correct this?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,706 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,580 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,925 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
Windows Server Migration
Windows Server Migration
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Migration: The process of making existing applications and data work on a different computer or operating system.
424 questions
0 comments

20 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunith 81 Reputation points
    2023-02-12T15:28:10.3866667+00:00

    When I ping the domain name the IP i get is of the offline UAEDC4 not of RLBDC01

    0 comments
  2. Anonymous
    2023-02-12T15:48:39.8566667+00:00

    The dcdiag you ran on RLBDC01 reports that there are four DCs UAEDC3, UAEDC4, RLBAEAD, RLBDC01 but all test failed on all, even on RLBDC01 itself so nothing appears to be operational.
    Skipping all tests, because server RLBDC01 is not responding to directory service requests

    What's in the system event log?

    0 comments
  3. Sunith 81 Reputation points
    2023-02-12T16:19:42.1433333+00:00

    Event ID: - 10028

    DCOM was unable to communicate with the computer 192.168.36.21 using any of the configured protocols; requested by PID 24b0 (C:\Windows\system32\dcdiag.exe), while activating CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.

    Event ID: 4008

    The DNS server received indication that zone _msdcs.ae.rlb.com was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

    Is there a way to retrieve this from offline servers?

    What do you suggest we do to get this back up & running?

    0 comments
  4. Anonymous
    2023-02-12T16:32:44.7+00:00

    I'm surprised that is all. I don't think this new one was ever operational before the others were demoted, but then that's somewhat of a guess. Also seems that there may not have been an FRS->DFSR migration before adding the new ones which is a prerequisite. May want to restore the old PDC emulator from a known good backup, perform cleanup to remove remnants of others from active directory.

    Clean up Active Directory Domain Controller server metadata

    Step-By-Step: Manually Removing A Domain Controller Server

    Then check the prerequisites are met to introduce the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR

    Then confirm all is good by using dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can move on to next one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  5. Sunith 81 Reputation points
    2023-02-12T19:59:59.6+00:00

    At this point of time, we only have one DC and ideally is there a way to rebuild this DNS Zone and get it AD integrated.

    All ADUC & everything is there on the new DC its just this DNS part making it unavailable.

    Under AD deleted objects I can see the below from the old server, any good?

    001

    002

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.