0

Running a Health Report on my 2012 Essentials server reports a critical error of:

After the password change, the server running Windows Server Essentials has not received a heartbeat from the following domain controllers: my_server

my_server is the server I am running the Health Report on, so it isn't receiving a heartbeat from itself apparently?!? The Domain Controller and the Windows Server Essentials machine are one and the same... I am not sure how to fix this error.

For info I have not changed any passwords, so I am not sure why that is part of the error.

This is a new HP server, the original HP hardware failed, so I removed the disks (raid 1) and stuck them in the new server, the array was recognised and booted absolutely fine in to Windows. I had to set up the network card again but apart from that the server seems to be running fine(apart from the error above)

How do I fix this Domain Control error?

superphonic
  • 75
  • 1
  • 11
  • you could change the heartbeat interval - perhaps there has not been at heatbeat as it can be as infrequent as 60 days https://technet.microsoft.com/en-us/library/bb437366.aspx – Sum1sAdmin Apr 20 '16 at 15:39
  • Thanks for this, that article is for 2010 though and the steps don't seem to be relevant for 2012. I can't find anything about doing this in 2012 – superphonic Apr 20 '16 at 15:53
  • 2
    If you placed an existing RAID set into new hardware, then the hardware ID of the server is no longer the same. This means that the computer profile for the server in AD is no longer valid. Ultimately, it is not a user account password that has changed, but a computer account password that is set by the hardware at domain join. You would have to rejoin the server to itself in order to rebuild the AD account. – Naryna Apr 20 '16 at 16:48
  • @BrandynBaryski Thanks, this makes sense. How do I rejoin the server to itself and rebuild the AD account? I had a quick Google and could only find info on migrating to new hardware, which I clearly can't do. – superphonic Apr 21 '16 at 08:04
  • 1
    I merged my original comment in with a more complete answer. Because 2012 Essentials is weird, I don't guarantee these steps will work. – Naryna Apr 21 '16 at 15:36

1 Answers1

1

From my original comment:

If you placed an existing RAID set into new hardware, then the hardware ID of the server is no longer the same. This means that the computer profile for the server in AD is no longer valid. Ultimately, it is not a user account password that has changed, but a computer account password that is set by the hardware at domain join. You would have to rejoin the server to itself in order to rebuild the AD account.

This is one of those problems that is only made worse by 2012 Essentials.

From what I know, 2012 essentials requires that it is the only domain controller on the domain, which means my usual approach of demote domain controller, remove from domain, readd and then repromote probably won't work here. I mean, you could certainly try that as well, but lets try for something that doesn't have a likelihood of destroying your AD domain.

Use the standard for workstations

This particular command is the standard for workstations when they have lost their domain trust. On a primary (and the only) domain controller, it should still work. This of course, really depends on how Essentials wants to handle it. Still, it is probably the best place to start.

resetpwd /yourDCfullyqualifieddomainname /userd:domain\username /passwordd:password

This command can and will also reset trust relationships on domains running more than one domain controller. As long as there is one domain controller fully functioning, it works. It isn't clear, however, how it will function in your domain. If it doesn't work, try the below.

Use Powershell

In this example, we are going to try and skip the steps that might wipe out an existing domain, and simply re promote your server to DC. Ultimately, this should recreate the AD trust relationship which is likely broken. Taken from here the process looks a bit like this

$domainName = "cohovines.com"
$domainAdminCredential = Get-Credential
$dsrmPassword = (ConvertTo-SecureString -AsPlainText -Force -String "YourDSRMPassword!!")
Install-ADDSDomainController -DomainName $domainName -InstallDns -Credential $domainAdminCredential -SafeModeAdministratorPassword $dsrmPassword

The above script assumes you remember your restore mode password. If you do, this should work. If you don't, things likely got a lot harder.

As a complete aside, I really do recommend having two domain controllers. The process of demote, unjoin, rejoin, and promote is significantly easier in this case.

Naryna
  • 271
  • 1
  • 3
  • 13
  • Thanks for taking the time to write this. The first command worked with a slight alteration `netdom resetpwd /server:domain_name /userd:domain\user /passwordd:password` However nothing seems to have changed. Re-running the Health Report states the same Disconnected error. The second PowerShell command errors with the following `Install-ADDSDomainController : Verification of prerequisites for Domain Controller promotion failed. The specified argument 'ConfirmGc' was not recognized.` The argument `ConfirmGc` is nowhere in the original command so not sure what is happening there... – superphonic Apr 22 '16 at 08:39