Cannot reach server after DCPromo

Hi all, based on questions I asked last week I decided it was a good idea to convert my RODC in a remote site to a full DC which involved using the dcpromo wizard to demote to a member server reboot and repromote to a full dc.  

As far as I can tell there are no real AD issues, there were some interesting events logged that I was concerned about until I read a few events down the line where it looks like the issues were later resolved.  

Either way I have a Single domain forest, forest and domain functional level are 2003, 2 sites.  

The main site has all workstations, most servers and 2 DC's that are GC, FSMO, DNS, DHCP.  

The remote site has 2 servers one USED to be an RODC, the other just an IIS Member Server.  As previously stated I demoted the RODC/GC rebooted Promoted to DC/GC rebooted.  I can reach that server fine via RDP but the IIS member server gives an error message now: An Authentication error has occured. The specified target is unknown or unreachable Remote computer: server.domain.com.

This is new behavior as I was always able to remote in to any server at that site via name.  

I can RDP in via IP address and all server OS's are 2008r2.  I could use some help in understanding what's happened here and correcting the issue.  

Many thanks
LWDudAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

piattndCommented:
What happens if you do an nslookup for that server?  Is this server a DNS server?  If not, try ipconfig /registerdns.

Also on your workstation, do an ipconfig /flushdns and try again.
0
LWDudAuthor Commented:
I did a flush dns on the workstation all dc's and member server.  nslookup is a normal response of the fqdn and it's correct IP.  

It's worth noting that I can connect remotly with any snapin I want to target via name...

I will do the registerdns anyway it certainly wont hurt anything.  Part of me wants to reboot the server but I can not do that during business hours.
0
piattndCommented:
So is this error only when trying to access the server via RDP by name?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LWDudAuthor Commented:
That is correct only by name.  Even if I try to remote in by name from the DC at this remote site I get the same error.
0
LWDudAuthor Commented:
It's also worth noting, by name it gives me the opportunity to enter credentials so I do know I am indeed reaching the server and there is DNS TCP/IP connectivity.  It fails with that error message after submitting credentials.
0
piattndCommented:
Go into the system properties, remote tab, see if there's a checkbox saying only to allow clients running Remote desktop with network level authentication.
0
piattndCommented:
This blog site explains the same behavior with a hotfix (requires reboot).

They did note that it only happens if you have NLA turned on, so the suggested action I mentioned above should fix the issue.  Should you want to leave NLA on, follow this article for the hotfix:

http://blog.kristinlgriffin.com/2010/08/authentication-error-has-occurred.html

Direct hotfix link:

http://support.microsoft.com/kb/953760
0
LWDudAuthor Commented:
Yes NLA is on and only accepting clients that support it.  My Windows 7 laptop supports it and used to work prior to this demore / promote operation.
0
piattndCommented:
The blog site goes into that information.  It worked for her as well and she even installed RDP 7.0.  Try that hotfix.
0
LWDudAuthor Commented:
So it's working now...

The only 2 things I did were ipconfig /registerdns which probably didn't do anything as the IP was already registered in DNS/properly resolving and a reboot.  

I had not rebooted the server in question prior to my posting this as it was hosting a website that had to stay operational until 8pm.  I sorta panicked when I couldn't reach it after messing with the DC at that site.  

Either way thanks for all the advice.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LWDudAuthor Commented:
The only thing I had not tried prior to posting this question was rebooting, this was because the server is a production web server.  Once I rebooted and it started working again I thought I should share what had happened.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.