Disconnected Domain Controllers- Here’s the Solution

Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers” 

 

An introduction

The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access. 

Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used. 

 

The issue – Disconnected Domain Controllers in Windows Server Essential 2016

After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error.

The error message

Possible Causes 

  • Lack of network connectivity 
  • Missing DNS entries 
  • Root hits missing or resolution issue 
  • PCNS issue 
  • PCNS target missing 
  • Time synchronization issue 
  • Integration break between an on-premise server with O365 in Server Essential 

 

If the PCNS (Password Change Notification Service) Target is missing: 

  • Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service

    ADSI
    adsi next step
  • The attribute field would be empty (If it exits take back up & delete it)connection settings
  • Navigate to the path:
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\SchCache and rename the *.sch files
    rename .sch files
  • Navigate to the path %LOCALAPPDATA%\Microsoft\Windows\SchCache and rename the *.sch files
     
  • Restart the Password Change Notification Service

PCNS

 

 

Now, 

Go to path C:\Program Files\Microsoft Password Change Notification

Then, open Command Prompt,

command prompt


 

Add PCNS target manually by running the below command:

“C:\Program Files\Microsoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”

 

  • Now PCNS Target should be added successfully
  • Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command


    Now the disconnected domain controller alert should be resolved.
     

 

 

Gunjan Vaishnav
Gunjan Vaishnav

Gunjan is a Network & Systems Engineer and has been associated with Infrassist for more than 2.5 years now. He has 5+ years of I.T. experience and is a Microsoft Azure Administrator Certified Professional. Here, at Infrassist he looks after Windows Servers, Backup and Patch Management, Microsoft 365, Azure and more.

Thanks For Reading