Home / server / Questions / 771742
In Process
superphonic
Asked: 2016-04-21 07:17:15 +0800 CST

Server 2012 Essential Disconnected From Domain Controller(itself)

  • 772

Running a Health Report on my 2012 Essentials server reports a critical error of:

After the password change, the server running Windows Server Essentials has not received a heartbeat from the following domain controllers: my_server

my_server is the server I am running the Health Report on, so it isn't receiving a heartbeat from itself apparently?!? The Domain Controller and the Windows Server Essentials machine are one and the same... I am not sure how to fix this error.

For info I have not changed any passwords, so I am not sure why that is part of the error.

This is a new HP server, the original HP hardware failed, so I removed the disks (raid 1) and stuck them in the new server, the array was recognised and booted absolutely fine in to Windows. I had to set up the network card again but apart from that the server seems to be running fine(apart from the error above)

How do I fix this Domain Control error?

windows windows-server-essentials essentials-2012-r2 essentials-2012

1 Answers

  1. From my original comment:

    If you placed an existing RAID set into new hardware, then the hardware ID of the server is no longer the same. This means that the computer profile for the server in AD is no longer valid. Ultimately, it is not a user account password that has changed, but a computer account password that is set by the hardware at domain join. You would have to rejoin the server to itself in order to rebuild the AD account.

    This is one of those problems that is only made worse by 2012 Essentials.

    From what I know, 2012 essentials requires that it is the only domain controller on the domain, which means my usual approach of demote domain controller, remove from domain, readd and then repromote probably won't work here. I mean, you could certainly try that as well, but lets try for something that doesn't have a likelihood of destroying your AD domain.

    Use the standard for workstations

    This particular command is the standard for workstations when they have lost their domain trust. On a primary (and the only) domain controller, it should still work. This of course, really depends on how Essentials wants to handle it. Still, it is probably the best place to start.

    resetpwd /yourDCfullyqualifieddomainname /userd:domain\username /passwordd:password

    This command can and will also reset trust relationships on domains running more than one domain controller. As long as there is one domain controller fully functioning, it works. It isn't clear, however, how it will function in your domain. If it doesn't work, try the below.

    Use Powershell

    In this example, we are going to try and skip the steps that might wipe out an existing domain, and simply re promote your server to DC. Ultimately, this should recreate the AD trust relationship which is likely broken. Taken from here the process looks a bit like this

    $domainName = "cohovines.com"
$domainAdminCredential = Get-Credential
$dsrmPassword = (ConvertTo-SecureString -AsPlainText -Force -String "YourDSRMPassword!!")
Install-ADDSDomainController -DomainName $domainName -InstallDns -Credential $domainAdminCredential -SafeModeAdministratorPassword $dsrmPassword

    The above script assumes you remember your restore mode password. If you do, this should work. If you don't, things likely got a lot harder.

    As a complete aside, I really do recommend having two domain controllers. The process of demote, unjoin, rejoin, and promote is significantly easier in this case.

    • 1