Share via

Can't sign in to Windows Server 2025 after DC Promo

Din Meron 5 Reputation points
2025-07-31T07:55:23.5533333+00:00

Greetings,

I’m trying to promote a VM running Windows Server 2025 to a domain controller, but replication from my existing DCs fails after promotion.

The new VM shows up in the Domain Controllers container in my Active Directory after promotion and also in the AD sites and services (which means it partially worked). But the SYSVOL and NETLOGON folders did not replicate, and when attempting to login with the administrator it prompts to "username or password are wrong" (both domain and locally).

Here are key details of my environment:

  1. Existing domain with Windows Server 2016 and 2019 DCs
  2. Tried to replicate from both the 2016 and the 2019 server a few times, doesn't work from either
  3. Domain functional level: 2016
  4. DFSR is used (FRS is fully eliminated)
  5. DNS and AD replication working between existing DCs
  6. Static IP/DNS configured correctly on all servers
  7. All FSMO roles are currently on the WS2019 DC
  8. DC Promo Succeeded on a new Windows Server 2022 VM (seems like a specific issue on the WS2025)

Any help or insight will be highly appreciated.

Thank you!

Windows for business | Windows Server | Directory services | User logon and profiles
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Vaught 0 Reputation points
    2025-09-16T09:33:44.1166667+00:00

    I am having a Simular issue. Our environment is 2012r2 I have 2 new DC's one 2019, one 2022.

    Neither can login now locally. I can use Server Manager and run Powershell on the affected new DC's

    I opened a case with Microsoft as of today there is still no resolution.

    David.

  2. Savan Kariya 21 Reputation points
    2025-09-02T13:16:34.09+00:00

    We get the exact same issue with Server 2025 promotion as a Domain Controller. And the troubleshooting steps mentioned by @Kate Pham (WICLOUD CORPORATION) also does not apply as the login to the new DC is not possible anymore. How can we run these commands without being able to login.

  3. Kate Pham (WICLOUD CORPORATION) 585 Reputation points Microsoft External Staff Moderator
    2025-08-06T06:33:16.0133333+00:00
    1. If you're getting "username or password is incorrect" even for local logins, it may be broken secure channel between the new DC and the domain. ++ To check the trust relationship between affected DC and domain: nltest /sc_verify:<yourdomain>
    2. Check SYSVOL and NETLOGON Status ++ After promotion, these folders should be shared automatically. On the new DCDC, please run cmd: net share
      If SYSVOL and NETLOGON are missing, it means SYSVOL replication hasn't completed.
    3. Check DFSR status, run bellow cmd: For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

    => The state should be 4

    ++ Also check, dcdiag /test:sysvolcheck /test:advertising

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.