WS 2012 r2 DNS server issue: Access was denied

I have a Windows Server 2012 r2 virtual machine as DC1 and DNS server running on Windows Azure and a Windows Server 2012 r2 local machine as DC2, DHCP and DNS server on-premise. I found my DNS server on both DNS servers are not running. When I start DNS MMC, I see the screen :

"The server MYSERVER could not be contacted.

The error was:

Access was denied.

Would you like to add it anyway ?"

After select "Yes", the DNS MMC shows up but without any DNS zone. I cannot do anything on the MMC DNS except deleting the DNS zone.

I checked the event viewer and I found there are a lot error with Event ID 4000 & 4007 and I found the solution on Microsoft support. This solution did work on the local DC2 but not DC1.

"C:>netdom resetpwd /server: /userd: /passwordd:*

Type the password associated with the domain user:

The machine account password for the local machine could not be reset.

The specified network name is no longer available.

The command failed to complete successfully."

It says the specified network name is no longer available. Some says Symantec Endpoint Protection could cause this problem but there is no antivirus running on DC1.

On DC2, even I am able to access the DNS server and make changes now, but I cannot ping/RDP to some domain computers. Before this issue happened, everything worked just fine.

I have struggled with this issue for two days but yet remain unsolved. Can anyone give some advice or solution for this issue, please ?

Note: I tried this solution but it doesn't work for me.


Solution 1:

Where is your PDC FSMO currently held? This is the server you should use when running the command resetpwd /server:<PDC.domain.com> /userd:<Domain\domain_admin> /passwordd:* I'm assuming that the PDC FSMO is on DC2.

My guess is that when you ran this on DC2 you used the servername as DC2 which is correct. However, when you ran this on DC1, you specified the server name incorrectly as DC1. It should be DC2 as well since that is the PDC.

The MS Knowledgebase article is not particularly well written, which is why I'm making the assumptions above - apologies if my assumptions are incorrect.

Once DNS is fixed, you will need to run ipconfig /registerdns on each of the client machines in order to have them register with the DNS server, or just reboot them.

When you attempt to ping a client machine, is the server unable to resolve the name? If so, once the client machine is registered with DNS, it should work fine.