server 2012 r2 event id 18456

Question

server 2012 r2 event id 18456

Duncan McDonald 21

A DC running 2012 r2 has a continuous error in event viewer 'Application'
The log is;
Source: MSSQL$MICROSOFT##WID
Event ID: 18456
Task Category: Logon
Level: Information
Keywords: Classic,Audit Failure
User: NETWORK SERVICE
Computer: DC2.Domain
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'RdCms'. [CLIENT: <named pipe>]
Security UserID="S-1-5-20"

The user 'NT AUTHORITY\NETWORK SERVICE' is set to logon as a service

DC2 does not provide the broker service for RDC nor does its partner DC1. A separate 2008 r2 which is used for data and application purposes provides RDC

SQL Management does not connect to any dBase

The real problem here is that the BMR backup is now failing

Suggestions to sort would be appreciated

5 answers

Your answer

Answer 1

Sounds like an abundance of corruption. The safer / cleaner method would be to stand up a new one for replacement.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to Accept as answer if the reply is helpful--

Answer 2

Anonymous

Hi,
Before going further, you can check the status of the DCs and the replication in the domain.
Following command for your reference:
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *
If there are any progress, welcome to update here!
Best Regards,

Answer 3

Anonymous

Any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--

Duncan McDonald 21 Reputation points

2021-04-23T18:33:08.093+00:00

As suggested, I ran DCdiag and Repadmin. I can't see any obvious issues in the output. I also repeated the exercise with the RID DC.
Both DC's seem to be OK albeit they are carrying baggage from the original domain setup which was 2000. The domain has simply been updated via 2003 to 2008 and now 2012. Also moving from 32bit to 64 bit.
RDC is setup on a 2008 server used as a data source.
I can make available the output files via cloud link or text file if it helps
Anonymous

2021-04-23T18:40:25.937+00:00

Sounds like an abundance of corruption. The safer / cleaner method would be to stand up a new one for replacement.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to Accept as answer if the reply is helpful--
Duncan McDonald 21 Reputation points

2021-04-23T20:06:23.317+00:00

I'm not sure of the corruption you refer to since both DC's seem to do what is required of them.
It is DC2 exhibiting this error and failing its BMR backup related to rdcms.
This server does not license or broker RDS.
I can make a replacement DC but knowing and understanding the issues when all otherwise seems normal is important to know and understand / explain why
Anonymous

2021-04-23T20:21:43.967+00:00

We only know from what you tell us and from your original post there are apparently some unexplainable occurrences. If all is functional then I suppose you can ignore it but in my opinion I'd replace it. Standing up a new domain controller for replacement would only take 30 minutes or so to do so it really isn't worth much time trying to diagnose corruption and or one-offs. Build a new one and move on.

--please don't forget to Accept as answer if the reply is helpful--
Anonymous

2021-04-28T07:06:48.303+00:00

If there are any progress, welcome to share here!
Best Regards,

Answer 4

Duncan McDonald 21

I work in a production environment which does not permit experimentation and changes without first planning. The DC in question does not support only that role but others including DFS variously across 3 servers.
I will try as suggested, replacement of the DC possibly this weekend, unless there is a disaster. At the moment the biggest concern is that the BMR backup does not complete on that machine. All other backup systems are OK

Answer 5

Anonymous

which does not permit experimentation

Could not agree more. Replacement as mentioned will be the safest / cleanest move. Splitting the domain controller off onto it's own instance of windows provides a much more simplified environment.

--please don't forget to Accept as answer if the reply is helpful--

Share via

server 2012 r2 event id 18456

5 answers

Your answer