I have a small network that comprises a SBS Windows Server 2003 server and XP workstations.
Due to a server problem the SBS 2003 software had to be re-installed from scratch. On the re-install the same domain name (e.g. business.local) was used and the same user accounts and passwords were re-entered into AD.
However, the trust relationship between the XP workstations nad the server has been broken due to the new SID on the server. In the System Log then I am seeing NETLOGON errors Event Id 5805 and 5513 saying that computers failed to authenticate and to re-establish the trust relationship. (I have posted these at the bottom of the question.)
The users are able to logon using their user accounts and get access to server resources as normal. However, the system log is getting the regular computer authtication errors.
For one of the XP clients I have changed the network back to a workgroup type and then re-joined the domain. This has fixed the authentication issues for this one workstation but I have needed to redo all the client accounts on the workstation. With the original SBS configuration I have accounts on the client workstation of "john", "fred" etc. but after rejoining the domain I have "john.BUSINESS" & "fred.BUSINESS".
To redo all the accounts on all the workstations would be a lot of work and therefore I am looking for anything that is a smarter option.
NB I can't use any of the SBS wizards for configuring the clients - the reason for this is that I also have a SCO Unix server that requires static IP addressing as part of the security - so my network has been configured manually.
Can any one help ?
The session setup from the computer SALES failed to authenticate. The following error occurred:
Access is denied.
The computer SALES tried to connect to the server \\SERVER using the trust relationship established by the BUSINESS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
Follow these steps EXACTLY to fix the problems:
At the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
5. Delete the following Registry Key entirely: HKLM\Software\Microsoft\Sm
6. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Setup Client Computers wizard
Then, go back to the client machine, log back in with the local Administrator account.
1. If there is more than one network interface, make sure that the only one that's enabled is the one connected to the SBS.
2. Open IE and enter http://<servername>/connectcomput
3. Supply the domain Administrator credentials when requested and assign appropriate user to the machine
4. After the machine reboots the second time, log in with the assigned user's credentials to complete the process.