Windows Server 2012 Essentials Cannot Find Login Server for AD
-
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
If there is one, we don't know about it. It wasn't installed by any of us and local accounts are removed during the DCPromo.
-
@black3dynamite said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
Could this be a time issue?
Should not be possible as it would only need to time to itself.
-
@Jimmy9008 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
Has this box been restarted before?
Yes, but how long ago, I cannot say.
-
@Jimmy9008 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
. . . .
Yes, but obviously... im asking if its been rebooted successfully before... Aka, is this the first ever time its ever been booted and went tits up, or has it been rebooted totally fine many times before today...
I understood what you meant. Had it been rebooted "before this."
-
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
-
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
I'm pretty certain they are disabled and not able to be reactivated. It's been a while since I've had to look.
-
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
I'm pretty certain they are disabled and not able to be reactivated. It's been a while since I've had to look.
Right. You have to remove AD before it re-enables the local account.
-
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
I'm pretty certain they are disabled and not able to be reactivated. It's been a while since I've had to look.
Oh, I've not tried recently.
-
From personal experience, have you double-checked the BIOS settings? I've seen Dell BIOS on those generation of servers flip from UEFI to Legacy (or vice-versa) after an update. I don't suppose that the server has an IDRAC enterprise with the lovely remote console that you could use to work some magic?
From a diagnostics perspective, you could possibly get the remote hands to boot a live linux from USB and run team-viewer host to get access to the HW and data if not the OS. -
Take out the LAN cable. Restart. With the LAN cable our, are you able to login?
-
@Jimmy9008 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
Take out the LAN cable. Restart. With the LAN cable our, are you able to login?
This is the DC. It is not using the network to auth
-
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
On a DC you don't have local accounts period, like literally.
-
If the server is boot into DSRM, it is the safe mode option and it has a GUI as well, so from there check any setting that is causing the issue.
-
@dbeato said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
On a DC you don't have local accounts period, like literally.
I've said this several times regarding the account and yet, still it seems like I'm being ignored.
-
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@dbeato said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@scottalanmiller said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@DustinB3403 said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
@Donahue said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
are you sure there is no local account that can be used to login?
The local administrative account is automatically disabled on DC's. Has been this way since before I can remember.
Someone could have added it back later, in theory.
On a DC you don't have local accounts period, like literally.
I've said this several times regarding the account and yet, still it seems like I'm being ignored.
I agree with you, should have I said, @DustinB3403 already mentioned this
-
@dbeato no no, not saying that at all.
Just I'm boggled by how this is still a talking point.
-
If you have CLI access (not sure where you're getting a shell if you can't login though), can you not just do a
net user /add [AccountName] [Password] net localgroup administrators [AccountName] /add
and add a local administrator account?
Log into the GUI using this new account and then diagnose from there now that you'll have access to the GUI, event viewer, etc.
You could have the user run an SC agent so you can inspect remotely (assuming the router has been fixed). -
@manxam said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
If you have CLI access (not sure where you're getting a shell if you can't login though), can you not just do a
net user /add [AccountName] [Password] net localgroup administrators [AccountName] /add
and add a local administrator account?
Log into the GUI using this new account and then diagnose from there now that you'll have access to the GUI, event viewer, etc.
You could have the user run an SC agent so you can inspect remotely (assuming the router has been fixed).ffs
Please understand that when a Windows server is promoted to a domain controller, the server no longer uses the local account (Security Accounts Manager [SAM]) database during normal operations to store users and groups. When the promotion is complete, the new domain controller has a copy of the Active Directory database in which it stores users, groups, and computer accounts. The SAM database is present, but it is inaccessible when the server is running in Normal mode. The only time that the local SAM database is used is when you boot into Directory Services Restore mode or the Recovery Console.
If this new domain controller is the first domain controller in a new domain, the local SAM database that the new domain controller contained as a stand-alone server is migrated to the Active Directory database that is created during the promotion. All of the local user accounts that the local SAM database contained when it had been a stand-alone server are migrated from the local SAM database to the Active Directory database. In addition, any permissions that had been assigned to the local users, such as, NTFS permissions, are retained when the users are migrated to the Active Directory database.
As a result, you cannot create any local user account on a domain controller.
-
wooo - had no idea that previously created users would be migrated into AD like that. weird.
-
@Dashrender said in Windows Server 2012 Essentials Cannot Find Login Server for AD:
dea that previously created users would be migrated into AD like that. weird.
Yep