Solved

Windows SBS 2003 Server Locked out with Symantec

Posted on 2009-05-05
20
218 Views
Last Modified: 2012-08-14
So I have a major problem, anyway some backround first,
I took over as Systems and Network Administrator in a small company last week, the last administrator left 7 months ago and they have only found the money to replace him now, with me. i was a junior administrator in my last job and I always had someone to call on if I got stuck. There was supposed to be a senior guy here to oversee but he is gone since last week. So you can probably see how this is developing.
One of the guys in the office is a programmer and has been sort of looking after the network as well as doing his own job. anyway last week the day before I started he saw that the servers were due a restart and that symantec had to be updated.

So he did the following.
1. The network administrator password was changed about a month ago
2. Symantec updates were downloaded
3. Restart the Domain Controller
4. On restart unable to log into DC
5. Try to access it remotely but RPC service is not working
6. No Backup Network Admin account
7. No backup DC

So my problem is that i'm locked out of my DC which is also the file server
I dont have the local admin password because no one knows it.
I have the new and the old administrator password but neither of them work,

So far i've tried to run ntdsutil but this is what I get,

Because the local system doesn't support application password validation, ntdsut
il couldn't verify the password with the domain policy. But ntdsutil will contin
ue to set the password on DS Restore Mode Administrator account.
Setting password failed.
        WIN32 Error Code: 0x6ba
        Error Message: The RPC server is unavailable.

I've installed Windows 2003 Server Administration tools pack and I can open Active Directory Management but I cant actually do anything with it. I can see it and thats all.

If anyone could help with this problem I would be eternally grateful.
Thanks :D
0
Comment
Question by:Kismet80
  • 9
  • 7
  • 4
20 Comments
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305346
The domain controller does not have a local administrator account.
Essentially, the only problem (not that its a small one) is that you can't administer the domain now and you can't log into the domain controller.
If this environment is common, I'm sure there is someone around that has domain admin rights (and may not even know it). You might want to check that first. Network admin, developer, etc.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24305362
Were there are a number of tools that can help reset a local admin password on the DC.  If you can get that reset then you can use F8 on boot up to access this Directory Service Restore Mode.  From there you could reset the DC admin password.  This website has some helpful infomation on accomplishing this.

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

Let me know if you need further help and if this works for you.
0
 

Author Comment

by:Kismet80
ID: 24305557
Hi,

Thanks for the information,

The developer is a member of the domain admins but I tried to log him on and it wouldnt log him onto the server.
It seems like the AD service is not after starting when the server starts.
Also I've been told that Symantec has problems and after updates it restarts its firewall and blocks all network access to the file server. Im wondering if this is anything to do with it,
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305596
Have you tried to log on at the console as a domain admin?
0
 

Author Comment

by:Kismet80
ID: 24305644
Hi,

Yes, ive tried that, Ive tried all the domain admin accounts
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305670
Perhaps the server could use another reboot?
But first, can you manage the computer remotely? (i.e. Computer Management on your workstation, then connect to remote server and choose the DC)? Maybe you can look at the event log that way, check on any services that may be off, etc
0
 

Author Comment

by:Kismet80
ID: 24305762
Hi,

Ive tried to connect remotely over Computer Managment but it tells me that computer XXX cannot be managed, the network path cannot be found.
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305793
Can you ping the server from your workstation?
Are people able to log into the network and get to secured file shares and such?
0
 

Author Comment

by:Kismet80
ID: 24305869
Hi,

Im not able to ping it at all,
Im able to log onto my laptop but I think the password may have been cached from when the developer set up my laptop the week before.
No access to any file shares
0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24305997
It can happen but a restart of the server and updating symantec would seem unlikely to cause this many problems. Maybe ask some more questions about what has been done to the server over the past week.
Also...a try a reboot and see if it helps.
And finally, start looking for backups just in case you end up needing them.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Kismet80
ID: 24306050
Hi,

Ive tried a couple of reboots,
I've also tried rebooting into safe mode and safe mode with networking

According to the guy in the office the only thing that was done was update symantec and change the passwords.
I do believe him because he is incredibly busy and doesnt really have the time to be messing around with the server.
The only reason he changed the password on the DC was because two developers left and they had the domain admin password.

I have the backup tapes but I dont know how recent they are.
Im hoping that the one in the drive is the latest one, and that it actually ran when it was supposed to.

0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24306149
What's odd is the combination of no network AND the inability to log onto the DC from the console. Those two problems should not be related.
The network issue could be anything from the firewall, symantec, etc. I would address that second.
You need to find out why you can't log in locally on the console as a domain admin. What error do you get?
0
 

Author Comment

by:Kismet80
ID: 24306421
Hi,

Something that I forgot to mention, Exchange is still working,
I am still able to send and receive email and also to access the internet.

The error message that I get when I log in locally is
The system could not log you on. make sure your user name and domain are correct, then type your password again.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24309149
When you reboot the server are you able to access the Active Directory restore mode from the F8 menu console?  If you can will it let you log in to the system then?
0
 

Author Comment

by:Kismet80
ID: 24309292
Hi,

I can access the Active Directory Restore mode but I dont have the DSRM password.

0
 
LVL 6

Expert Comment

by:DanielWillmott
ID: 24318336
Any luck? Do you know if you have a good backup?
0
 

Author Comment

by:Kismet80
ID: 24319220
No luck so far,
I dont know if I have a good back up, im going to check the last backup tapes tomorrow and see what is there. if there is a decent back up then there is a spare server that I will use to build a new AD.
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24319695
Not sure how far you are willing to go to reset the password.  But here is a program that says it has the ability to reset the administrative password on servers. Hope this helps.

http://www.lostpassword.com/windows.htm
0
 
LVL 6

Expert Comment

by:akrdm
ID: 24319723
Here is another link to a program that has the ability to change the admin password and displays the name of the administrator account (just incase it's been changed).

http://www.mirider.com/ntaccess.html
0
 

Accepted Solution

by:
Kismet80 earned 0 total points
ID: 24372466
Thanks for everyones help,
In the end the solution that I went with was to restore from a backup tape to the server.
 
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now