Solved

Windows 2003 member server unable to logon to domain or local account; access denied

Posted on 2010-08-27
9
1,188 Views
Last Modified: 2012-06-22
Windows 2003 member server had DNS error due to legacy IP of replicated server that had been isolated on a disconnected subnet for testing.  That replicated machine was physically removed before site-to-site connection restored from subnet to LAN.  Evdently, remote DNS entry for remote subnet IP came over.

I was able to update the DNS info to LAN subnet and am able ping the server by name and IP in LAN and WAN.  However, I cannot logon either as a domain user or the local Administrator because computer account not found and/or target name incorrect.  I tried a remote forced shutdown but access is denied.  Tried RDP and VNC same results.  Can see server in Windows Explorer but cannot open as target name is not correct.  Have started in Safe Mode as Last Known Good and Safe Mode with Networking with same results.  Removed from DNS and AD Computers then re-added but AD does not show DNS name in Properties.  Still pinging OK.

What else can I do to recover this production SQL/Data Dell Power Edge R900 Windows 2003 Std. R2?
0
Comment
Question by:ColdKathleen
  • 4
  • 4
9 Comments
 

Author Comment

by:ColdKathleen
ID: 33543975
New info:  when atempting a "net use" request, new error is Error 1789, trust relationship between this computer and domain has failed.
0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 33544143
Use this utility to create a bootable CD/floppy.  This will allow you to reset the local administrator password.  That way you can log on to the server locally.

From there, I would change the IP Address back to something useable.
0
 
LVL 5

Accepted Solution

by:
jlanderson1 earned 450 total points
ID: 33544148
Sorry..here's the link to the utility...I have used this numerous times for XP users who don't know their local admin passwords...it also supports 2003 server.

http://pogostick.net/~pnh/ntpasswd/
0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 33544203
Also, once you get in on the server locally, if the errors persist, I would remove from the domain and add it back.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 5

Assisted Solution

by:tastas
tastas earned 50 total points
ID: 33544538
If you are know the username/password to the member server, simply unplug the network cable, and login.  It will use cache authentication.

After you have successfully login, change it to a workgroup and add it back ot the domain.
0
 

Author Comment

by:ColdKathleen
ID: 33544558
Ran the password reset utility for Administrator password, seemed to work OK and followed directions to edit password and write info back.  Still can't logon.  Will re-try while awaiting more info... if any.  Great idea, though.
0
 

Author Comment

by:ColdKathleen
ID: 33544659
2nd try failed.  Runs and says edit on Administrator complete, no error on the "save back".
0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 33546282
When you try to logon locally, you don't get a bad password error, right?  What does it say again, exactly?
0
 

Author Closing Comment

by:ColdKathleen
ID: 33568150
After exhausting legitimate approaches w/ Dell and Microsoft, they advised me to reload the OS and rebuild the server.  The password hacker utilities that simulate a Win2k3 install failed due to RAID driver complications.  I even bought a USB-Floppy Drive per Dell... so after 10 hours and 35+ boots later, I ran the pogostick utility and BLANKED the password which did the trick.  

[I had run it to reset the password which claimed it worked but I never got in that way ergo the extended Dell/Microsoft support time.  I had to BLANK the password which worked.]  This utility was the solution, many thanks.

The trick of pulling the network cable and using the cached password worked when I was on phone w/ Microsoft but the tech AGAINST MY BETTER JUDGMENT insisted the cure was to unjoin the network without FIRST resolving the local admin password so I was back at square one.  But the idea was right so I tossed some points there too!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now