When I ping the domain name the IP i get is of the offline UAEDC4 not of RLBDC01
Trust relationship between workstation primary domain failed after moving dc/gc to 2019 from 2012
Domain Name: ka.dn.com
All users can login using "ka\username"
Moved DC from Windows 2012 to 2019 | Demoted the 2012 to become a 2ndary DNS | Moved all FSMO roles to new DC |
Checked all settings from client side and everything points to the new server, DHCP, DNS etc
After restarting the client, we get a message the "trust relationship is broken......."
How can we correct this?
adding a device to the domain we could use the domain "KA" with admin account "KA\Administrator"
however after moving the DC we get "target account name is incorrect"
and we need to enter the FQDN "ka.dn.com\Administrator"
How can we correct this?
20 answers
Sort by: Most helpful
-
-
Anonymous
2023-02-12T15:48:39.8566667+00:00 The dcdiag you ran on RLBDC01 reports that there are four DCs UAEDC3, UAEDC4, RLBAEAD, RLBDC01 but all test failed on all, even on RLBDC01 itself so nothing appears to be operational.
Skipping all tests, because server RLBDC01 is not responding to directory service requestsWhat's in the system event log?
-
Sunith 81 Reputation points
2023-02-12T16:19:42.1433333+00:00 Event ID: - 10028
DCOM was unable to communicate with the computer 192.168.36.21 using any of the configured protocols; requested by PID 24b0 (C:\Windows\system32\dcdiag.exe), while activating CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Event ID: 4008
The DNS server received indication that zone _msdcs.ae.rlb.com was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.
Is there a way to retrieve this from offline servers?
What do you suggest we do to get this back up & running?
-
Anonymous
2023-02-12T16:32:44.7+00:00 I'm surprised that is all. I don't think this new one was ever operational before the others were demoted, but then that's somewhat of a guess. Also seems that there may not have been an FRS->DFSR migration before adding the new ones which is a prerequisite. May want to restore the old PDC emulator from a known good backup, perform cleanup to remove remnants of others from active directory.
Clean up Active Directory Domain Controller server metadata
Step-By-Step: Manually Removing A Domain Controller Server
Then check the prerequisites are met to introduce the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
Then confirm all is good by using dcdiag / repadmin tools to verify health
correcting all errors found
before startingany
operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can move on to next one.--please don't forget to
upvote
andAccept as answer
if the reply is helpful-- -
Sunith 81 Reputation points
2023-02-12T19:59:59.6+00:00 At this point of time, we only have one DC and ideally is there a way to rebuild this DNS Zone and get it AD integrated.
All ADUC & everything is there on the new DC its just this DNS part making it unavailable.
Under AD deleted objects I can see the below from the old server, any good?