Access Denied when tyring to join or un-join the domain
We recently had one of our Windows 2000 consoles crash. No problem, we have others just like it so I syspreped one of the functioning ones and made an image. However, when I brought the syspreped box back online and ran through Windows setup etc I couldn't join the domain. We keep getting "Access is Denied" errors when trying to join. AD would show the system correctly, but then disable it after the first login attempt.
So we tried applying an image of a non-syspreped console to the box, then with the network unplugged we tried to move the computer to a workgroup and we get "Access is Denied".
In all my experience, limited as it may be, with no network (i.e. no domain controllers), logged in as the local admin I should be able to dis-join the domain, correct?
All of the Access is Denied errors are leading me to believe that there is a permission problem somewhere, but I'm not sure where. We have even tried throwing a non-sysprepped image on the box, then changing the name without ever dis-joining the domain. The name is changed in AD but the I get the following error: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" and using nltest /sc_query:domain results in an "Access is Denied" error.
Any ideas what i can try next?
Thanks for any help you can give!
-Aron
So we tried applying an image of a non-syspreped console to the box, then with the network unplugged we tried to move the computer to a workgroup and we get "Access is Denied".
In all my experience, limited as it may be, with no network (i.e. no domain controllers), logged in as the local admin I should be able to dis-join the domain, correct?
All of the Access is Denied errors are leading me to believe that there is a permission problem somewhere, but I'm not sure where. We have even tried throwing a non-sysprepped image on the box, then changing the name without ever dis-joining the domain. The name is changed in AD but the I get the following error: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" and using nltest /sc_query:domain results in an "Access is Denied" error.
Any ideas what i can try next?
Thanks for any help you can give!
-Aron
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To use the Netdom.exe command-line utility to reset the secure channel, type the following lines at the at the command prompt, pressing ENTER after each line:
netdom reset ComputerName /domain:DomainName
(above referenced aritcle)
http://support.microsoft.com/kb/810497