Recently, I spent a few hours troubleshooting a stubborn Microsoft Windows Server 2016 domain controller in a very small, single DC environment. This of course meant that all Windows authentication was not working, but luckily, this environment mainly requires SQL Server which happened to use SQL Authentication, so end users were not affected. In all our monitors, the server was showing offline and while onsite, backups were no longer working due to windows authentication not functioning to authenticate to SMB shares to store the backup files.
When trying to log in to the server it was failing with the error “There are currently no logon servers available to service the logon request.”
I also noticed that the network icon had a red x, though the networking tested perfectly fine with ping as well and the end users we using their SQL based authentication ERP application normally.
Often times, you can unplug the device from the network and it would use cached credentials to log in and then you can use Reset-ComputerMachinePassword to reset the computer account password that it uses to authenticate to the domain controllers in the domain. Alternatively, you could disjoin/rejoin the domain which would resolve the issue but is a bit more intrusive and can be overkill. Unfortunately, since this was a Domain Controller this does not work.
My next troubleshooting steps was to boot into safe mode, which once booted, I was able to log in with the domain admin account. First, I checked network settings figuring that there was a DNS issue, perhaps the ISP who was recently there changed the LAN DNS servers to point to their external DNS servers rather than the Domain Controller DNS Server. While there, I could not see anything which was very strange. Though, this turned out to be a red herring.
IPCONFIG /ALL confirmed that the NIC was setup properly as well as it responded to ping while it was booted in normal mode even though it was unable to log in. I put that on the back burner but noticed that it was strange.
I decided that I was going to try and boot into normal mode when non-Microsoft services were disabled so I went into MSCONFIG and this is where the alarms went off.
Why was the server automatically booting into Directory Services Restore mode? This all makes sense now why we were unable to log in normally since Active Directory Domain Services would have been offline in DSRM. Unchecking Safe Boot and booting normally, logging in worked perfectly fine, as well as ADDS and DNS services were also running normally.
Network and Infrastructure Management Services
The world can be a dangerous place, which means your business data is always at risk. But when you implement a networking infrastructure management system and reliable strategy, you can easily prevent lost or corrupted data. MIBAR engineers, installs and configures Microsoft operating systems and database solutions that ensure optimal efficiency and protection across the core infrastructure of your business. From natural disasters, to cyber attacks, we provide the tools and technologies required to keep your network performing, while always protecting against harmful intruders. Schedule a free consultation to learn more.
