asked on

Windows 2003 AD broken trust/wrong password ??

Hi all Windows AD experts

I run into a problem which I thought was easy to fix... but is not. Hence my brief posting below

1. Running MS AD, all servers (PDC, BDC, Members) are 2003.. All servers in VMware environment. One forest, one domain

2 I had to restore one of the BDCs from a 6-week old backup. As expected I am getting the Event 3210 netlogon error

I have attempted to fix the problem by taking the following steps

Run NETDOM RESET MYBDC /SERVER:MYPDC /DOMAIN:mydomain
What I got

T]he secure channel from MYBDC to MYDOMAIN was not reset
Access is denied

Went back and run NETDOM RESETPWD command which completed successfully

Run NETDOM RESET again, same results as above, Access is denied

I think I am doing something wrong... can someone point me in the right direction ?

Cheers

Bibecu

d3ath5tar

if all the server was doind was bdc, why restore it from a backup? If you did a system state restore you may have broken it's links in active directory and ntds.

Would be better to do a demote, remove all references to it being a dc and promote back in again.

Joe Bibecu

ASKER

Thanks, let me try and get back

Cheers

ASKER CERTIFIED SOLUTION

Darius Ghassem

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

rsoly777

I also agree with D3ath5tar it makes no sense to restore it just rebuild it from scratch is going to be a more precise and up to date.

ActiveDirectoryman

Yea I agree with both Experts. You will save more time if you clean up active directory and then promote the server to a dc again. Doing that will restore/recreate the secure channel.

Joe Bibecu

ASKER

This worked , thanks