No Authentication after closing the primary Domain controller

 ISSUE:

there are 3 domain controllers on the environment, one of them is the primary DC, when we try closing it, outlook can't authenticate with exchange server.

an outlook prompt keeps appearing

we want to test in case of update or outage that nothing could go wrong

Cause:

The Primary Domain Controller had all FSMO roles including PDC role which is responsible for authentication.

Resolution:

Before closing the DC, we transferred the PDC role to another Domain controller, then shutdown the primary one

To do so please follow:

  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller (If you on another DC).

  3. Do one of the following actions:

    • In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
      -or-
    • In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

  4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.

  5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.

  6. Click OK to confirm that you want to transfer the role, and then click Close.


Other Information:

We also tried to assign a Static domain controllers to Exchange server but this didn't change the behavior

Comments

Post a Comment

Popular posts from this blog

Can't find msexchHideFromAddressLists Attribute

  Issue: Can't find msexchHideFromAddressLists Attribute in ADSI edit or in AD users and computers to change it for the users. Cause: In the environment there is only Exchange online, no exchange on Prem and there never was, so the MSexch attributes are not there. Resolution: We downloaded the Exchange server prerequisites on another domain joined server as in here: Exchange Server prerequisites, Exchange 2019 system requirements, Exchange 2019 requirements | Microsoft Learn Downloaded Exchange server ISO from here: Exchange Server build numbers and release dates | Microsoft Learn Mount the ISO and then we run the command: <Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema and the Attribute appeared.
Read more

Outlook on prem prompts for O365 Password

  Issue: In an Exchange on prem environment Outlook prompts for O365 Password trying to connect to exchange online or Office365. and is not connecting after that. Cause: Moder authentication was enabled Solution: First, we thought of postponing the O365 request, by adding registry Dword (ExcludeExplicitO365Endpoint) this will tell Outlook to postpone the O365 Autodiscover request to the last. 1- Open Registry Editor 2- Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Office\<x.0>\Outlook\AutoDiscover 3- 3- 3- Create new Dword : ExcludeExplicitO365Endpoint  value 1  but this didn't solve the issue  so we decided to disable Modern authentication 1- Open Registry Editor 2- Navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\<x.0>\Common\Identity   3- Create Dword: EnableADAL value 0 DisableAADWAM  value 1 DisableADALatopWAMOverride  value 1 then the Prompt stopped and outlook connected to On-prem Autodiscover 
Read more

After March24 SU Search issue in Outlook (cached mode)

  Issue: After installing the Security Update, some of the customers have issue with Search in Outlook (cached mode). Error message: "We're having trouble fetching results from the server..." when performing Outlook search.  Reason:  Issue with the SU. Solution : There is no direct solution but there is a workaround: 1) Use OWA or Outlook online mode if possible. 2) Disable server assisted search by creating following registry key: Path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Search • Value name: DisableServerAssistedSearch • Value type: REG_DWORD • Value: 1
Read more