Hi Avi Markowitz,
Thank you for posting in the Microsoft Community Forum.
It sounds like you're encountering persistent authentication issues after promoting new servers to domain controllers, specifically on Windows Server 2019 and 2022, and experiencing difficulties even after joining the domain without any problem. Here are some steps you can take to troubleshoot and potentially resolve this issue:
- **Review Windows Updates**: Since the issue seems to have started after recent Windows updates, review the updates that were installed on both the domain controllers and the newly promoted servers. Look for any updates that might be related to authentication, networking, or domain services. Consider rolling back these updates to see if it resolves the issue.
- **Check Group Policy Settings**: Ensure that there are no conflicting or misconfigured Group Policy settings that could be affecting authentication on the domain controllers. Pay special attention to policies related to security settings, network settings, and domain controller configuration.
- **Verify DNS Configuration**: Double-check the DNS settings on both the domain controllers and the newly promoted servers. Ensure that they are pointing to the correct DNS servers and that DNS resolution is working properly. Check for any DNS issues that might be preventing proper domain controller authentication.
- **Examine Active Directory Replication**: Verify that Active Directory replication is functioning correctly between all domain controllers in your environment. Use tools like Repadmin or Active Directory Sites and Services to check for any replication errors or issues.
- **Review Event Logs**: Look for any relevant error or warning messages in the event logs on both the domain controllers and the newly promoted servers. Pay attention to events related to authentication, domain services, and networking.
- **Check System Time Synchronization**: Ensure that the system time is synchronized across all domain controllers and member servers. Time discrepancies can cause authentication issues in Active Directory environments.
- **Test Authentication with Different Accounts**: Try logging in to the affected servers using different domain accounts, including administrative accounts and regular user accounts, to see if the issue is account-specific or affecting all authentication attempts.
- **Consider Firewall and Antivirus Settings**: Review the firewall and antivirus settings on both the domain controllers and the newly promoted servers. Ensure that there are no rules or policies blocking necessary network traffic or interfering with domain authentication processes.
By carefully reviewing these areas and performing targeted troubleshooting steps, you should be able to identify and resolve the authentication issues you're experiencing with your domain controllers and newly promoted servers.
Best regards
Neuvi Jiang