• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Cannot join domain or rename PC

I have a small domain controlled by a 2003 DC.   I have replaced an old XP machine with a new W7.  I was able to join both PCs to the domain. Later, I discovered that I could not RDP to either PC- recieved a message that the primary trust had failed.  I can log onto the PCs as the domain users and with the local administrator account but get access denied when I try to log on locally as the domain admin.  I can rename the PCs on the domain but cannot remove them from it.  I have reset the computer accounts in active directory with no change and then deleted and later re-created them in the A/D console- still no change.  Netdom gives me access denied and I get the same thing if I try to manage the PCs from teh DC's console.

I realize that's a lot of info- but I've been at this for a couple of days.  Let me know if any clarification is needed.
0
STS-Tech
Asked:
STS-Tech
  • 13
  • 4
  • 3
  • +1
3 Solutions
 
SebastianAbbinantiCommented:
Unjoin the PC. Then Reset or delete the computer account in active directory.

Then rejoin the PC.

This should solve the issue.

Thanks,
S.
0
 
STS-TechAuthor Commented:
I get 'Access is Denied' when I try to unjoin.  I've tried using the Domain Admin and Local Admin accounts and have tried with the network cable unplugged as well.
0
 
Norm DickinsonGuruCommented:
Look in the Users section of control panel to see what local users are able to authenticate on this computer and choose one that has administrator access.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
STS-TechAuthor Commented:
I checked the local admin group- there were two string variables that I suspect were domain admins and domain users.  I re-added both groups along with the Domain Administrator account.  When I closed this and went back in all three had reverted to string variables.  

I then tried to "create" the domain admin as a local user- but recieved a message that the primary trust had failed.
0
 
SebastianAbbinantiCommented:
Add the Administrator user to the local user group.

Thanks,
S.
0
 
STS-TechAuthor Commented:
The local administrator is already in the local user group (of course).  As far as I know it's not possible to add a domain account as a local user.  I did check to make sure the domain admin group, domian users group, and Administor account from the domain are all local admins- everytime I open the group up they show up with SIDs only.  I can remove and re-add them but it's still the same when I re-open the local admins group (I realize that is a bit confusing- but don't know how to explain any better).
0
 
Norm DickinsonGuruCommented:
Perhaps in safe mode?
0
 
STS-TechAuthor Commented:
Buttons to change or open network wizard are greyed out in safe mode.  Trying a system restore now.
0
 
STS-TechAuthor Commented:
After the System Restore the Keyboard and mouse don't work. I'm taking the XP machine back to the shop and rebuilding it. That doesn't fix the problem- but I'm running out of time. Keep any suggestions coming and if I find a solution I will post it.

I still think this is a server (or domain) issue- but everything on the server looks fine.
0
 
SebastianAbbinantiCommented:
Rebuilding the machine will certainly fix the problem. Just delete the computer account in AD before you try to join it again.

Thanks,
S.
0
 
HonezCommented:
is the machine using the DC for its DNS?
0
 
STS-TechAuthor Commented:
I suspect it will.  I'm just hoping I don't have to do the same for the new W7 machine.  The only symptom the user is seeing is that he can't RDP to his workstation- I've worked around this by installing LogMeIn for him so it's kind of a non-issue right now.  

But naturally for the likes of us- I want to know what's causing the problem...
0
 
STS-TechAuthor Commented:
In answer to Honez- yes.  DC is primary DNS with 8.8.8.8 (Google) as secondary.  I've tried hard-coding and DHCP with no change.
0
 
SebastianAbbinantiCommented:
That is an issue. The PC must use an Active Directory Integrated DNS Server.

Thanks,
S.
0
 
STS-TechAuthor Commented:
Not sure I follow you- the DC is about as integrated as you can get.  Google is on just as secondary (lets the folks get online when the server is rebooting).
0
 
HonezCommented:
This may seem redundant, but it is clear that the computer is not correctly communicating with AD.  Try to create a new local account on the machine, then add the local account to the administrators group.  Log in as the new account and attempt to join a workgroup, thus disjoining from the domain.
0
 
STS-TechAuthor Commented:
Status update:  I'll be rebuilding the XP machine tomorrow.  I'll return it when another new W7 PC arrives for delivery.  I will find out then if the new PC and the rebuilt one can join the domain and thus, if there is something wrong with the domain itself or just those two workstations.  I shall let you know my findings- and I will try Honez's suggestion on the W7 already in place.
0
 
STS-TechAuthor Commented:
Just got a call from the user (who is two hours away) that now he can't log onto the PC locally- same "trust relationship failed" error.  I've logged onto the computer via RDP and created a new local admin, then logged on as that user and attempted to join a workgroup, using "domain\localadmin" as the user name.  STILL getting 'Access Denied'.  I'm at my wits end.
0
 
HonezCommented:
Althought this isnt the solution, when it asks for username and password while disjoining the domain, use the local username and password that you created.

But we shouldnt need to do that.

Ok, So the computer is at a remote site?  How is the site connected?  Are there other computers at the site?  Are there any DC's at the site?

If there are other computers at the site, are they in the same OU as the problematic computer?
0
 
STS-TechAuthor Commented:
I've tried the local admin password (with and without the domain\ ).  I also created a new domain admin account, logged in locally and tried disjoining with it- no luck.  Something is definitly broken.  

However (and not dismissing your other questions, but it may no longer be pertinent).  I ended up going there yesterday and after discussing the options with the site owner I've decided to decommission thier DC.  This has been a loose plan for some time as the company has downsized from 15 employees to 4.  I created a local account on the trouble PC (the new W7), installed the second new PC (which finally showed up) then moved thier shared network files off the server to the PCs and set up workgroup file sharing.  Finally I modified the login script on the server to refect the new mapped drives (with embedded local credentials) for the two PCs that are still using domain accounts.  I'm going back Thursday and creating local accounts on them- I'll be curious to see if they (the two remaining old PCs) can be removed.  In either case- once that's done I pull the network cable on the server and after a few hours I'll down it.

Then on my next visit I'll take it back to my house and shoot holes in it.
0
 
STS-TechAuthor Commented:
As I suspected- even the PCs previously untouched (and already on the domain) could not be removed- even after the server was shut down.

I guess this one will remain a mystery.
0
 
STS-TechAuthor Commented:
I appeciate the help of all those who participated- I will distribute points (hopefully) equally.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now