Got an interesting one that has got me a bit baffled... I have three DC's running, one physical and two virtual. We're doing a lot of tweaks to the network at the moment, these include VLAN of network, introducing new HP wireless system and also introduced an Apple Server onto the network.
Last week, we had an issue where when I went to change a GPO via the Group Policy Editor on one of the Virtual DC's I got an Access Denied message - we had a CSE engineer onsite at the time and he had a poke around and noticed that the computer account for the physical DC had been changed. Changed things back and all was well again.
Today, I started our imaging process in the first of our many ICT Suites and had a number of machines fail during various stages, and some had come up with 'trust relationship failed' errors. I did a dcdiag on one of the DC's and it was noted replicated had failed with the physical server as 'access denied'. No engineer on-site today to hold my hand, so dug around and again, noticed using adsiedit the entry for the physical DC in the userAccountControl value was 593920 when for a DC it should be 532480. Changed this, and replication would start to happen and machines that I couldn't previous log onto now seem fine.
I'm puzzled - what would be causing this change? We have recently changed the IP addresses of all the servers as part of the VLAN project but was always careful to ensure the DC's were happy throughout the process ensuring DNS was functioning, etc. It's got me worried to say the least. This has happened twice now, and if it happens again I'm seriously considering demoting this server and promoting it again to see if that deals with this glitch.
Are all your virtual DCs GCS? Where do all of the FSMO roles reside, on the one physical box? How is replication for other items taking place since the change to the computer account of the PDC?
There are currently 1 users browsing this thread. (0 members and 1 guests)