[Last Call] Learn how to a build a cloud-first strategyRegister Now


Broken trust after restoring domain controller?

Posted on 2014-08-18
Medium Priority
Last Modified: 2014-08-18

We had to do a complete restore of one of our domain controllers. This server was not the primary domain controller.

After the restore I am unable to communicate with the server. If I log in from a domain computer I get an error saying "An authentication error has occured. The specified network password is not correct. Remote computer: COMPANY-DC2".

If I log in using the ip address instead of server name from a computer outside the domain I am able to log in. Once I am logged in I am able to reach network shares on the primary domain controller.

From the primary domain controller I am unable to reach the restored domain controller using the fqdn. When using the IP address I can access the network shares.

If I log in to the primary domain controller and open "Active directory users and computers", right click on the very top item (Active Directory Users and Computers [COMPANY-DC1]) and select "Change domain controller" I am presented with a list of my domain controllers. All the servers are listed as "Online", but if I try to select "COMPANY-DC2" I get an error saying "The following comain controller could not be contacted. A local error has occured".

I think the trust relationship between the restored domain controller and the primary domain controller has broken.

Any tips on how to resolve this is greatly appreciated :)

The servers are running Windows Server 2012 R2.
Question by:cegeland
1 Comment

Accepted Solution

cegeland earned 0 total points
ID: 40267492

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question