Browse All Articles
> Secure channel Broken Recovery
There were some Jr engineers who always used to come up to me with an error stating they are unable to login and getting some trust relationship error. First I used to suggest them either use sysprep to the machines if they are created using Image, or, let me know further if they faced the same issue again after sysprep. So after dedicated haunting of 1Hr I got the resolution relating to Secure channel state.
When Secure Channel between A worksation/Member Server /DC /PDC is broken you may experience an error in login. The most comman error is "Eror (Login): The security Database on the server does not have a computer account for this workstation Trust relationship"
Please use the command below to verify the secure channel state
C:\>nltest /server:DC1 /sc_query:Domain.com
Note:- Replace DC1 with the computer name in question and domain.com with the domain name
Output should come as "success"
For More examples and error messages I would recommend you to see http://support.microsoft.com/kb/158148
If not "Success", then you need to come up to recover the Secure Channels
When You find secure channel between DC is in broken State follow below procedures to recover:
1) Stop the KDC service you can achieve the same using "net stop KDC"
2) Download the windows resouce kit tool and run kerbtray.exe this exe will start as a green icon near by the clock in taskbar
3) Right click on this icon and click "Purge Tickets" and then click OK for confirmation
4) Now reset the DC A/C password using below command (Modify according to your naming convections) "netdom /resetpwd /server:DC /userd:domain.com\administ
rator /password:password" and hit Enter with full Confidence and make sure you are not breaking the enter Key
5) Now run command repadmin /syncall /ADeP
6) Now start the KDC service using "net start KDC"
And Bingo...you are done
Comments and Feedback are welcome
Remember to Mark as Helpful if it works for you