Hi All, I was recently asked to resolve a sporadic replication issue at one of our remote offices. This office previously had a single domain controller, but it was having trouble so someone installed a second domain controller and later shut down the "original-DC". Bringing the original-DC back up resolved replication for a few days, but it's broke again. Automatic site-link bridging is enabled and intrasite replication appears to be using the original DC as the site bridgehead. After quite a bit of troubleshooting, it appears to me that the original DC has a broken secure channel with the domain, which is likely causing the replication issue to/from this site (replication between all other sites works fine). When I ran "nltest /server:Original-DC /sc_verify:our-domain", it failed. Running the same against the new DC at that site or other DC's at other sites is successful. The latest issue is that I can no longer login to Original-DC. I think this occurred when a colleague recently attempted to demote the server and removed the DNS, DHCP and global catalog role (the remaining server is also enabled as a global catalog). The demotion failed since replication is broken and although the server is up and running, we can no longer login to it. At this point, there is no reason to keep this server as a DC, but I need to figure out how to cleanly demote it and ensure that replication is working properly via the surviving site DC. I tried running "nltest /server:Original-DC /sc_reset:our-domain"" from the working DC, but it failed with "ERROR_NO_TRUST_SAM_ACCOUNT"
Any thoughts? Thanks!!