[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2892
  • Last Modified:

Server 2008, cant change password - HELP!

Server 2008 R2 Not a domain controller! Part of a workgroup.

When trying to Change Password via Ctrl + Alt + Delete I get: "configuration information could not be read from the domain controller, either because the machine is unavailable, or because access is denied"

I don't understand :/
0
triphen
Asked:
triphen
  • 10
  • 6
  • 2
  • +1
1 Solution
 
Cliff GaliherCommented:
It sounds as though this machine is/was part of a domain and perhaps was not properly moved back to workgroup mode.  A login would still work in such circumstances if credentials got cached, but password changes would fail.
0
 
triphenAuthor Commented:
Server was never a part of a domain :/

My user is a part of the admin group and only that group...
0
 
Cliff GaliherCommented:
Did hoi check the system properties to verify that your machine is still in a workgroup? Perhaps it hot domain joined on accident, or even possibly maliciously (malware, etc) because architecturally, you just wouldn't get the message you describe any other way.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
triphenAuthor Commented:
100% not currently part of a domain.
100% never part of a domain.
Malware might be it, even though I doubt it.
Has to be some stupid option somewhere :/
0
 
MaheshArchitectCommented:
Reboot server in directory service restore mode

Then run dcpromo /forceremoval command from run menu

Follow on screen instructions and finally set new password and reboot

Upon reboot check if you can logon without any issue

Mahesh
0
 
Andy MIT Systems ManagerCommented:
What happens if you try to change the password from the Computer management screen?

1. Open start menu > right click on "Computer" and click "Computer Management" or "Manage". If this is not available you can also try going to Start Menu > Administrative Tools > Computer Management
2. In here open System Tools > Local Users and Groups
3. Expand Users and right-click on the local account you want to change the password for, should give you the option to "Set Password".
0
 
triphenAuthor Commented:
Set Password is not the same as Change Password.

By setting password your break the Windows SID corrupting all programs that use the Windows SID. In fact, a big warning popups informing you of this if you chose Set Password from Computer Management. This is why I need to Change Password vs Set Password.


Again, this server was never a part of a domain.
0
 
MaheshArchitectCommented:
If the server is not part of domain, what's the difference in change password and reset \ set password ?

The sid will never change no matter how much time you set password

Previously I thought that you are unable to login to server

Check your server dns settings, it might be pointed to non existent DNS server (AD server) causing this issue

If you are able to logon locally I don't see any harm in setting password through lusrmgr.msc or compmgmt.msc
I have done this kind of password set and it has not broke any thing on my app servers

Mahesh
0
 
triphenAuthor Commented:
Mahesh,

I can login no problem. I just need to change the password.

See attached. This warning is displayed if you do Set Password vs Change Password. Read carefully. I personally have lost data using EFS (encrypted file system) then changing the password using Set Password method. Also, some applications I use WILL give problems if the password is changed using Set Password vs Change Password.

DNS is pointing to the gateway.
setpassword.png
0
 
triphenAuthor Commented:
Running dcpromo /forceremoval brings up AD Setup and asks to join existing forest or create a domain in a new forest.
0
 
MaheshArchitectCommented:
After you reset the password of an account on a Windows XP-based computer that is joined to a workgroup, you may lose access to the user's:
•Web page credentials.
•File share credentials.
•EFS-encrypted files.
•Certificates with private keys (SIGNED/ENCRYPTed e-mail).

http://support.microsoft.com/kb/290260

If you don't have EFS on this workgroup server (I believe its not), you can safely ignore warning message and can reset password
Even if you have EFS, just export EFS certificate \ any other certificates with private key from local certificate MMC personal store 1st and then reset password

Mahesh
0
 
Andy MIT Systems ManagerCommented:
If you create another account on this server (that has same rights as the current account) and try to change the password does this work fine or come back with same problem?
0
 
triphenAuthor Commented:
Mahesh,

Research this error "-2146893813". This is what happens to certain programs if you change your password using Set Password vs Change Password.

I cant login out of the current user as it will stop critical services :/
0
 
MaheshArchitectCommented:
I have checked on internet
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/e5f582b4-7336-4f64-995f-7b1ba94a15d4/win32-error2146893813-with-sql-2005-on-xp?forum=sqldatabaseengine

one found related to this

other also facing this issue but for some other reason

But I never faced this issue on any app servers

You may try with net user command
net user administrator password

This will change it without any warning and hopefully not break any thing on server
Also just check on the server any thing (service) is not running under security context of administrator

Mahesh
0
 
triphenAuthor Commented:
This is a specific app that breaks if you Set the password.

net user command also breaks, because you don't enter the old password :/
0
 
MaheshArchitectCommented:
This is strange behaviour
Sorry, I am running out of ideas
Some another expert will help hopefully

Just wondering if application has provision to make any password changes or its behaviour changes ?
0
 
triphenAuthor Commented:
Thanks for your efforts!

I don't understand you question...can you rephrase?
0
 
MaheshArchitectCommented:
What i mean, if you could change the application behaviour so that it will not remains depends on admin password
may be this is out of your scope \ skill set, but I really don't see any option other than that
if normal Ctrl+Alt+del is not working...

have you checked that server is pointing to any orphaned DNS server and causing you getting error during Ctrl+Alt+del

One option is there but not affordable if above option still not working..
Run sysprep on server and change its SID
But I believe this will break application and more even it will break server windows activation, you may need to reactivate windows but it will hopefully resolve your standard password change option
I don't know how simple \ hard is to fix braked application after running sysprep
0
 
triphenAuthor Commented:
When in doubt, restart :)

Restart on the server fixed it. Strange huh?
0
 
triphenAuthor Commented:
Restart was the only thing that resolved the issue.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 10
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now