• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 749
  • Last Modified:

Domain Controller 2003 error

Hi

After restarting the 2003 DC i am unable to login and getting the below error at the login screen and i am not able to login into the DC using domain admin / user credential,  
"The name or security id (SID) of the domain specified is inconsistent with the trust information for that domain" how to fix this issue.

please help me to fix this issue
0
vijaygotur
Asked:
vijaygotur
2 Solutions
 
AdamRobinsonCommented:
Is this the first time you've seen it?  

Did it work previously?

Is this a cloned/copied server?

This is usually due to SID information getting screwed up in the server.  Hard to answer what the best thing to do is without more info.  Sometimes you'll get pointed to newsid, but it's not necessarily the best option depending on the situation.
0
 
andossCommented:
0
 
AwinishCommented:
If the DC is configured from image/snapshot, i would say its not recommend to configure DC using snapshot. The reason is it can introduce USN rollback, dns issue, replication etc. Sysprep tool is doesn't work with windows 2008, its for windows 2003 & below where as NewSID tool is inbuilt in windows 2008 & above.

Configure OS with new media, because using images is not good practices.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
vijaygoturAuthor Commented:
Its not cloned, last week network card driver updated so was facing some issues, mean time restarted the serer.

Then realised not able to login to the DC, then tried to use last known good configuration, that time got the error.

Also logged in as local administrator in directory services, now i am not able to login as domain admin, olny using local user i can login.

0
 
AwinishCommented:
That mean server is no more alive with AD, something went wrong & DC is no more acting as an DC, demote it & repromote it will takes less time than troubleshooting.

If you are not able to demote gracefully, use dcpromo /forceremoval followed by metadata cleanup.
Prior to demotion, transfer all the AD services to another DC, format the server, reload fresh OS & promote it back using dcpromo.
0
 
itubafCommented:
if you have only One DC in network, please dont remove any role from current DC regardless its working or not working.
shut down your DC, reomove network cables and start your DC. dont plug network cables try login to your DC. if suceed dont restart you DC again untill you add addiotional DC.




0
 
vijaygoturAuthor Commented:
Its not allowing me to login using Domain admin account, so without login with domain its not possible to demote DC i think. Even i tried to login by disconnecting the netwrk cable also but no luck.
I have one more DC but i am worried that how to fix this server.
0
 
AwinishCommented:
You can remove this server from network & then perform metadata cleanup using below articles.
Transfer services to other, format the server, install fresh OS & promote the server back using DCPromo. This is the better solution i can think of.

FSMO role transfer
http://www.petri.co.il/transferring_fsmo_roles.htm
Metadata cleanup for windows 2003
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Metadata cleanup for windows 2008
http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx
0
 
Leon FesterCommented:
You can only login to a DC with a domain account, the local accounts exist only the SAM database. Domain Controllers use the Active Directory database for authentication, and as such cannot authenticate using a local account.
http://technet.microsoft.com/en-us/library/cc785020(WS.10).aspx

I'm guessing that that server is already not a Domain Controller, no matter what you tell it or what names you call it.

You've got another domain controller running so rather just seize the roles if needs be and then do the metadata cleanup as mentioned by Awinish.

You can then rebuild the old DC and promote it again.
0
 
vijaygoturAuthor Commented:
thanks all of you for the help

thanks a lot
0
 
vijaygoturAuthor Commented:
Above solutions partially helped me and i end up with creating the new DC instead of bringing up the problematic DC .
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now