I have a Server 2012 Domain Controller that has been in production for approx 2 months and has worked fine until the past two weeks. Its a new server, OS, etc but has the same name as an old 2003 DC that was replaced. The old one was demoted, renamed, re-ip'd, etc before this server was added. The problem is that at startup it takes about 2 hours before the ctrl+alt+del menu finally comes up. When I CAN finally login, I never get past the "Please Wait for the user Profile Service". I let it run for 48 hrs and it stays in the same place. This is a production fileserver so rebooting during the day is difficult, but so far I have:
- rebooted a gazillion times
- tried booting to last known good - no luck but says something about undoing updates
- tried starting in safe mode - no luck same as above
- tried booting off of dvd to repair without deleting everything
- tried booting from directory services repair mode - nothing
- did get the server to login instantly after I pulled network cables out earlier this week (can't get it to work again)
The strange thing is that I can access the registry, shares, services, etc remotely, but eventvwr, printing, and local login won't work.
Our monitoring company was installing their Blink software on it right before this started happening, but I don't know if it's that, a Windows Update, AD, or what. I had been working on a pc on our network that had a machine account password issue and ran across this and have changed our computer password age.
Running dcdiag /v against the server gives me:
The session setup from computer '%server%' failed because the security database does not contain a trust account '%server%$' referenced by the specified computer.
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and '%server%$' is a legitimate machine account for the computer '%server%' then '%server%' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If '%server%$' is a legitimate machine account for the computer '%server%', then '%server%' should be rejoined to the domain.
If '%server%$' is a legitimate interdomain trust account, then the trust should be recreated.
I just found the above and haven't really researched it yet but I've tried everything I can think of at this point. Any help?