Solved

Using netdom to reset server password

Posted on 2010-08-18
8
1,086 Views
Last Modified: 2012-05-10
I have a situation where I believe that one of my servers may have lost connection with the domain. The symptoms are as follows
When attempting to log in via RDP using any user account I get an access denied message
Trying to run %logonserver% from the command prompt brings up a password prompt
Trying to run net time /set brings up an access denied error message
Event ID 1030, 1058, 1097 in the event log

I have already ran a netdom verify on the machine and it claims that the secure channel to the domain is good but i dont really know if that is the case.

So what I was thinking of doing was running a netdom reset on the server but the last thing I want to do is to mess it up if that would cause the server to need to be disjoined/rejoined to the domain.
0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 33469260
Or move it out of the domain and back in which will also reset the secure channel.  What sort of server is it?

for the 1030/1058

Take a look at these two articles

http://support.microsoft.com/kb/887303

http://www.expertsexchange.com/articles/OS/Microsoft_Operating_Systems/Server/2003_Server/Diagnosing-and-repairing-Events-1030-and-1058.html
Good EE article by Chief IT

I'd try the dfsutil /purgemupcache first and see if that helps (i've had luck with it on a few boxes in the past)

Thanks

Mike
0
 
LVL 3

Assisted Solution

by:meagain35
meagain35 earned 166 total points
ID: 33469279
NETDOM RESET "should" not cause you any problems as it is simply resetting and assuring the machine is in sync with the domain.

Take a look here as there are some requirements to running depending on the type of server

http://support.microsoft.com/kb/260575

0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33469308
The reason im scared of the moving out of the domain and back in is that this server is our cisco unified messaging server. I would bet that this thing would freak out and take down our voicemail if i tried a remove/readd.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 167 total points
ID: 33469874
Dijoining from the domain does not always work resetting the secure channel password with netdom does work 100% of the time from my experience. Make sure the server is only pointing to internal DNS servers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33470702
Yeah don't remove it then if it runs messaging.  Still check that link about the 1058 and 1030 errors.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33474689
Mkline: I did take a look at that article, after reading through some of the suggestions he makes it looks like most of them do not apply to this situation. I have not yet done the dfsutil /purgemupcache command but I will try that.

Alot of the other steps in the document seem to apply to a domain controller which this is not.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33475437
Just tried the dfsutil command and that did not seem to resolve the issue. I kind of had a feeling that might not work because when using the %Logonserver% environment variable from the command line it pointed to the right server I was just prompted for a username/pass.

That combined with all of the other access issues is making me lean more towards a bad secure channel on this server. I also came across another person with similar issues whos cause was a bad winsock and it was resolved by using netsh winsock reset.
0
 
LVL 35

Author Closing Comment

by:Joseph Daly
ID: 33500316
So the solution to this is not really a solution at all. We were planning on upgrading to the newest version of this software next month and will be building a whole new server. All of the functions of this server still work so we are going to just decomission this when the time comes.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question