• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Windows 2003 AD broken trust/wrong password ??

Hi all Windows AD experts

I run into a problem which I thought was easy to fix... but is not. Hence my brief posting below

1.  Running MS AD, all servers  (PDC, BDC, Members) are 2003..  All servers in VMware environment.  One forest, one domain

2   I had to restore one of the BDCs from a 6-week old backup.  As expected I am getting the Event 3210 netlogon error  

I have attempted to fix the problem by taking the following steps

Run NETDOM  RESET MYBDC /SERVER:MYPDC /DOMAIN:mydomain
      What I got

       T]he secure channel from MYBDC  to MYDOMAIN  was not reset
        Access is denied


Went back and run NETDOM RESETPWD command which completed successfully

Run NETDOM RESET again, same results as above, Access is denied

I think I am doing something wrong... can someone point me in the right direction ?


Cheers

Bibecu


   
0
Bibecu
Asked:
Bibecu
1 Solution
 
d3ath5tarCommented:
if all the server was doind was bdc, why restore it from a backup? If you did a system state restore you may have broken it's links in active directory and ntds.

Would be better to do a demote, remove all references to it being a dc and promote back in again.
0
 
BibecuAuthor Commented:
Thanks, let me try and get back

Cheers
0
 
Darius GhassemCommented:
Actually there is no reason to restore Active Directory you just need to run a metadata cleanup to remove lingering objects from failed DC. Once you have done that you can promote the server again no reason to restore AD.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rsoly777Commented:
I also agree with D3ath5tar it makes no sense to restore it just rebuild it from scratch is going to be a more precise and up to date.
0
 
ActiveDirectorymanCommented:

Yea I agree with both Experts.  You will save more time if you  clean up active directory and then promote the server to a dc again.  Doing that will restore/recreate the secure channel.
0
 
BibecuAuthor Commented:
This worked , thanks
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now