I have 3 DCs on my domain, (2 on local office, 1 in Amazon AWS), and I would like to move to Amazon and cut off the 2 local DCs.
I have shut down the 2 local DCs, to test if the AmazonDC is working correctly, but then I receive "ERROR_NO_SUCH_DOMAIN" errors using nltest on Client computers, and I am no longer able to login to client computers with domain accounts.
I am not an expert, but I have tried the following:
- Replication works, check with "repadmin /showrepl"
- Client see all 3 DCs when using "nltest /dclist:mydomain.com"
- Secure Channel seems ok when checking with "nltest /sc_query:mydomain.com" and also with PowerShell "Test-ComputerSecureChannel -Server "amazonDC.mydomain.com"
- Firewall turned off, does not help
- All 5 FSMO roles are on one of the local DC (this could be the problem?)
I would appreciate any help, idea, or observation of what could be the problem here, or how should I properly move up to Amazon without the local office DCs, and how to test it before moving.
Edit1: Installing the DNS role on the Amazon DC did solve the problem, I no longer receive the "ERROR_NO_SUCH_DOMAIN" errors, although when I try to login, I now get an error "the remote computer that you are trying to connect to requires network level authentication", but I guess that's a different story. Thank you for the help!
Best Answer
You probably have your two local DC's set as DNS servers for your clients. When either of them is online DNS lookups work fine, and you can see the AWS DC.
When both local DC's go offline your clients are left without functioning name resolution, and can no longer reach the AWS DC.
Set the secondary DNS server to the IP of the AWS DC for the duration of the test. If it works fine at that point, update your DHCP DNS configuration.