I look after a Windows network which has two Hyper-V servers in a failover cluster using DAS, accessible by both hosts with two DCs (both on WS2019, one on each host). We have been having issues with our SDC running on the second host where it was giving us the below error:
The security database on the server does not have a computer account for this workstation trust relationship.
I live-migrated the VM to our first host and rebooted it, and it appears to have resolved the issue. It was moved back to the second VM host and has been happy ever since.
We now have (I believe) another issue that has manifested. For some reason, whenever I run the command "netdom verify dc1" on either DC, we get the following error:
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
However when I run the command "netdom verify dc2" it is successful and returns the below:
The secure channel from DC2 to the domain ADSROOT has been verified. The connection is with the machine \\DC1.example.com
The command completed successfully.
Is it normal for a DC to return a failure for a PDC, and a success for a SDC? I would think not. Any ideas?
Check that Netlogon sysvol folders are shared. If not, change the registry entry
HKLM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady
to 1.