Problems with Domain controller after promotions. How to fix 5721 event ID

Paweł W 1 Reputation point
2022-06-07T08:22:34.843+00:00

Hi,

Yesterday I promoted new DC in our domain in our one of remote site. This is migration to Windows Server 2019 so there are other DCs (about 20 on Windows 2016 and 2019).
It was re-IPed and renamed. Before promotion I demoted old DC in that site.
Everything was fine. I configured server did a promotion. Used IFM to make the replication faster.
Promotion finished with success "This server was successfully configured as a domain controller"
Then DC automatically rebooted. Once up I was not able to log into it via RDP or HyperV console.
I am receiving "The sign-in method you're trying to use isn't allowed. For more info. contact your network administrator"
I use my Domain Administrator account, I am able to log in with this account to any other DC in domain.

Ok, I thought that IFM went wrong and get rid of this server, cleared metadata and prepared new server. This time I replicated AD DB from another DC.
Unfortunately after the restart I have got the same problem.

Was able to log into this DC in DSRM mode and noticed that all AD and DNS services are not working. When I tried to run these I wasn't able.
There are events created NETLOGON 5721 each time I try to run AD DS.

"The session setup to the Windows Domain Controller name for the domain name failed because the Windows Domain Controller does not have an account for the computer computer name."

DNS doesn't want to start (event ID 7001) and says that it depends on NTDS service which failed to start.

I have checked and there is computer object in AD for DC correctly placed in DC OU. There are no other AD objects with the same name.
I was not able to find the solution for this issue. Since it happend twice I believe preparing third server without solution doesn't make sense.
This is not related for sure to GPO "Allow users to log on locally" I checked and there is Administrator group. As well tried to add my account directly.

Any ideas appreciated.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,524 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-06-07T12:29:24.727+00:00

    I'd check the domain health is 100% before making any changes or adding new domain controllers (dcdiag, repadmin tools). Also note; The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Paweł W 1 Reputation point
    2022-06-07T12:32:44.02+00:00

    Hi

    Our AD functional level is 2016. There is already one DC on Windows server 2019.
    I used repadmin tool and replication was running smoothly.
    I don't see any other sights of issues.

    0 comments
  3. Anonymous
    2022-06-07T13:54:02.38+00:00

    Maybe this one.
    https://video2.skills-academy.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/interactive-logon-isnt-allowed

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  4. Limitless Technology 39,611 Reputation points
    2022-06-08T07:34:30.377+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having issues related to event ID 5721 on new Domain controller.

    Please note this can happen if AD replication is not completed or in-progress,

    1. Please try to run AD replication status tool to verify AD replication health of all your 20 Domain controllers.

    https://www.microsoft.com/en-in/download/details.aspx?id=30005

    1. Please verify Date and Time should be synced with PDC.

    3 .Please check on new Domain controller DNS ip should be of your Primary DC and not of Firewall or Router IP.

    1. Disable any Antivirus program or Windows firewall you may have for temporary purpose.
    2. Please AD Site and services and verify IP subnet is defined

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  5. Paweł W 1 Reputation point
    2022-06-08T08:44:36.057+00:00

    Thanks for suggestions. I am going to try to promote DC in different site in the meantime to check if this is not site related and get back to you with findings.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.