Hi everyone,
I am experiencing an issue with the NPS server configured in a Workgroup and I hope someone can help me find a solution.
the Action Service installed on my NPS server needs to contact the domain controller with the PDC Emulator role to manage critical functions.
To emulate the Domain Controller Location Services (DCLS) procedure, NPS use the command:
nltest /dsgetdc:next04.loc /PDC
This command works correctly only domain-joined computers, but when executed from a computer in a workgroup, it returns this error:
This prevents NPS from creating the session to the target server.
The reason for the error is that the “nltest” cmdlet is engineered to work for some options by leveraging Kerberos, which requires special permissions and authentication.
After various tests, I verified that if I use the command “nltest /dsgetdc:”, which uses a simple DNS query, the command succeeds and returns the name of the Domain Controller present in the DNS record.
So if, as shown in the image, the identified DC is not the PDC, then the error persists and nothing works.
However, if I migrate the FSMO role to the identified server and everything starts working correctly!
Was anyone already aware of this issue? Do you have a workaround to solve the problem?
Thank you very much for any attempt to help.
Have a great day, everyone.
C.