Hi,
Yesterday I promoted new DC in our domain in our one of remote site. This is migration to Windows Server 2019 so there are other DCs (about 20 on Windows 2016 and 2019).
It was re-IPed and renamed. Before promotion I demoted old DC in that site.
Everything was fine. I configured server did a promotion. Used IFM to make the replication faster.
Promotion finished with success "This server was successfully configured as a domain controller"
Then DC automatically rebooted. Once up I was not able to log into it via RDP or HyperV console.
I am receiving "The sign-in method you're trying to use isn't allowed. For more info. contact your network administrator"
I use my Domain Administrator account, I am able to log in with this account to any other DC in domain.
Ok, I thought that IFM went wrong and get rid of this server, cleared metadata and prepared new server. This time I replicated AD DB from another DC.
Unfortunately after the restart I have got the same problem.
Was able to log into this DC in DSRM mode and noticed that all AD and DNS services are not working. When I tried to run these I wasn't able.
There are events created NETLOGON 5721 each time I try to run AD DS.
"The session setup to the Windows Domain Controller name for the domain name failed because the Windows Domain Controller does not have an account for the computer computer name."
DNS doesn't want to start (event ID 7001) and says that it depends on NTDS service which failed to start.
I have checked and there is computer object in AD for DC correctly placed in DC OU. There are no other AD objects with the same name.
I was not able to find the solution for this issue. Since it happend twice I believe preparing third server without solution doesn't make sense.
This is not related for sure to GPO "Allow users to log on locally" I checked and there is Administrator group. As well tried to add my account directly.
Any ideas appreciated.