Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)
Recently I had a client with an SBS2011 who lost power to the server. Client PCs were unable to access the server resources and errored saying that the PC may have been compromised.
When the server had rebooted the network location had changed to Unauthenticated. When trying to access the DNS console I was getting an error saying Access Denied.
See below for reference:
DCDiag was failing on connectivity but Active Directory Users and Computers was accessible.
After a while I managed to resolved the error by running the below command followed by a reboot:
nltest /sc_change_pwd:domainname.local
Command Description:
Changes the password for the trust account of a domain that you specify. If you run nltest on a domain controller, and an explicit trust relationship exists, then nltest resets the password for the interdomain trust account. Otherwise, nltest changes the computer account password for the domain that you specify. You can use this parameter only for computers that are running Windows 2000 and later.
Once the server had rebooted the network location changed back to ‘Domain’ and DNS was accessible. All client machines was then able to access the server.
Comments on my blog have indicated that this fix also works with Server 2012 R2.
41 Replies to “Server 2008 R2 (SBS2011) – DNS Access Denied – Network (Unauthenticated)”
A very informative and insightful article, David. Thanks for sharing.
Saved me hours of frustration.
Thank you so much.
Worked Perfectly. Thanks. I wished I could have found this article first. Concise and to the point. Thank you sir!
Many thanks!!! I was getting sick over this problem but the above fix cured it!
You’re very welcome Gordon
OMG. After 3 hours of research and almost resorting to a restore, I found your fix and it worked for me also on 2012 R2. Thank you so much!
You’re very welcome Paul :). Thank you for the comment.
legend. spent a couple of hours trying to deal with this problem this morning. It randomly started happening after a reboot. nothing else we tried worked, but this certainly did the trick! happy days.
You’re very welcome :), glad I could help.
David, you are a star. This fixed it for me on Server 2016 also
My pleasure Mark! This one was a pain to find the answer to!
Thanks David. This worked perfectly on a SBS2011 Server.
You’re very welcome Jeff.
Hey guys figuring out the same error after installing microsoft updates and did a reboot of the server. I guess I have to change “domainname.local” into my specific domainname?
nltest /sc_change_pwd:domainname.local
Thanks!
Hi Andy,
Yes that’s correct, replace that section with your specific domain name.
Hope that resolves it for you.
Dave
Now after rebooting the server it took 30 min to hit ctrl alt del to log on, after log on the desktop will be prepared, now the state is a blue background and the gui wont show up since 60 min 🙁
Finally after a while the server came up all services restored =) THX THX THX
David, you just saved my life. If ever you come to Belgium, drinks are on me.
My pleasure Irshad! 🙂
David, you are my AD-GOD! After hours of search and hundreds of solution attempts I found your solution! Worked great! THANK A LOT!!!!!!
No problem at all my friend. Glad I could help.
Thank you so much. Solved my problem.
My pleasure Deon, glad I could help.
I too had a server crash after an extended power outage. The server went down hard. When I tried your suggested fix, I get the following error:
I_NetLogonControl failed: Status = 1359 0x54f ERROR_INTERNAL_ERROR
I am able to access AD Users & Computers, DNS Server service is running, but I can’t get DNS setup on this server (Server 2008 R2) which is a domain controller. Any ideas on what I can try next?
Sorry John, your notification went into my junk. Presume that you did actually manage to resolve this error? If so, what was the fix? It may help someone else.
I ended up removing and then reinstalling AD and DNS to fix the problem. Thanks for checking with me.
Thank you for the feedback John. Glad you managed to get it resolved.
Oh My God David. After 4 hours of research and I was really thinking of restoring the server, I found your fix and it worked perfectly. Thank you so much David, you are just a star!
Hi Anas,
Really happy that the fix resolved your problem and thank you for your feedback!
Dave
IS this safe to do if there is another 2012 DC in the domain?
Sorry Brian, I’ve just come across your comment.
I imagine that you’ve already resolved the problem by now?
No, we had to bypass dns on that server and roll with the backup dc. They had already moved email to the cloud. I would like to get it back to clean before I complete the retirement and replace it.
Worked like a charm on SBS2011, this saved may day. Thanx a lot for sharing your knowledge with us!
Now i wish i didnt pull so many hairs out of my skull. WORKED LIKE A CHARM. THANKS
Hey Jay, that’s great news.
Glad it worked!
Hello David.
I am still having problems loging in to the server (SBS2011). once a week, it suddently does not accept any user passwords. After a hard restart i give in nltest /sc_change_pwd:domainname.local and its gets back to normal but i dont know what is causing this problem? Can you give me any hints what i could do?
Thanks in advance
Jay
Hi Jay,
Sorry for the late reply, did you manage to get sorted?
It sounds like you need to do some checks on your Active Directory / DNS. To be honest though, if you’re still on SBS2011 now you need to be moving to another OS as it’s not been supported for some time.
If you are still struggling I would suggest posting your problem on experts-exchange.com. There are quite a few people on there who will be able to assist you. You may even be able to get someone willing to provide you with remote assistance to resolve it with you.
Dave
This worked beyond belief… Never would have thought to do this in all my years. This really made my week even though I had been working on this for a few days; you really saved the day here.
Hi Chris,
Thank you for your message. Really glad that it’s helped.
All the best.
David
Finally. Searching for days and trying for hoursTHIS is the solution.
Many, many thanks for this outstanding tip!!!
Glad it helped Rolf!