There is one site with us which has 2 domain controllers and both DCs are GC an DNS. Every servers in this site point to these DCs for thier primary and secondary dns. The problem is that, we were doing security updates on both domain controllers. After the updates were finished we restarted them one at a time. Once the DC was offline then some of our servers started complaining about RPC, Authentication, Kerberos, etc. Every users that are connected to these servers loose their connection and have to re-authenticate. Event logs on the servers were failing about kerberos, RPC, etc. Below are some of the errors
Kerberos Event ID: 7
The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client username in realm DOMAIN.COM had a PAC which failed to verify or was modified. Contact your system administrator.
(It cant verify the user that is starting the service because it cant contact the domain/DC)
LSASRV Event ID: 40960
The Security System detected an authentication error for the server cifs/DC1.domain.com. The failure code from authentication protocol Kerberos was "The specified user does not exist. (0xc0000064)".
Bookmarks