Server 2019 Domain Controller Issues

Jamey Wright 1 Reputation point
2021-08-03T17:14:59.673+00:00

We currently have a single domain with 2 domain controllers. One DC is running Server 2012R2 and the other is running Server 2016. I am in the process of upgrading all of our servers to Server 2019. The DCs are some of the last servers to be done. I built up a new server in VMware and loaded Server 2019 Datacenter. I have it on the network and fully patched. I joined it to the domain. I went to Server Manager -> Add Roles and Features -> and selected Active Directory Domain Services and clicked next. The Roles and Feature installer added DNS and proceeded to install everything and rebooted. After reboot, Server Manager said I need to Promote to a Domain Controller so I clicked the button and went through the steps and entered a DSRM password. Server rebooted when everything was complete.

When I go to the virtual machine console, I cannot log into the server. It says "Incorrect password". I know the password is correct because I can log onto other servers using the same credentials. If I try to use any domain account, I get the same message. If I try to use RDP to log in, I get the same message. I can connect to the server using Server Manager or Powershell and manage it that way so I know authentication is working. I have built two different servers and had the same issue both times. Using Server Manager I removed the Active Directory Domain Services role and after the server rebooted, I was able to log in again. I added the role again and had the same result.

I am at a loss on this. Searching the Internet hasn't produced any useful answers.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Philippe Levesque 5,836 Reputation points
    2021-08-03T17:23:18.193+00:00

    Hi

    When you promote are your DNS record set correctly into the server ? and from another DC can you run repadmin /replsummary to make sure the replication is ok ?

    I would add, can you check to make sure the keyboard layout is ok for the "new account", or check to see the password after you typed it ? I ask as for the domain profile I know if your domain admin password contain special entry, an error in the keyboard layout can hurt your login.

    Thanks

    Philippe

    0 comments No comments

  2. Jamey Wright 1 Reputation point
    2021-08-03T19:24:28.017+00:00

    Yes, server records are showing up correctly in DNS. Repadmin /replsummary is OK. No errors

    I created a temp admin account with a simple password and entered it. I clicked the "eye" button to view the password and it is correct.

    0 comments No comments

  3. Anonymous
    2021-08-04T04:35:44.877+00:00

    After reboot, Server Manager said I need to Promote to a Domain Controller so I clicked the button and went through the steps and entered a DSRM password

    This sounds problematic, if it were me I'd clean install it, patch fully and try it again. Perform the cleanup here if necessary before stand up the new oe again.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  4. Jamey Wright 1 Reputation point
    2021-08-04T13:50:42.22+00:00

    Already did that... several times. Does the same thing every time.

    0 comments No comments

  5. Anonymous
    2021-08-06T02:50:28.97+00:00

    Please run;

    Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
    repadmin /showrepl >C:\repl.txt
    ipconfig /all > C:\dc1.txt
    ipconfig /all > C:\dc2.txt
    ipconfig /all > C:\dc3.txt

    then put unzipped text files up on OneDrive and share a link.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.