Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)

Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)

Recently I had a client with an SBS2011 who lost power to the server. Client PCs were unable to access the server resources and errored saying that the PC may have been compromised.

When the server had rebooted the network location had changed to Unauthenticated. When trying to access the DNS console I was getting an error saying Access Denied.

See below for reference:

DNS Access Denied

DCDiag was failing on connectivity but Active Directory Users and Computers was accessible.

After a while I managed to resolved the error by running the below command followed by a reboot:

nltest /sc_change_pwd:domainname.local

Command Description:
Changes the password for the trust account of a domain that you specify. If you run nltest on a domain controller, and an explicit trust relationship exists, then nltest resets the password for the interdomain trust account. Otherwise, nltest changes the computer account password for the domain that you specify. You can use this parameter only for computers that are running Windows 2000 and later.

Once the server had rebooted the network location changed back to ‘Domain’ and DNS was accessible. All client machines was then able to access the server.

Comments on my blog have indicated that this fix also works with Server 2012 R2.

41 Replies to “Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)”

  1. OMG. After 3 hours of research and almost resorting to a restore, I found your fix and it worked for me also on 2012 R2. Thank you so much!

  2. legend. spent a couple of hours trying to deal with this problem this morning. It randomly started happening after a reboot. nothing else we tried worked, but this certainly did the trick! happy days.

  3. Hey guys figuring out the same error after installing microsoft updates and did a reboot of the server. I guess I have to change “domainname.local” into my specific domainname?

    nltest /sc_change_pwd:domainname.local

    Thanks!

    1. Hi Andy,

      Yes that’s correct, replace that section with your specific domain name.

      Hope that resolves it for you.

      Dave

    2. Now after rebooting the server it took 30 min to hit ctrl alt del to log on, after log on the desktop will be prepared, now the state is a blue background and the gui wont show up since 60 min 🙁

  4. David, you are my AD-GOD! After hours of search and hundreds of solution attempts I found your solution! Worked great! THANK A LOT!!!!!!

  5. I too had a server crash after an extended power outage. The server went down hard. When I tried your suggested fix, I get the following error:
    I_NetLogonControl failed: Status = 1359 0x54f ERROR_INTERNAL_ERROR
    I am able to access AD Users & Computers, DNS Server service is running, but I can’t get DNS setup on this server (Server 2008 R2) which is a domain controller. Any ideas on what I can try next?

    1. Sorry John, your notification went into my junk. Presume that you did actually manage to resolve this error? If so, what was the fix? It may help someone else.

  6. Oh My God David. After 4 hours of research and I was really thinking of restoring the server, I found your fix and it worked perfectly. Thank you so much David, you are just a star!

    1. Sorry Brian, I’ve just come across your comment.

      I imagine that you’ve already resolved the problem by now?

      1. No, we had to bypass dns on that server and roll with the backup dc. They had already moved email to the cloud. I would like to get it back to clean before I complete the retirement and replace it.

  7. Worked like a charm on SBS2011, this saved may day. Thanx a lot for sharing your knowledge with us!

      1. Hello David.
        I am still having problems loging in to the server (SBS2011). once a week, it suddently does not accept any user passwords. After a hard restart i give in nltest /sc_change_pwd:domainname.local and its gets back to normal but i dont know what is causing this problem? Can you give me any hints what i could do?

        Thanks in advance
        Jay

        1. Hi Jay,

          Sorry for the late reply, did you manage to get sorted?

          It sounds like you need to do some checks on your Active Directory / DNS. To be honest though, if you’re still on SBS2011 now you need to be moving to another OS as it’s not been supported for some time.

          If you are still struggling I would suggest posting your problem on experts-exchange.com. There are quite a few people on there who will be able to assist you. You may even be able to get someone willing to provide you with remote assistance to resolve it with you.

          Dave

  8. This worked beyond belief… Never would have thought to do this in all my years. This really made my week even though I had been working on this for a few days; you really saved the day here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.