I've been grappling with an issue for the past few days while trying to add new Domain Controllers (DCs) running Windows 2022 to my existing setup, where the current DCs are on Windows 2016. My environment is based in VMWare 8.03, and everything seemed to be going smoothly until the servers started failing to reboot after the configuration was complete. Here's the sequence of steps I've taken so far:
1. Set up Windows, applied patches, assigned a Static IP and computer name, then rebooted.
2. Installed VMWare tools, rebooted again.
3. Joined the domain, rebooted, left it running for a day, then rebooted once more.
4. Added DNS, went through another reboot.
5. Installed Active Directory services, rebooted again.
6. Promoted to DC and followed the typical prompts before rebooting again.
7. After a few hours, I checked for issues with DCDIAG and REPADMIN, which reported no errors.
However, when I tried rebooting the next day, the same failure happened. I managed to boot into safe mode after using the boot CD/ISO, and found an error in the logs:
"The session setup to the Windows Domain Controller \\old-dc.mydomain.local for the domain mydomain failed because the Domain Controller did not have an account NEWSERVER$ needed to set up the session by this computer NEWSERVER."
While the computer name appears correctly in users and computers and I can ping the IP, attempts to boot into 'active directory repair mode' don't complete. I've tried to find solutions online, but nothing seems to address my issue. I'm considering forcibly removing this server from AD and starting fresh, but I feel like there might be a deeper AD problem that I need to identify. I did convert the existing AD from FRS to DFRS beforehand, and that seemed to go well. I'm likely overlooking something simple, but I'm a bit overwhelmed right now.
4 Answers
Make sure there are no firewalls blocking access or incorrect DNS settings. Even if they're on different switches, being on the same VLAN should keep them connected without issues.
Have you thought about running some health check scripts for Active Directory? There are quite a few good PowerShell scripts available that can help you identify underlying issues.
Did you manually add 'NewServer' to Active Directory before creating and joining the machine? I encountered a bug when I did that, and the solution was to delete the manually added computer object, allow AD to create it automatically after joining, and then promote it.
I was really careful to ensure that the previous server name wasn’t lingering in AD before I rebuilt the VM. I also checked replication was done, though it did end up getting a DHCP address instead of the fixed one at first.
Just to be safe, if you do remove the object from AD, give it around 20 minutes before rejoining the domain to give everything time to sync up.
You might want to check the existing domain controllers. Run the command `NET SHARE` and see if NETLOGON is listed on both of them. If it's missing on either, you could be facing a replication issue that needs resolving first.
NETLOGON is visible on both of the old DCs, so it looks like replication might not be the problem.
There’s no firewall setup, and they’re actually resolvable by name and pingable in safe mode with networking.