With PDC not working possibly the boot media but not sure without looking into the logs from support that you can submit. If the DSS version up66 works then I would use that as the up70 does not have that much of updates other then drivers. Now I had a case where the end user reboot the Windows server and this somehow allowed the ADS to authenticate. I know that is hard to do due to production times but just a thought.