Solved

Using netdom to reset server password

Posted on 2010-08-18
8
1,064 Views
Last Modified: 2012-05-10
I have a situation where I believe that one of my servers may have lost connection with the domain. The symptoms are as follows
When attempting to log in via RDP using any user account I get an access denied message
Trying to run %logonserver% from the command prompt brings up a password prompt
Trying to run net time /set brings up an access denied error message
Event ID 1030, 1058, 1097 in the event log

I have already ran a netdom verify on the machine and it claims that the secure channel to the domain is good but i dont really know if that is the case.

So what I was thinking of doing was running a netdom reset on the server but the last thing I want to do is to mess it up if that would cause the server to need to be disjoined/rejoined to the domain.
0
Comment
Question by:Joseph Daly
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 33469260
Or move it out of the domain and back in which will also reset the secure channel.  What sort of server is it?

for the 1030/1058

Take a look at these two articles

http://support.microsoft.com/kb/887303

http://www.expertsexchange.com/articles/OS/Microsoft_Operating_Systems/Server/2003_Server/Diagnosing-and-repairing-Events-1030-and-1058.html
Good EE article by Chief IT

I'd try the dfsutil /purgemupcache first and see if that helps (i've had luck with it on a few boxes in the past)

Thanks

Mike
0
 
LVL 3

Assisted Solution

by:meagain35
meagain35 earned 166 total points
ID: 33469279
NETDOM RESET "should" not cause you any problems as it is simply resetting and assuring the machine is in sync with the domain.

Take a look here as there are some requirements to running depending on the type of server

http://support.microsoft.com/kb/260575

0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33469308
The reason im scared of the moving out of the domain and back in is that this server is our cisco unified messaging server. I would bet that this thing would freak out and take down our voicemail if i tried a remove/readd.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 167 total points
ID: 33469874
Dijoining from the domain does not always work resetting the secure channel password with netdom does work 100% of the time from my experience. Make sure the server is only pointing to internal DNS servers.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 57

Expert Comment

by:Mike Kline
ID: 33470702
Yeah don't remove it then if it runs messaging.  Still check that link about the 1058 and 1030 errors.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33474689
Mkline: I did take a look at that article, after reading through some of the suggestions he makes it looks like most of them do not apply to this situation. I have not yet done the dfsutil /purgemupcache command but I will try that.

Alot of the other steps in the document seem to apply to a domain controller which this is not.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33475437
Just tried the dfsutil command and that did not seem to resolve the issue. I kind of had a feeling that might not work because when using the %Logonserver% environment variable from the command line it pointed to the right server I was just prompted for a username/pass.

That combined with all of the other access issues is making me lean more towards a bad secure channel on this server. I also came across another person with similar issues whos cause was a bad winsock and it was resolved by using netsh winsock reset.
0
 
LVL 35

Author Closing Comment

by:Joseph Daly
ID: 33500316
So the solution to this is not really a solution at all. We were planning on upgrading to the newest version of this software next month and will be building a whole new server. All of the functions of this server still work so we are going to just decomission this when the time comes.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now