We have recently created two new Server 2019 domain controllers to replace two old Server 2012 DCs. Before decommissioning the old DCs we have tested by shutting them down. While they are shut down ADFS authentication fails with an error "There are currently no logon servers available to service the logon request." When we turn the old DCs back on authentication works fine.
The ADFS server has had is DNS settings changed to utilize DNS from the two new DCs, and furthermore with ping and nslookup commands I've been able to prove that it can resolve and contact domain hosts including all of the old and new DCs. In particular, an nslookup of '_ldap._tcp.dc._msdcs.[domain]' specifically returns a list of all of the old and new domain controllers, so there seems no doubt that the server is aware of all the available DCs.
The ADFS server and all the DCs are on the same AD site (we only have one site) and all on the same domain (we have only one domain). If it's relevant, I can mention that all these servers all sit in our Azure tenant.
Any ideas on why the ADFS server can not authenticate when the old DCs are offline, even though its DNS has discovered and can contact the new controllers?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 6%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
