Disconnected Domain Controllers

Disconnected Domain Controllers- Here’s the Solution

Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers” 

 

An introduction

The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access. 

Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used. 

 

The issue – Disconnected Domain Controllers in Windows Server Essential 2016

After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error of disconnected domain controllers.

The error message

Possible Causes 

  • Lack of network connectivity 
  • Missing DNS entries 
  • Root hits missing or resolution issue 
  • PCNS issue 
  • PCNS target missing 
  • Time synchronization issue 
  • Integration break between an on-premise server with O365 in Server Essential 

 

If the PCNS (Password Change Notification Service) Target is missing: 

  • Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service

    ADSI
    adsi next step
  • The attribute field would be empty (If it exits take back up & delete it)connection settings
  • Navigate to the path:
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\SchCache and rename the *.sch files
    rename .sch files
  • Navigate to the path %LOCALAPPDATA%\Microsoft\Windows\SchCache and rename the *.sch files
  • Restart the Password Change Notification Service

PCNS

 

 

Now, 

Go to path C:\Program Files\Microsoft Password Change Notification

Then, open Command Prompt,

command prompt


 

Add PCNS target manually by running the below command:

“C:\Program Files\Microsoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”

 

  • Now PCNS Target should be added successfully
  • Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command


    Now the disconnected domain controller alert should be resolved.
     

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

 

Gunjan Vaishnav
Gunjan Vaishnav

Gunjan is a Network & Systems Engineer and has been associated with Infrassist for more than 2.5 years now. He has 5+ years of I.T. experience and is a Microsoft Azure Administrator Certified Professional. Here, at Infrassist he looks after Windows Servers, Backup and Patch Management, Microsoft 365, Azure and more.

Thanks For Reading