We've had an ongoing issue for a while and I'm here on a Saturday to try and figure it out, and I think I've found the problem, just not the cause…
For a few months our second domain controller has stopped responding to LDAP randomly. Initially we didn't pay too much attention, just restarted it and it's all good.
When I try to login, I get this error:
The security database on the server does not have a computer account
for this workstation trust relationship.
I've checked all the "common" solutions for this error according to various forums and blogs; checking domain suffixes and ADSI Edit to verify the computer account has all the correct hostnames. Most of these blog posts are talking about a client computer, or non-DC server though so I'm not too keen to demote the controller, leave the domain, re-join and re-promote it.
Event Viewer "System" shows various errors:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was SVW08-DC2$ and lookup type 0x0.
Best Answer
Digging deeper into the Event Viewer under "Applications and Services Logs" -> "Directory Service" I found the actual errors causing the problem -- it appears to be failing hardware: