We help IT Professionals succeed at work.

I was forced to rebuild my SBS 2003 server from the ground up.  Now the trust relationships are broken and i can't log in

I was forced to rebuild my SBS 2003 server when it got corrupted by virus protection.  After formatting the disk and reloading the O/S and installing all the updates, I tried to login from one of the client machines.  I get an error " The security database on the server does not have a computer account for this workstation trust relationship. " and it won't let me log in.  I tried the Administrator login and password and it still won't let me.  So, I'm locked out of my client PCs.
Comment
Watch Question

Most Valuable Expert 2015

Commented:
You must restore all your user data from your backups, or if something with the backup restore didn't work, create the new account. Then logon to the PC's locally first, and after that rejoin them to the domain.

Author

Commented:
Of course, my backups are no good.  (I know I should have tested them before this.)

I have tried logging in to the clients locally and they won't let me.  I'm trying what I believe to be the correct userid and password.

What do you mean "Create the new account?"

Commented:
You would basically need to create all the user accounts again, then log onto the client PC's locally and re-join them to the domain.

If you don't know the local administrator user account password for the client PC's, you will have to use some form of boot disk to reset the password on each PC...

-Ninjatek
Most Valuable Expert 2015

Commented:
You have to create the user accounts of the users again on the server, then join them to the domain again. If you can't restore the accounts from your backup the ID's will be different, even if you give them the same name etc. So you have to rejoin the domain on the PC's. If you can't logon locally it is possible there was a policy in place that disabled local accounts. If that is the case I think you'll also have to reinstall the PC's. I don't think you can cheat such policies, but I'm not sure about that.

Author

Commented:
.. I was able to get logged into  a client.  I disconected the rj45 and rebooted the computer and it allowed me to log in with the cached authentication.  So.. I'm logged in.  I can now reconnect the network.  What should I do to re-establish the trust relationship?

(Note:  I only have 8 computers in the domain.)

Author

Commented:
I created the users before attempting to log in.

My new domain name is the same as the old one.

Commented:
Great, now either reset the local administrator aaccount (and make sure it is enabled) or create a new user (with local admin). Then take the PC off the domain (Make it part of a workgroup); Then Restart and log in using the local admin details you now have. Now you can join it to the domain.

Unfortunately there is no 're-establising the trust relationship' as this is a completely new domain now...

-Ninjatek
Most Valuable Expert 2015

Commented:
With logon locally we didn't mean to use cached credentials. Your still logging on to the domain account that way. You need to logon to the local PC account. When you get the logon display, you should be able to choose between the domain and workstation. Here select the workstation, and then logon with the local PC's admin account. Then delete or move the old domain profile if it is on the local PC, and after that start the domain joining wizard again.

Author

Commented:
On the windows 7 machine, there I could not find a way to enable a local administrator.

I was able to migrate the profile to the new domain using profwiz3 from forensit.com.  It worked great on my XP system.  It joined the domain and applied the new domain's sid to my files.

On the windows 7 machine, it created a new profile and copied some of my files into it.  How can I tell which pofile I am currently using?  It was not able to join the domain however.  I had to disconnect the machine from the network, boot it, log in, reconnect the network.  Then I went to the system properties page and joined a workgroup, then immediatly joined the domain again

before I did this, when I logged in, I got a new desktop.  After this, I got my old desktop back.  Everything seems ok... but. . . Outlook is not happy.  I won't read the OST files.  So "something" is still not right.

I can login to the domain, and it gives me my old desktop.  I seem to have access to all my data.  I can even open the OST File in an editor..



Most Valuable Expert 2015

Commented:
Since you don't have a working backup, and you do have OST files, I'd first of all look for an app that can convert OST files to PST files, then import those PST files to the exchange server, that way you'd at least be able to restore the exchange data, and after that on PC's that aren't notebooks and that aren't being used when not in the company, setup the proper exchange account with caching mode disabled. You don't need caching enabled on stationary PC, that just increases the resources needed, but do make sure your backups work! You only need caching enabled on PC that are used when traveling and therefore which aren't always connected to the exchange server, like Laptops, and so OST files should normally only be available on those.

Author

Commented:
I got to a point where I'm trying to get Exchange working.  I tried to add a port to the firewall.  The wizard gets an error if I try to enable or disalbe any ports in the firewall.  At this point, if I just run the wizard and say make no changes, it still gets an error on the firewall configuration.

Why might this be?
It seems that SBS 2003 fully patched will not allow any of its configuration wizards  to run.

Therefore, I got new hardware and upgraded to SBS 2011.

Author

Commented:
It seems that SBS 2003 fully patched will not allow any of its configuration wizards  to run.

Therefore, I got new hardware and upgraded to SBS 2011