Solved

server 2012 dc hangs after logon

Posted on 2014-07-31
5
153 Views
Last Modified: 2015-01-21
I have a Server 2012 Domain Controller that has been in production for approx 2 months and has worked fine until the past two weeks. Its a new server, OS, etc but has the same name as an old 2003 DC that was replaced. The old one was demoted, renamed, re-ip'd, etc before this server was added. The problem is that at startup it takes about 2 hours before the ctrl+alt+del menu finally comes up. When I CAN finally login, I never get past the "Please Wait for the user Profile Service". I let it run for 48 hrs and it stays in the same place. This is a production fileserver so rebooting during the day is difficult, but so far I have:

- rebooted a gazillion times
- tried booting to last known good - no luck but says something about undoing updates    
- tried starting in safe mode - no luck same as above
- tried booting off of dvd to repair without deleting everything
- tried booting from directory services repair mode - nothing
- did get the server to login instantly after I pulled network cables out earlier this week (can't get it to work again)

The strange thing is that I can access the registry, shares, services, etc remotely, but eventvwr, printing, and local login won't work.

Our monitoring company was installing their Blink software on it right before this started happening, but I don't know if it's that, a Windows Update, AD, or what. I had been working on a pc on our network that had a machine account password issue and ran across this and have changed our computer password age.

 http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx#pi145002=3

Running dcdiag /v against the server gives me:

 The session setup from computer '%server%' failed because the security database does not contain a trust account '%server%$' referenced by the specified computer.  

            USER ACTION  

            If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and '%server%$' is a legitimate machine account for the computer '%server%' then '%server%' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  
           

            If '%server%$' is a legitimate machine account for the computer '%server%', then '%server%' should be rejoined to the domain.  

            If '%server%$' is a legitimate interdomain trust account, then the trust should be recreated.  


I just found the above and haven't really researched it yet but I've tried everything I can think of at this point. Any help?
0
Comment
Question by:FCB_IT
  • 3
5 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 40233151
not sure what that monitoring company installed but I would tale it off quickly. are you able to verify all ip addresses on the nics are correct etc?

I will check those few simple things first like IP addresses, errors in the event log. If I don't see anything serious there, me, I would wipe the whole thing out and  reinstall. Much easier in my opinion been researching and troubleshooting for hours on end. And while I'm at it I would reformat that old DC that's been demoted.
0
 

Author Comment

by:FCB_IT
ID: 40233160
Software is beyond trust powerbroker. Problem is that I can't log in to view event log nor i can view the nics.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40233928
How many DC servers do you have?
Is this only single server left OR you have multiple DCs?
If this is only DC you have, you will lose AD completely and then you need to start from scratch.

Try below
Restart problematic DC in DSRM mode and demote it forcefully through GUI (select forceremoval option)

Note that dcpromo command is no more supported on 2012 onwards and you have to use GUI

This will bring that server to workgroup, now here if thsi is the last DC, you have to start over again from scratch

If this is just ADC, then use below link to remove its computer account from AD
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Then change its hostname if possible and promote it again to ADC
Check below link
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff531e4f-4034-4770-bf0a-46c854884724/repromote-dc-with-same-name-after-dcpromo-forceremoval
http://support.microsoft.com/kb/555846

Mahesh.
0
 

Accepted Solution

by:
FCB_IT earned 0 total points
ID: 40553811
We ended up blowing away the server and starting over with a fresh install and everything has been fine since.
0
 

Author Closing Comment

by:FCB_IT
ID: 40561587
klmlkj
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question