We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


active directory server 2008 issues

Medium Priority
Last Modified: 2012-05-11
Ok so i am having sort of a big problem that i am trying to work through.

How this all started was i had a domain controller that had a bad name, it was one of those windows auto generated ones were its like WIN-9m9..... the random generated ones.

I wanted to obviously change this to a correct naming scheme. What i did was bring up a vmware server 2008 system and added it to the forest. Once i did this i dcpromo'd out the initial domain controller so that i could change its name.

Once i did this i had many problems, first of which resided because everyone was using the old dns servers... Once i figured that out i changed the dns servers in the dhcp setup.

This sort of fixed my problem.

Then i went ahead and fully reinstalled the initial server with the OS again. Once that was done i installed the AD role and re added it to the forest. At the end of the dcpromo addition, i got a message along the lines of it not being able to create DNS records and that i should create them manually.

I did not think much of this at the time but i think this coupled with other stuff is causing problems.

The way i figured out i actually had a problem was when i tried to access a network drive that uses Single sign on to authenticate.

It comes up with a message "\\ is not accessible. You might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions.

There are currently no logon servers available to service the logon request."

After i saw this i googled it and then once i went into the event vwr i realized i have a  problem.

I have numerous errors from NETLOGON which are only found on the second domain controller JJDAD02, on JJDAD01 which is the initial one i reinstalled i do not find these errors.

One of these errors is as follows:

"The session setup for the computer JJDAD01 failed to authenticate. The following error occured: Access is denied"

"The session setup from computer 'JJDAD01' failed because the security database does not contain a trust account 'JJDAD01$' referenced by the specified computer.  

If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01' then 'JJDAD01' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01', then 'JJDAD01' should be rejoined to the domain.  

If 'JJDAD01$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'JJDAD01$' is not a legitimate account, the following action should be taken on 'JJDAD01':  

If 'JJDAD01' is a Domain Controller, then the trust associated with 'JJDAD01$' should be deleted.  

If 'JJDAD01' is not a Domain Controller, it should be disjoined from the domain."

The intresting thing is these errors are from earlier in the day before i wiped the domain controller jjdad01. I tried to just dcpromo it out, change the name, and dcpromo it in but it did not work.

This is why i decided to wipe the system and start fresh.

As i said once i added it the second time it only told me the message about the DNS not registering and how i should do it manually.

maybe this is my issue?

So my that is my issue. Essentialy at this point i do not know were to start to fully rectify this issue, so any guidance is very much appreciated.

Let me know if you need any error messages or logs so that you can help me out.


Watch Question

Paul MacDonaldDirector, Information Systems

Someone may be more authoritative on this, but I suspect the original instantiation of the DC wasn't completely gone from AD/DNS when you wiped it and rebuilt it.

If it were me, I'd take down the new DC again, comb through AD and DNS for any traces of it, then maybe bring it back in again.  I might even consider using a different host name.


so let me clarify...

JJDAD02 was the new one i brought into the foreset when the old WIN-9M9... server was the main DC.

After JJDAD02 was brought in, i dcpromo'd WIN-9M9 out but if i remeber right i didnt remove dns...

Then i brought the new JJDAD01 into the forest.

So your saying take JJDAD02 out again leaving JJDAD01?
Paul MacDonaldDirector, Information Systems

Thanks for clarifying.  I was under the impression you brought AD02 in, took it out, then brought it back in again.

So you had AD02 as the sole DC and no DNS in the domain?  I wouldn't have thought that was possible, unless you forcibly removed the old 9M9 DC.

Did 9M9 end up becoming AD01?  Did you wipe it, reinstall, then DCPromo it?

Ultimately, all items in AD are known by thier SID.  What I'm suggesting is that there's some confusion in AD regarding SIDs, but I may very well be wrong about that.


AD02 was also a DC and DNS... i checked after i removed 9M9 it had all my records...

yes 9M9 did become AD01 after i wiped and reinstlled yes...

Unlock this solution and get a sample of our free trial.
(No credit card required)


problem solved on my own after more research.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.