Demoted domain controller problem with agents
I ran into an issue with 2 agents on certificate authorities failing to start with LDAP connection errors. The AD site they are had all its domain controllers replaced with new servers a few weeks ago. The agent logs showed they were trying to connect to old DC server names. There’s no trace of those servers in DNS or elsewhere in AD that could make them discoverable. There’s no trace of those server names in the config files or registry anywhere, but somehow the agent wasn’t forgetting them. I had to reinstall the agent to resolve the issue. It seems like this should be something that is more of a standard DC discovery process, or using the existing secure channel server as the DC a standalone agent connects to.
I ran into an issue with 2 agents on certificate authorities failing to start with LDAP connection errors. The AD site they are had all its domain controllers replaced with new servers a few weeks ago. The agent logs showed they were trying to connect to old DC server names. There’s no trace of those servers in DNS or elsewhere in AD that could make them discoverable. There’s no trace of those server names in the config files or registry anywhere, but somehow the agent wasn’t forgetting them. I had to reinstall the agent to resolve the issue. It seems like this should be something that is more of a standard DC discovery process, or using the existing secure channel server as the DC a standalone agent connects to. Read More