We help IT Professionals succeed at work.

2K3 Member IIS server can't log into domain

sjalbert asked
Last Modified: 2012-02-21
I have a test 2K3 Member server that is running IIS (v6.0).  It is a VM and was reverted to a snapshot about 4 days old.  After doing this, attempts to loginto the domain fail. System Event ID 3210
"This computer could not authenticate with %dcin.mydomain.com, a Windows DC for domain %MY_DOMAIN, and therefore this computer might deny logon requests.  This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message apears again, contact your system administrator."  
All network and DNS issues have been ruled out.
After doing some research I have a hunch that the issue is the computer account password that by default changes every 30 days is out of sync.
Attempts to reset fail trying to use :
NetDom reset svrname /d:%mydomain.com /uo:User@mydomain.com /po:*
with a result of the Logon Failure: The target account name is incorrect.
when trying to use the local admin account of the target server.. I get Logon failure: unknown user name or bad password.
If this were any other server that wasn't running IIS.... I would just remove it from the domain and rejoin it and move on with my life.  <sigh> But I don't know what effects doing that would have on IIS.
After I get through this I'm goin got set HKLM/system/currentcontrolset/services/netlogon/paramerters/DisablePasswordChange to "1"
But until then I'm not sure if the "NetDom reset" command is even the correct thing to do short of readding the server to the domain.
Watch Question


Also, Reseting the computer account in AD Users & Computers did not help.
You are in a mess.  I am not sure if MS can help in this situation.  I have had similiar issues in the past and the only solution was to disjoin and rejoin the server to the domain.

I understand this server has IIS.  But, how would this affect IIS when you disjoin and rejoin the domian.
This one is on us!
(Get your first solution completely free - no credit card required)


Though going through the process of adding it back to the same domain via NETBIOS name instead of disjoining and rejoining is not realy a change, there is less of a risk of lose of functionality for the unknown with IIS and a new SID.  However not knowing what the old SID was, it is unknown if a disjoin and rejoin would have any effect at all on IIS as what I did  is unknown if it created a new SID.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.