We help IT Professionals succeed at work.

Trust Problem

jmohan0302
jmohan0302 asked
on
I am currently facing trust issue and I am getting the following error whenever we try to open the Active directory Domains and trusts console:
 
     " The configuration information describing this enterprise is not available. Then target Principal name is incorrect"

So I browsed and I found the solution to reset the computer account using the following command:

           
netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password
 
Could any one tell me what would be the impact of this command or what exactly this command will do? I would also like to know what are all the pre-requisites for running this command?

Thanks
Comment
Watch Question

The command will reset the computer account password. This password is used by the computer to create the secure channel used for signed traffic. The computers itself will initiate a password change every 30 days.

Pre-requisites:
1. disable the KDC service on the "bad" DC.
2. reboot
3. change the password with netdom (or PowerShell)
4. set the KDC service to automatic and start it.

/server = healthy DC
run netdom from the "bad" DC.

Symptons of a broken SC: http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx

Author

Commented:
HI,

I am going to run this command against the PDC emulator, so do I need to change this role to other DC before I run this command?

Thanks
It's not necesssary to run it towards the PDCe. The tool was writtent back in the NT days, so only if you have a NT domain you'll have to run it towards the PDCe.