WS 2012 r2 DNS server issue: Access was denied

domain-name-system active-directory azure dns-zone
26,785

Where is your PDC FSMO currently held? This is the server you should use when running the command resetpwd /server:<PDC.domain.com> /userd:<Domain\domain_admin> /passwordd:* I'm assuming that the PDC FSMO is on DC2.

My guess is that when you ran this on DC2 you used the servername as DC2 which is correct. However, when you ran this on DC1, you specified the server name incorrectly as DC1. It should be DC2 as well since that is the PDC.

The MS Knowledgebase article is not particularly well written, which is why I'm making the assumptions above - apologies if my assumptions are incorrect.

Once DNS is fixed, you will need to run ipconfig /registerdns on each of the client machines in order to have them register with the DNS server, or just reboot them.

When you attempt to ping a client machine, is the server unable to resolve the name? If so, once the client machine is registered with DNS, it should work fine.

Share:
26,785

Related videos on Youtube

CK Tan
Author by

CK Tan

Updated on September 18, 2022

Comments

  • CK Tan
    CK Tan almost 2 years

    I have a Windows Server 2012 r2 virtual machine as DC1 and DNS server running on Windows Azure and a Windows Server 2012 r2 local machine as DC2, DHCP and DNS server on-premise. I found my DNS server on both DNS servers are not running. When I start DNS MMC, I see the screen :

    "The server MYSERVER could not be contacted.

    The error was:

    Access was denied.

    Would you like to add it anyway ?"

    After select "Yes", the DNS MMC shows up but without any DNS zone. I cannot do anything on the MMC DNS except deleting the DNS zone.

    I checked the event viewer and I found there are a lot error with Event ID 4000 & 4007 and I found the solution on Microsoft support. This solution did work on the local DC2 but not DC1.

    "C:>netdom resetpwd /server: /userd: /passwordd:*

    Type the password associated with the domain user:

    The machine account password for the local machine could not be reset.

    The specified network name is no longer available.

    The command failed to complete successfully."

    It says the specified network name is no longer available. Some says Symantec Endpoint Protection could cause this problem but there is no antivirus running on DC1.

    On DC2, even I am able to access the DNS server and make changes now, but I cannot ping/RDP to some domain computers. Before this issue happened, everything worked just fine.

    I have struggled with this issue for two days but yet remain unsolved. Can anyone give some advice or solution for this issue, please ?

    Note: I tried this solution but it doesn't work for me.

  • CK Tan
    CK Tan about 9 years
    ChadH360, thanks a lot! Your assumption saved my day. The DNS server on DC1 is now running too. But, the problem of not able to ping/RDC to some of the domain computers still remains. I couldn't ping them with IP address/ machine name. Before the DNS issue took place, everything was working fine. Do you have any idea ?
  • CK Tan
    CK Tan about 9 years
    Updates: (1)The domain computers can ping the DC2 but I cannot ping the domain computers from DC2 (2)The active directory of DC1 and DC2 are not synced anymore
  • CK Tan
    CK Tan about 9 years
    When I tried to add user on DC1, I got the error message: "Cannot create object (directory service was unable to allocate a relative identifier)". DC2 can add new user without problem.
  • ChadH360
    ChadH360 about 9 years
    It sounds like DC2 has lost contact with the domain because of DNS. Now that you have DNS working again, I would recommend the following. Set the primary dns server of DC1 to DC2, and the secondary dns server of DC1 as DC1. Do the opposite on DC2. In summary, set the primary DNS to the other server and the secondary DNS server to itself. Run ipconfig /registerdns on both servers (it might be worth rebooting DC1 as well). That should hopefully kick DNS and the domain back into touch! Bottom line is, DC1 can't access FSMO roles on DC2 which is why you can't add object to AD.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Get Azure Active Directory Token with username and password
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
POSTMAN: "You do not have permission to view this directory or page" with Bearer Token
Can't join Azure Active Directory
How do I add Azure Active Directory User to Local Administrators Group
Windows Server 2012 AD DC/DNS/DHCP in single server
Can't connect to domain controller
AD DC - Group Policy Event ID 1055
Broken DNS delegation
FQDNs resolving correctly via ping but not nslookup