?
Solved

Locked out of Server 2008 R2 - 2nd revision

Posted on 2014-08-09
18
Medium Priority
?
833 Views
Last Modified: 2014-08-11
Server 2008 R2 was a member server in Server 2003 Standard domain. I created a new domain when adding Active Directory but it didn't prompt me for users on the new domain other than Directory Services Restore Mode Admin.

Consequently I can't logon to new domain. F8 sends me to a Bitlocker Recovery Key screen rather than DSR Admin.

How can I get into server? Can I establish trust on the Server 2003 side?

I closed this prematurely on the other thread,
0
Comment
Question by:Randy Downs
  • 11
  • 7
18 Comments
 
LVL 16

Assisted Solution

by:Chris H
Chris H earned 2000 total points
ID: 40251190
Here's a link to the NT password offline editor:

http://pogostick.net/~pnh/ntpasswd/cd140201.zip

I'm pretty sure this can be used on the domain controller to enable and reset to blank, the admin password.,  I've had luck on just 2008, but not 2008 R2.

http://pogostick.net/~pnh/ntpasswd


Also, I saw this solution:

http://blogs.technet.com/b/meacoex/archive/2011/08/15/reset-your-windows-sever-2008-r2-domain-controller-administrator-password.aspx

It’s possible to reset your Windows Sever 2008 / R2 Domain Controller administrator password using your installation CD.

 

1. Restart your Windows server 2008 DC with the installation CD


2. Choose your language and click next


3. Select your partition and installation version and click Next


4. Click on Comm and Line Prompt

 

5. Change directory to the access the system 32 directory. Then your original C:drive is changed to D: or E: depending on the number of drive and partitions you have on that system.

 

6. Rename the file Utilman.exe to Utilman.exe.bak using the comm and Copy Utilman.exe Utilman.exe.bak.

 

7. Using Command Move Cmd.exe Utilman.exe to move CMD.exe file into Utilman.exe. Press O or Y to accept after that restart your Computer normaly

 

8. At the user logon screen, press a combination of Windows KEY+U, then the CMD.exe will appear. Type net user “Username””new password”;

 

Then your system Admin Password is reset. Please don’t forget to rename back Utilman. Exe ->Cmd.exe and Utilman.exe.bak-> Utilman.exe after getting back access
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251202
Will this work on an encrypted drive? I get prompted for a Bitlocker key. I hope someone has the key but the computer disks & such are in storage & the company that originally setup the server is off until Monday.

In retrospect I should have done recovery disks, full backups and waited on all the other work I put into this server.
0
 
LVL 16

Assisted Solution

by:Chris H
Chris H earned 2000 total points
ID: 40251210
http://dougvitale.wordpress.com/2012/01/05/reset-windows-passwords-with-offline-nt-password-registry-editor/

Please note that the Offline NT Password & Registry Editor (‘Offline’) home page states: “If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE and cannot be recovered unless you remember the old password again“.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 16

Assisted Solution

by:Chris H
Chris H earned 2000 total points
ID: 40251215
http://www.grouppolicy.biz/2010/10/how-to-enable-a-disabled-local-administrator-account-offline-in-windows-7-even-when-using-bitlocker/

How to enable a disabled Local Administrator account offline in Windows 7 (even when using BitLocker)

http://www.winhelp.us/reset-windows-passwords-with-offline-password-editor.html

For the program to work, the hard disk or partition where Windows is installed must be unencrypted - no BitLocker, TrueCrypt or other encryption is supported here. In case of TrueCrypt, you should use Rescue Disk for decrypting system drive first.

Seems the answer is no.  If you can get me the NTLM hash for an administrator account, I can crack it for you.  

http://blog.quarkslab.com/quarks-pwdump.html

I believe the binary code link is in the comments section.  Found this interesting:

Quarkspwdump does not dump anything in memory like hash or plaintext credentials. It only uses the windows registry to retrieve stored hash or the ntds file when dealing with domain credentials or bitlocker. Actually it's a choice but yes there are many techniques to retrieve plaintext passwords; however MS made a lot effort to kill them with win 8/8.1.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251227
I don't know if it's the entire drive or just user files. The user files are of no consequences since it was the old domain users just logging on. F8 sends me to the Bit Locker screen if that's an indicator.

This server was a member of a 2003 domain and probably should have been removed prior to adding Active Directory.
0
 
LVL 16

Assisted Solution

by:Chris H
Chris H earned 2000 total points
ID: 40251230
You could clone it, reset one admin password on the clone, do a pwdump of the NTLM hashes, and then we could crack the NTLM hash and you could use the password on the live machine without effecting it.
0
 
LVL 16

Expert Comment

by:Chris H
ID: 40251231
That's assuming there's a second admin account...
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251232
I can't login to the server so no idea how I would get the NTLM hash.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251240
The thing is that Active Directory installation didn't ask for any users to be created. I assumed that the domain administrator account would use the credentials of Directory Services Restore Mode Admin since that's the only account it created a password for.

If I try to login as admin as I would in Directory Services Restore Mode Admin mode it acts like it's logging in but comes back & tells me I have the wrong credentials. I guess it knows the credentials are good but it's in the wrong mode.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251260
I downloaded Quarkspwdump

I guess the idea is to break into the server then try to crack Bitlocker code, right? Is it possible to encrypt the O/S drive?
0
 
LVL 16

Assisted Solution

by:Chris H
Chris H earned 2000 total points
ID: 40251264
Don't do anything without a backup.  And yes, the idea would be to hack into the backup or clone.  But this would only work if you had a second admin account on the server.

You would disregard the damage done by nuking the efs and reset the local admin password.  Then, once in, do an NTLM hash dump.  Find a second admin and then crack that password.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251272
Unfortunately I don't have a backup & no other admin accounts were created for this new domain but there are a number of admin accounts on the domain that it was a member of.

Here's the scenario. Server 2008 R2 was a member of 2003 Standard domain. We didn't have the DVD for adprep so decided to create a new domain by adding Active Directory. That went fine & it asked for a Directory Services Restore Mode Admin password. All went fine & it said it needed a reboot. Since then we have been unable to login.

Server 2008 R2 knows about the previous domain but doesn't have a trust relationship so won't let me logon with the old domain credentials either.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251296
OK so Offline NT Password & Registry Editor won't work to unlock server & the DVD won't fair any better on encrypted files, right?

This is not a virtual so no idea how I would clone. The only backups we did are Log me IN data and they don't even respond with the server down.
0
 
LVL 16

Accepted Solution

by:
Chris H earned 2000 total points
ID: 40251319
I believe the domain controller's local administrator account and it's password assigned at installation should be the admin account.  Did you guys rename the local admin account maybe?
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251327
I didn't set the server up initially. I was logging onto it with the 2003 domain accounts of which it was a member server.

I added Active Directory & rebooted expecting to be able to login as Administrator on the newly created domain.

I don't know if the local admin account of the server was renamed. I didn't even try logging on  without the domain. Is that even possible on a domain controller?

I guess I could try logging on like this:
servername\Administrator

Currently it defaults to the old domain which it doesn't trust and logon as a new user wants to logon to the new domain.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251334
There is no local admin account on domain controllers.  The only option is to login with F8 which is encrypted in my case.

The administrator account on the 2003 domain was not changed but it's not trusted. Perhaps I could trust it from the 2003 end. Would that help or is it possible?

Never got to logon since the creation of the new domain so no accounts created or renamed.
0
 
LVL 30

Author Comment

by:Randy Downs
ID: 40251349
Trusting from the 2003 domain is apparently a dead-end. I can't add the domain or browse to it.

Maybe I am trying to logon to the domain incorrectly.

I named the domain like this
corp.example.com

I assumed I could logon as
corp\Username

I also tried
corp.example.com\Username
0
 
LVL 30

Author Closing Comment

by:Randy Downs
ID: 40254818
Thanks for all the timely information.

Fortunately the company that installed the server had working credentials. Strangely enough they only worked on a remote connection. They also had the Bitlocker Recovery Key.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question