Joe Bibecu
asked on
Windows 2003 AD broken trust/wrong password ??
Hi all Windows AD experts
I run into a problem which I thought was easy to fix... but is not. Hence my brief posting below
1. Running MS AD, all servers (PDC, BDC, Members) are 2003.. All servers in VMware environment. One forest, one domain
2 I had to restore one of the BDCs from a 6-week old backup. As expected I am getting the Event 3210 netlogon error
I have attempted to fix the problem by taking the following steps
Run NETDOM RESET MYBDC /SERVER:MYPDC /DOMAIN:mydomain
What I got
T]he secure channel from MYBDC to MYDOMAIN was not reset
Access is denied
Went back and run NETDOM RESETPWD command which completed successfully
Run NETDOM RESET again, same results as above, Access is denied
I think I am doing something wrong... can someone point me in the right direction ?
Cheers
Bibecu
I run into a problem which I thought was easy to fix... but is not. Hence my brief posting below
1. Running MS AD, all servers (PDC, BDC, Members) are 2003.. All servers in VMware environment. One forest, one domain
2 I had to restore one of the BDCs from a 6-week old backup. As expected I am getting the Event 3210 netlogon error
I have attempted to fix the problem by taking the following steps
Run NETDOM RESET MYBDC /SERVER:MYPDC /DOMAIN:mydomain
What I got
T]he secure channel from MYBDC to MYDOMAIN was not reset
Access is denied
Went back and run NETDOM RESETPWD command which completed successfully
Run NETDOM RESET again, same results as above, Access is denied
I think I am doing something wrong... can someone point me in the right direction ?
Cheers
Bibecu
ASKER
Thanks, let me try and get back
Cheers
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I also agree with D3ath5tar it makes no sense to restore it just rebuild it from scratch is going to be a more precise and up to date.
Yea I agree with both Experts. You will save more time if you clean up active directory and then promote the server to a dc again. Doing that will restore/recreate the secure channel.
ASKER
This worked , thanks
Would be better to do a demote, remove all references to it being a dc and promote back in again.