Unable to login to Windows Server 2012 R2

We have 3 servers in our network: 1 Windows Server 2012 R2 (Domain Controller), 2 Windows Server 2008 R2 (1 domain controller, one Exchange).
Suddenly we were unable to logon tonthe windows 2012 machine using the administratir account! We are able to logon normally to the other servers! We have tried using other admin account, disconnectiog the machine from the network, rebooting but to no avail!!!
Any help would be much appreciated!
Thanks -
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Well, if you know the last successful login, you can try to log in with that account *AND PASSWORD* (even if the password has since changed.)  Cached credentials should log you in unless you forcibly disabled that.  Then you can look for simple network issues.

Otherwise you can reboot into DSRM and log in using the DSRM password (this gets set when you first promote the DC) and that is effectively a local account so it should succeed even if there are network issues. And from there you can troubleshoot.

And if you don't even have access to that (didn't record the password, etc) then you can restore from backup or clean up al references to the DC in AD and re-install and repromote clean.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
Does the 2012 machine hold the FSMO roles? From the 2008 DC run the following commands...
repadmin /replsum
repadmin /showrepl
DCdiag /v

netdom query dc
netdom query fsmo

Also open the services console on the 2008 DC and connect remotely to the 2012 services if you can ensure that all of the core services are start and set to automatic. Also do this same procedure but with the Event View and check the Directory Services event logs to see what is happening.

When you try and login to the DC (2012) what does it do? Does it give you an error message or trust issue etc?

MacleanSystem EngineerCommented:
1] What is the error reported when attempting to connect to the Windows 2012 Domain Controller machine?
2] If you connect to the secondary DC, can you see as per Will his suggestion whether replication is still working, and whether the dcdiag gives you any specific issues in its report (You can output info to desktop by using the below commands if easier)

repadmin /replsum >%userprofile%\desktop\replsum.log
repadmin /showrepl >%userprofile%\desktop\showrepl.log
DCdiag /v >%userprofile%\desktop\dcdiag.log
netdom query dc >%userprofile%\desktop\dc.log
netdom query fsmo >%userprofile%\desktop\fsmo.log

3] Can you connect to the other domain controller using cached passwords if enabled (e.g. disconnect the LAN cable, and log on using last known working domain admin PW)
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Grayhat7Author Commented:
Thank you guys for your prompt feedback!
@cliff: we have tried to login using more than one domain admins but to no avail. i will try rebooting into DSRM mode and let you know
@Will: Yes, the Win2012 Server holds the FSMO roles. The error it is giving when you login is: "Wrong username or password"
@Maclean: i can connect to other servers normally and replication works fluently between all servers!
MacleanSystem EngineerCommented:
If no luck with DSRM suggestion from cliff then it might be wise to log a call with Microsoft 1st, and if no luck consider seizing the FSMO roles and removing the failed DC from AD then rebuild it.

There might be alternatives, but this is likely what I would do to speed things up.
MacleanSystem EngineerCommented:
Just out of interest, which solution worked for you? The DSRM or other? Might benefit future readers :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.