Scenario:
When you launch DNS Manager console application on your local site Domain Controller server, it will result in below error message. You notice this behaviour when your domain controller hasn’t communicated with your PDC for a long while (say for 10-15 days), you have your server restarted during this time. During this issue its most probable that you may be experiencing the AD replication issues to this server.
—————————
DNS
—————————
The server INDHYD-DC01 could not be contacted.
The error was:
Access was denied.
Would you like to add it anyway?
—————————
Yes No
—————————
Fix:
If you have your domain controller out of sync with your PDC and if you have it restarted then it will possibly results in these kind of messages. To fix this, you need to have your domain controller computer object/account password reset. So that it will be able to make the kerberos communication with your PDC. Use below command to reset your computer account password and then restart the server:
On the server that is experiencing the reported error:
- Stop the KDC (Kerberos Key Distribution Center) service
- Reset the password for this computer account. To achieve this, you have to specify the PDC FQDN-Name/IP-Address in the command as shown below:
- C:\>netdom resetpwd /server:172.21.22.100 /userd:mylab\govardhan /passwordd:*
Type the password associated with the domain user:
The machine account password for the local machine has been successfully reset.
The command completed successfully.
C:\>