I will be migrating from a 2000/2003 to two 2012 DC's over the next 12 months. I have demoted the 2000 DC, Upgraded the forest to 2003, and added the two 2012 DCs. The plan is to have one 2012 server as the production server and the other as a backup DC/backup files.
The problem I am having is when I test the 2012 DC by itself. I bring down the two 2012 DCs then restart the 2012 DC. It comes up, but has severe problems. Exchange doesn't work and after a while neither does the domain function (cannot logon). Please note that the 2012 server is the production, and the 2000 was a backup DC. Then, when I shut down everything, bring up a 2012 DC, then bring up my 2003 server everything works fine.
The first thing I see that looks wrong, in the system event log is an SPNEGO 40960 error from LsaSrv shortly after IPL:
The Security System detected an authentication error for the server LDAP/SVR02. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
There are many 40960 errors, and the other errors seem to indicate a problem with logon servers. They seem to slowly bring the ship down.
What can I do so that the 2003 DC can run without the 2012 DCs? The 2012 DCs are supposed to be backup DCs