Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)
Recently I had a client with an SBS2011 who lost power to the server. Client PCs were unable to access the server resources and errored saying that the PC may have been compromised.
When the server had rebooted the network location had changed to Unauthenticated. When trying to access the DNS console I was getting an error saying Access Denied.
See below for reference:
DCDiag was failing on connectivity but Active Directory Users and Computers was accessible.
After a while I managed to resolved the error by running the below command followed by a reboot:
nltest /sc_change_pwd:domainname.local
Command Description:
Changes the password for the trust account of a domain that you specify. If you run nltest on a domain controller, and an explicit trust relationship exists, then nltest resets the password for the interdomain trust account. Otherwise, nltest changes the computer account password for the domain that you specify. You can use this parameter only for computers that are running Windows 2000 and later.
Once the server had rebooted the network location changed back to ‘Domain’ and DNS was accessible. All client machines was then able to access the server.
Comments on my blog have indicated that this fix also works with Server 2012 R2.