Solved

Using netdom to reset server password

Posted on 2010-08-18
8
1,092 Views
Last Modified: 2012-05-10
I have a situation where I believe that one of my servers may have lost connection with the domain. The symptoms are as follows
When attempting to log in via RDP using any user account I get an access denied message
Trying to run %logonserver% from the command prompt brings up a password prompt
Trying to run net time /set brings up an access denied error message
Event ID 1030, 1058, 1097 in the event log

I have already ran a netdom verify on the machine and it claims that the secure channel to the domain is good but i dont really know if that is the case.

So what I was thinking of doing was running a netdom reset on the server but the last thing I want to do is to mess it up if that would cause the server to need to be disjoined/rejoined to the domain.
0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 33469260
Or move it out of the domain and back in which will also reset the secure channel.  What sort of server is it?

for the 1030/1058

Take a look at these two articles

http://support.microsoft.com/kb/887303

http://www.expertsexchange.com/articles/OS/Microsoft_Operating_Systems/Server/2003_Server/Diagnosing-and-repairing-Events-1030-and-1058.html
Good EE article by Chief IT

I'd try the dfsutil /purgemupcache first and see if that helps (i've had luck with it on a few boxes in the past)

Thanks

Mike
0
 
LVL 3

Assisted Solution

by:meagain35
meagain35 earned 166 total points
ID: 33469279
NETDOM RESET "should" not cause you any problems as it is simply resetting and assuring the machine is in sync with the domain.

Take a look here as there are some requirements to running depending on the type of server

http://support.microsoft.com/kb/260575

0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33469308
The reason im scared of the moving out of the domain and back in is that this server is our cisco unified messaging server. I would bet that this thing would freak out and take down our voicemail if i tried a remove/readd.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 167 total points
ID: 33469874
Dijoining from the domain does not always work resetting the secure channel password with netdom does work 100% of the time from my experience. Make sure the server is only pointing to internal DNS servers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33470702
Yeah don't remove it then if it runs messaging.  Still check that link about the 1058 and 1030 errors.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33474689
Mkline: I did take a look at that article, after reading through some of the suggestions he makes it looks like most of them do not apply to this situation. I have not yet done the dfsutil /purgemupcache command but I will try that.

Alot of the other steps in the document seem to apply to a domain controller which this is not.
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 33475437
Just tried the dfsutil command and that did not seem to resolve the issue. I kind of had a feeling that might not work because when using the %Logonserver% environment variable from the command line it pointed to the right server I was just prompted for a username/pass.

That combined with all of the other access issues is making me lean more towards a bad secure channel on this server. I also came across another person with similar issues whos cause was a bad winsock and it was resolved by using netsh winsock reset.
0
 
LVL 35

Author Closing Comment

by:Joseph Daly
ID: 33500316
So the solution to this is not really a solution at all. We were planning on upgrading to the newest version of this software next month and will be building a whole new server. All of the functions of this server still work so we are going to just decomission this when the time comes.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question