Hi webprofusion! Thanks for the reply!!
My health report was full of errors this morning, but I think they all have to do with this one problem. Here’s some of the details of the report (hopefully helpful) …
ActiveDirectory_DomainService
Event ID: 1220
LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate.
Error value:
8009030e No credentials are available in the security package
DFSR
Event ID: 6016
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=,OU=Domain Controllers,DC=,DC=local
Error: 1355 (The specified domain either does not exist or could not be contacted.)
DNS-Server-Service
Event ID: 4013
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
ActiveDirectory_DomainService
Event ID: 2886
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds.
DNS-Server-Service
Event ID: 414
The DNS server computer currently does not have a DNS domain name. Its DNS name is a single-label host name with no domain (for example: “host” rather than “host.microsoft.com”).
You might have forgotten to configure a primary DNS domain for the server computer.
Because the DNS server has only a single-label name, all zones created will have default records (SOA and NS) created using only this single-label name for the server’s host name. This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.
To correct this problem:
- Click Start, and then click Control Panel.
- Open System and Maintenance , and then open System.
- Click Change Settings, and then click Change. 4) Click either Domain or Workgroup, and then type the name of the domain or workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name.
- When prompted, restart the computer.
After the computer restarts, the DNS server will attempt to fix up default records, substituting the new DNS name of this server for the old single-label name. However, you should review the zone’s SOA and NS records to ensure that they now use the correct domain name of this server.
DFSR
Event ID: 1202
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 1355 (The specified domain either does not exist or could not be contacted.)
I’m using the Essentials Dashboard role installed on Windows Server 2016 Standard and there are two users, the default Administrator and a “network administrator” that the Essentials setup has you setup during the process of setting up the server, but both are full administrators on the system. Maybe I need to be logged in to the network administrator instead of the default administrator when I run the Certify SSL/TLS Certificate Management app to create the SSL Certificate.
I’m new at this so any insight you can provide would be wonderful!
Thanks,
James