Second server not trusted by Domain Controller since DC replacement

Hi All,

I have a client with 2 servers.  1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC.  This 2008 Server is a replacement for their old server which went bang a few months ago.

Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server.  I've just logged onto the Oracle Server and have noticed the following 2 events in the log:

The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.LOCAL The failure code from authentication protocol Kerberos was "The specified user does not exist. (0xc0000064)"

The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request.  This may lead to authentication problems.

Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.

Many thanks

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew CliffSenior Technical ConsultantCommented:
Sounds like the 2003 Server may be trying to register it's SVR record with the old DC.
Do you have 'Do not register in DNS' selected on the interface? Also do you have one or two NIC's installed on the 2003 Server?
amlydiateAuthor Commented:

We  only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.

If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:

Could that second IP address in the list be causing problems as it's in the wrong subnet?

(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)

I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.


Justin CAWS Solutions ArchitectCommented:
Are either of those IP addresses correct for the new DC?
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Andrew CliffSenior Technical ConsultantCommented:
Definitely check those two IP's. If the second one is in the wrong subnet then remove it (you should the IP of the new DC as the only one).
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
amlydiateAuthor Commented:
HI All,

The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?

Also just checked and the DNS role of this particular servfer is not installed.  Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?

Please excuse my ignorance and I really appreciate your help so far.
Andrew CliffSenior Technical ConsultantCommented:
You don't need to install DNS on the database server.
And I think it is safe to remove that IP ( from the adapter settings. Make a note of it and monitor.
amlydiateAuthor Commented:
OK have removed the second IP address. I also noted that Netbios had been turned off on the database server, I've turned that on and I can now ping the database by both name and IP address from client machines but I cannot view shares. When I try to open the dbserver using \\db-server in the run line I get "\\db-server is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request.
Andrew CliffSenior Technical ConsultantCommented:
From the database server can you run ipconfig/ registerdns and give it 15 minutes. Then from the client try and access the share using the IP (\\\) then the nodename.
amlydiateAuthor Commented:
Thanks for the suggestion, have just done this and will report back after 15 minutes
amlydiateAuthor Commented:
I;'ve spotted a lot of the following errors in the log recently: Don't know if it's relevant

Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
amlydiateAuthor Commented:
OK a bit of progress but still not working. I can browse and read files shared on the DC from the database server, however I still can't do the important thing which is browse shares on the database server from the DC or domain clients. The db server is visible from the dc server if you view the whole network but if you double click on it you get an error saying: DBServer is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Andrew CliffSenior Technical ConsultantCommented:
Is it possible for you to remove the DB server from the domain then re-join.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amlydiateAuthor Commented:
I was thinking that but whoever setup the server is long gone and I'm afraid if I did that I wouldn't know the local password. Is there a way of resetting the local password or creating a new local user account from the server while part of the domain?
amlydiateAuthor Commented:
Thank you, that did the trick!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.