Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows SBS 2003 Server Locked out with Symantec

Posted on 2009-05-05
20
221 Views
Last Modified: 2012-08-14
So I have a major problem, anyway some backround first,
I took over as Systems and Network Administrator in a small company last week, the last administrator left 7 months ago and they have only found the money to replace him now, with me. i was a junior administrator in my last job and I always had someone to call on if I got stuck. There was supposed to be a senior guy here to oversee but he is gone since last week. So you can probably see how this is developing.
One of the guys in the office is a programmer and has been sort of looking after the network as well as doing his own job. anyway last week the day before I started he saw that the servers were due a restart and that symantec had to be updated.

So he did the following.
1. The network administrator password was changed about a month ago
2. Symantec updates were downloaded
3. Restart the Domain Controller
4. On restart unable to log into DC
5. Try to access it remotely but RPC service is not working
6. No Backup Network Admin account
7. No backup DC

So my problem is that i'm locked out of my DC which is also the file server
I dont have the local admin password because no one knows it.
I have the new and the old administrator password but neither of them work,

So far i've tried to run ntdsutil but this is what I get,

Because the local system doesn't support application password validation, ntdsut
il couldn't verify the password with the domain policy. But ntdsutil will contin
ue to set the password on DS Restore Mode Administrator account.
Setting password failed.
        WIN32 Error Code: 0x6ba
        Error Message: The RPC server is unavailable.

I've installed Windows 2003 Server Administration tools pack and I can open Active Directory Management but I cant actually do anything with it. I can see it and thats all.

If anyone could help with this problem I would be eternally grateful.
Thanks :D
0
Comment
Question by:Kismet80
  • 9
  • 7
  • 4
20 Comments
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305346
The domain controller does not have a local administrator account.
Essentially, the only problem (not that its a small one) is that you can't administer the domain now and you can't log into the domain controller.
If this environment is common, I'm sure there is someone around that has domain admin rights (and may not even know it). You might want to check that first. Network admin, developer, etc.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24305362
Were there are a number of tools that can help reset a local admin password on the DC.  If you can get that reset then you can use F8 on boot up to access this Directory Service Restore Mode.  From there you could reset the DC admin password.  This website has some helpful infomation on accomplishing this.

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

Let me know if you need further help and if this works for you.
0
 

Author Comment

by:Kismet80
ID: 24305557
Hi,

Thanks for the information,

The developer is a member of the domain admins but I tried to log him on and it wouldnt log him onto the server.
It seems like the AD service is not after starting when the server starts.
Also I've been told that Symantec has problems and after updates it restarts its firewall and blocks all network access to the file server. Im wondering if this is anything to do with it,
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305596
Have you tried to log on at the console as a domain admin?
0
 

Author Comment

by:Kismet80
ID: 24305644
Hi,

Yes, ive tried that, Ive tried all the domain admin accounts
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305670
Perhaps the server could use another reboot?
But first, can you manage the computer remotely? (i.e. Computer Management on your workstation, then connect to remote server and choose the DC)? Maybe you can look at the event log that way, check on any services that may be off, etc
0
 

Author Comment

by:Kismet80
ID: 24305762
Hi,

Ive tried to connect remotely over Computer Managment but it tells me that computer XXX cannot be managed, the network path cannot be found.
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305793
Can you ping the server from your workstation?
Are people able to log into the network and get to secured file shares and such?
0
 

Author Comment

by:Kismet80
ID: 24305869
Hi,

Im not able to ping it at all,
Im able to log onto my laptop but I think the password may have been cached from when the developer set up my laptop the week before.
No access to any file shares
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305997
It can happen but a restart of the server and updating symantec would seem unlikely to cause this many problems. Maybe ask some more questions about what has been done to the server over the past week.
Also...a try a reboot and see if it helps.
And finally, start looking for backups just in case you end up needing them.
0
 

Author Comment

by:Kismet80
ID: 24306050
Hi,

Ive tried a couple of reboots,
I've also tried rebooting into safe mode and safe mode with networking

According to the guy in the office the only thing that was done was update symantec and change the passwords.
I do believe him because he is incredibly busy and doesnt really have the time to be messing around with the server.
The only reason he changed the password on the DC was because two developers left and they had the domain admin password.

I have the backup tapes but I dont know how recent they are.
Im hoping that the one in the drive is the latest one, and that it actually ran when it was supposed to.

0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24306149
What's odd is the combination of no network AND the inability to log onto the DC from the console. Those two problems should not be related.
The network issue could be anything from the firewall, symantec, etc. I would address that second.
You need to find out why you can't log in locally on the console as a domain admin. What error do you get?
0
 

Author Comment

by:Kismet80
ID: 24306421
Hi,

Something that I forgot to mention, Exchange is still working,
I am still able to send and receive email and also to access the internet.

The error message that I get when I log in locally is
The system could not log you on. make sure your user name and domain are correct, then type your password again.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24309149
When you reboot the server are you able to access the Active Directory restore mode from the F8 menu console?  If you can will it let you log in to the system then?
0
 

Author Comment

by:Kismet80
ID: 24309292
Hi,

I can access the Active Directory Restore mode but I dont have the DSRM password.

0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24318336
Any luck? Do you know if you have a good backup?
0
 

Author Comment

by:Kismet80
ID: 24319220
No luck so far,
I dont know if I have a good back up, im going to check the last backup tapes tomorrow and see what is there. if there is a decent back up then there is a spare server that I will use to build a new AD.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24319695
Not sure how far you are willing to go to reset the password.  But here is a program that says it has the ability to reset the administrative password on servers. Hope this helps.

http://www.lostpassword.com/windows.htm
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24319723
Here is another link to a program that has the ability to change the admin password and displays the name of the administrator account (just incase it's been changed).

http://www.mirider.com/ntaccess.html
0
 

Accepted Solution

by:
Kismet80 earned 0 total points
ID: 24372466
Thanks for everyones help,
In the end the solution that I went with was to restore from a backup tape to the server.
 
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Information Store Service missing 3 60
Sharepoint Home Page (companyweb) blank 3 116
Windows 10 VPN? 6 93
Remote Desktop GATEWAY server 2008 to 2012 cutover 5 68
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question