"The name or security ID SID of the domain specified is inconsistent with the trust information for that domain"

Posted on 2004-08-30
Last Modified: 2011-08-18
I recently started on a Windows 2003 test domain.  I have 6 Windows 2003 servers (SERVER1-6) all patched with all the security updates and antivirus.  I ran DCPROMO on SERVER1; it’s now my only DC, DNS server, WINS server, and DHCP (which is not being used at this point).  I created a new user (USER1) and made USER1 a member of DOMAIN ADMINS, SCHEMA ADMINS, and DOMAIN USERS.  I can log on to SERVER1 as USER1 with no problems.  Now on SERVER2, I join the test domain with no problems using the USER1 account I created.  I now try to log onto SERVER2 as USER1 and receive this error message “The name or security ID SID of the domain specified is inconsistent with the trust information for that domain”.  I can log on to SERVER1 as this user and I log on to SERVER2 as the local admin but I can not log on to SERVER2 as USER1.  Thanks in advance for you time.
Question by:kbws1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 23

Accepted Solution

rhandels earned 300 total points
ID: 11933868

Try readding the server in the domain, looks like something went wrong when the server was added to the domain. So first, make sure to "add" the 2 server to a workgroup (kinda like deleting it from the domain) and check the AD Users & Computers if the server 2 is in the AD. If so, delete it and add the server to the domain again.

If this doesn't work, you could try to reset the account after it is created within the domain..

Author Comment

ID: 11945748
I did all of the above and it still didnt work so i just demoted SERVER1 back to a standalone server and then ran DCPROMO again and promoted back to a DC and then everything worked great.  

Expert Comment

ID: 12916209
The cause of this problem is most likely because you ghost imaged the servers to each other. This means they all have exactly the same SID and the member server cannot join to the DC with the same SID. To resolve this, take the member server off the domain, run ghost walker to reset the SID on the member server, then rejoin and this will fix the problem.
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Expert Comment

ID: 13273967

I had the same problem and i used NewSid program
It chenaged the SID automaticlly (for those who don't know how to use ghost walker) and everything works fine


Expert Comment

ID: 20013775
Jupp, this worked for me too, but the link posted by aleex is dead. Here is the new link:

Expert Comment

ID: 35181247
Thank you gentlemen, I actually just did that and now the server is rebooting.  I just checked here to see if anyone has posted any additional tips.  I will let you know the results

Expert Comment

ID: 35184203
Thank you gentlemen for your help; the NewSid did the trick.  I am good to go for the exchange install next.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question