vijaygotur
asked on
Domain Controller 2003 error
Hi
After restarting the 2003 DC i am unable to login and getting the below error at the login screen and i am not able to login into the DC using domain admin / user credential,
"The name or security id (SID) of the domain specified is inconsistent with the trust information for that domain" how to fix this issue.
please help me to fix this issue
After restarting the 2003 DC i am unable to login and getting the below error at the login screen and i am not able to login into the DC using domain admin / user credential,
"The name or security id (SID) of the domain specified is inconsistent with the trust information for that domain" how to fix this issue.
please help me to fix this issue
Did you clone this server?
If so check the following page out.
http://www.networkfoo.org/server-infrastructure/name-or-security-id-sid-domain-specified-inconsistent-trust-information-domain
If so check the following page out.
http://www.networkfoo.org/server-infrastructure/name-or-security-id-sid-domain-specified-inconsistent-trust-information-domain
If the DC is configured from image/snapshot, i would say its not recommend to configure DC using snapshot. The reason is it can introduce USN rollback, dns issue, replication etc. Sysprep tool is doesn't work with windows 2008, its for windows 2003 & below where as NewSID tool is inbuilt in windows 2008 & above.
Configure OS with new media, because using images is not good practices.
Configure OS with new media, because using images is not good practices.
ASKER
Its not cloned, last week network card driver updated so was facing some issues, mean time restarted the serer.
Then realised not able to login to the DC, then tried to use last known good configuration, that time got the error.
Also logged in as local administrator in directory services, now i am not able to login as domain admin, olny using local user i can login.
Then realised not able to login to the DC, then tried to use last known good configuration, that time got the error.
Also logged in as local administrator in directory services, now i am not able to login as domain admin, olny using local user i can login.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you have only One DC in network, please dont remove any role from current DC regardless its working or not working.
shut down your DC, reomove network cables and start your DC. dont plug network cables try login to your DC. if suceed dont restart you DC again untill you add addiotional DC.
shut down your DC, reomove network cables and start your DC. dont plug network cables try login to your DC. if suceed dont restart you DC again untill you add addiotional DC.
ASKER
Its not allowing me to login using Domain admin account, so without login with domain its not possible to demote DC i think. Even i tried to login by disconnecting the netwrk cable also but no luck.
I have one more DC but i am worried that how to fix this server.
I have one more DC but i am worried that how to fix this server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can only login to a DC with a domain account, the local accounts exist only the SAM database. Domain Controllers use the Active Directory database for authentication, and as such cannot authenticate using a local account.
http://technet.microsoft.com/en-us/library/cc785020(WS.10).aspx
I'm guessing that that server is already not a Domain Controller, no matter what you tell it or what names you call it.
You've got another domain controller running so rather just seize the roles if needs be and then do the metadata cleanup as mentioned by Awinish.
You can then rebuild the old DC and promote it again.
http://technet.microsoft.com/en-us/library/cc785020(WS.10).aspx
I'm guessing that that server is already not a Domain Controller, no matter what you tell it or what names you call it.
You've got another domain controller running so rather just seize the roles if needs be and then do the metadata cleanup as mentioned by Awinish.
You can then rebuild the old DC and promote it again.
ASKER
thanks all of you for the help
thanks a lot
thanks a lot
ASKER
Above solutions partially helped me and i end up with creating the new DC instead of bringing up the problematic DC .
Did it work previously?
Is this a cloned/copied server?
This is usually due to SID information getting screwed up in the server. Hard to answer what the best thing to do is without more info. Sometimes you'll get pointed to newsid, but it's not necessarily the best option depending on the situation.