I'm really new to certificates, I had a windows server 2012 R2 we did an in-place upgrade from 2008 R2, lets call that ADServer. It was the AD DC and everything was fine. I bought new servers and added them to the domain as AD DC's and AD everything was replicating. After giving FSMO roles to the new server (DC-01) I noticed a couple of issues. First, when trying to add a new computer to the domain, I would get an error:
The query for the SRV record for _ldap._tcp.dc._msdcs.domain.com The following domain controllers were identified by the query: ADServer.domain.com (old server) DC-01.domain.com (new server 01) DC-02.domain.com (new server 02) However, no domain controllers could be contacted. Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
Also, I noticed before when we looked at the network for client computers, it would say "domain.com", now it just says "network".
Then I realized that I had Meraki VPN auth with AD and now its throwing an error "ldap_start_tls:Server is unavailable" Meraki told me it's a certificate singing issue. I'm thinking that might have something to do with our other issues as well.
Any and all input is appreciated, I really need to figure this out.
